Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.6250.26408.exe

Overview

General Information

Sample name:	SecuriteInfo.com.FileRepMalware.6250.26408.exe
Analysis ID:	1477172
MD5:	3402ace96c294551f3d207b10740a36a
SHA1:	3eacaa81aa48978f33e853e987ad19f749acec85
SHA256:	48f926ed55a169042c9155e2a23ac029580c5b5212b4f7deee2f9ea93e19ba4b
Tags:	exe
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to call native functions

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTML page contains hidden javascript code

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

SecuriteInfo.com.FileRepMalware.6250.26408.exe (PID: 3752 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe" MD5: 3402ACE96C294551F3D207B10740A36A)

chrome.exe (PID: 2568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2044,i,11612594567742170903,17690001802971080553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4676 --field-trial-handle=2044,i,11612594567742170903,17690001802971080553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe	ReversingLabs: Detection: 47%
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe	Virustotal: Detection: 57%			Perma Link

Machine Learning detection for sample

Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe

Joe Sandbox ML: detected

Source: https://im.qq.com/index/

HTTP Parser: Base64 decoded: <svg viewBox="0 0 1024 1024" xmlns="http://www.w3.org/2000/svg" width="10" height="10" fill="#fff"><path d="M784 902.4c9.6 19.2 6.4 41.6-12.8 54.4-19.2 9.6-41.6 3.2-51.2-12.8-9.6-19.2-6.4-41.6 12.8-54.4 16-12.8 38.4-8 51.2 12.8zM550.4 984c0 22.4-16 38.4-3...

Source: https://v.qq.com/thumbplayer-offline-log.html?max_age=3600

HTTP Parser: No favicon

Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49874 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 129.226.103.162:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 123.6.105.199:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.136.80:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 129.226.103.162:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.136.80:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 129.226.107.134:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.135.106.65:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.255.220.168:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49966 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006C32DE __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,	0_2_006C32DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00413670 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA,	0_2_00413670
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_0041CA30 FindNextFileA,FindClose,FindFirstFileA,FindClose,	0_2_0041CA30
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00424D50 FindFirstFileA,FindClose,	0_2_00424D50

Source: global traffic

TCP traffic: 192.168.2.5:55334 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 129.226.107.134 129.226.107.134
Source: Joe Sandbox View	IP Address: 129.226.107.134 129.226.107.134
Source: Joe Sandbox View	IP Address: 129.226.106.225 129.226.106.225
Source: Joe Sandbox View	IP Address: 129.226.102.234 129.226.102.234

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49874 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info HTTP/1.1Accept: /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: xui.ptlogin2.qq.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ptlogin/v4/style/40/images/logo.png HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imgcache.qq.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/theme/theme_0.css HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ptlogin/v4/style/40/images/icon_3_tiny.png HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imgcache.qq.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/go_left_ie.png HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ptlogin/v4/style/40/images/onekey_tips.png HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imgcache.qq.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/error_icon_ie.png HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /style/11/images/icon_24_c_3.png HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ui.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10
Source: global traffic	HTTP traffic detected: GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/go_right_ie.png HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.js HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /style/0/images/load.gif HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ui.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/20/images/shouQ_v2/qr_tips.png HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /ptqrshow?appid=1006102&e=2&l=M&s=3&d=72&v=4&t=0.9210375481365429&daid=1&pt_3rd_aid=0&u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /report/007?app=qfingerprint-device-id&url=device-id%2Funsupport&type=1&httpcode=undefined&retcode=9999&cost=10086 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: report.qqweb.qq.comConnection: Keep-AliveCookie: _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /TCaptcha.js HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.captcha.qq.comConnection: Keep-AliveCookie: _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CfV8weymZlKYm7u&MD=wmB1VrEy HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460084247&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /js/c_login_2.js?v=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: xui.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102 HTTP/1.1Host: txz.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460087248&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /mobileqq/ HTTP/1.1Host: im.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/css/other-chunk.08167b84.css HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/css/chunk-vendors.120b3a4b.css HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/vue-chunk.bc9c2585.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/other-chunk.ddf042d1.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/chunk-vendors.952b5fa2.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/css/mobile.73b646b1.css HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /library/latest/qqapi/qqapi.wk.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/mobile.b9db3e97.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460090501&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/mobile.b9db3e97.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /library/latest/qqapi/qqapi.wk.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /aegis/aegis-sdk/latest/aegis.min.js HTTP/1.1Host: cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/other-chunk.ddf042d1.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/vue-chunk.bc9c2585.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460093247&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /aegis/aegis-sdk/latest/aegis.min.js HTTP/1.1Host: cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/chunk-vendors.952b5fa2.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/qq9.03144aa7.svg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/mobile.73b646b1.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/qq9_introduce_poster.afa30316.jpg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/mobile.73b646b1.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ellipse-1.b22a7a9f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/mobile.73b646b1.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: im.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://im.qq.com/mobileqq/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac
Source: global traffic	HTTP traffic detected: GET /sdk/4.5.16/beacon_web.min.js HTTP/1.1Host: beacon.cdn.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp HTTP/1.1Host: cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /thumbplayer-offline-log.html?max_age=3600 HTTP/1.1Host: v.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1 HTTP/1.1Host: v.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index HTTP/1.1Host: im.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/qq9.03144aa7.svg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ellipse-1.b22a7a9f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/qq9_introduce_poster.afa30316.jpg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp HTTP/1.1Host: cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sdk/4.5.16/beacon_web.min.js HTTP/1.1Host: beacon.cdn.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460096350&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /index/ HTTP/1.1Host: im.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/pc.f8a9f5ae.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/css/pc.b703e4a7.css HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460099355&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /collect/pv?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/js/pc.f8a9f5ae.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/scene-bg-x.6a1a9834.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/qq9logo.2a076d03.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/phone.55b5179d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /thumbplayer-offline-log.html?max_age=3600 HTTP/1.1Host: v.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/im.qq.com/qq9_introduction_poster.jpg HTTP/1.1Host: static-res.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collect/events?payload=%5B%7B%22name%22%3A%22QQ%E6%96%B0%E7%89%88%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5%E6%9B%9D%E5%85%89%22%2C%22ext1%22%3A%22%22%2C%22ext2%22%3A%22%22%2C%22ext3%22%3A%22%22%7D%5D&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/qq9logo.2a076d03.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460102356&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/phone.55b5179d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/poster.712f34ab.jpg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/scene-bg-x.6a1a9834.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-1.9d39f9ad.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/im.qq.com/qq9_introduction_poster.jpg HTTP/1.1Host: static-res.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/poster.712f34ab.jpg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-1.9d39f9ad.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-2.f6af1bfb.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-1.45f490cc.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460105360&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-1.45f490cc.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-logo-1.c1c08300.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-2.f6af1bfb.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-2.bb8e2315.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-4.cf504f86.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-logo-4.2763deef.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-5.fe6684a7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-logo-1.c1c08300.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-logo-5.87d757fd.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-2.bb8e2315.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-5-1.cae9b87a.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460108375&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-logo-4.2763deef.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-6.1dc4108f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-4.cf504f86.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-5.fe6684a7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-7.12c86460.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-8.2357f6e0.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-11.dabd0e54.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-logo-5.87d757fd.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-5-1.cae9b87a.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-logo-11.b87d994b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-6.1dc4108f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-1.b1b04c2f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-2.3e3799e7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-7.12c86460.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-8.2357f6e0.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-3.2b846208.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-4.8c005656.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-11.dabd0e54.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-5.8836fb89.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/guild-logo-11.b87d994b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-1.b1b04c2f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-6.1922815c.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-7.c9b84e44.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-2.3e3799e7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-8.492bed09.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-3.2b846208.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-9.32e87ba4.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460111386&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-4.8c005656.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-10.fdbd43f2.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-5.8836fb89.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-7.c9b84e44.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-me.8d49096f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-yd.e89120ca.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-6.1922815c.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-8.492bed09.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-wz.c59f5aa3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-9.32e87ba4.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-gm.6afa3939.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /speed/performance?dnsLookup=0&tcp=0&ssl=0&ttfb=338&contentDownload=13&domParse=3216&resourceDownload=1070&firstScreenTiming=5540&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-ql.44e6743e.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-10.fdbd43f2.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-me.8d49096f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-xx.0c154e87.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-jy.26b790ff.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-yd.e89120ca.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-wz.c59f5aa3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-sd.a5b9101b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-gm.6afa3939.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-ql.44e6743e.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460114393&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-xx.0c154e87.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-sd.a5b9101b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-1.25daaddf.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/role-jy.26b790ff.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-2.47e8b6d6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-3.13d69f7b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-1.25daaddf.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-2.47e8b6d6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-4.4a2b7aa6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-5.497658cf.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-6.7bfb07b7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-7.814d1434.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-8.c0d3424b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-3.13d69f7b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-9.348ed857.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/im.qq.com/qq9_1080.mp4 HTTP/1.1Host: static-res.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://im.qq.com/Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/bg.252a624b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web/im.qq.com/qq9-introduction.mp4 HTTP/1.1Host: static-res.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://im.qq.com/Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /sdk/4.5.16/beacon_web.min.js HTTP/1.1Host: beacon.cdn.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: "78ce85cf25b73a3e634dcbf283f5c4bd"If-Modified-Since: Tue, 13 Dec 2022 14:47:32 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1 HTTP/1.1Host: v.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-10.de84dd3b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-4.4a2b7aa6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tencentvideo/txp/style/img/loading.png HTTP/1.1Host: vm.gtimg.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460117371&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-11.1e3d5127.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-5.497658cf.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-8.c0d3424b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-7.814d1434.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-12.a1354ef0.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-13.5bb4e455.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/user-profile.a6a93e4d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-6.7bfb07b7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-9.348ed857.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1 HTTP/1.1Host: v.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/boy.c5ae9f89.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-10.de84dd3b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/girl.031060e3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/preview-all.ad0b1649.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/bg.252a624b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-11.1e3d5127.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-1.31d4bb78.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-12.a1354ef0.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-4.a0581c94.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/room-13.5bb4e455.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-5.587b1e5e.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/user-profile.a6a93e4d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tencentvideo/txp/style/img/loading.png HTTP/1.1Host: vm.gtimg.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-7.17756db7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-8.18097ed7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CfV8weymZlKYm7u&MD=wmB1VrEy HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-9.39b61a69.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-10.4f6a1e0d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/boy.c5ae9f89.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/girl.031060e3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-1.31d4bb78.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kv?attaid=05700050920&token=3619167286&topUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&pageUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&domain=im.qq.com&channel=0&from=2&version=1.15.2&platform=&kernel=origin&_dc=0.606426968780398 HTTP/1.1Host: h.trace.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460120376&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-12.963691a2.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-4.a0581c94.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-13.f040bb44.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-14.6ebef64d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-17.ca026495.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-5.587b1e5e.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-18.49af16e6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-22.77473c1b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/preview-all.ad0b1649.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-7.17756db7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-8.18097ed7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-23.132fbdba.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-10.4f6a1e0d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-26.3e460242.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-28.cf48975b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-9.39b61a69.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-29.bf39516b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-1.e3569743.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-2.9a3b1afa.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-12.963691a2.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-13.f040bb44.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /kv?attaid=05700050920&token=3619167286&topUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&pageUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&domain=im.qq.com&channel=0&from=2&version=1.15.2&platform=&kernel=origin&_dc=0.606426968780398 HTTP/1.1Host: h.trace.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-3.f961bc34.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-14.6ebef64d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-17.ca026495.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/brand-text.561ce6a3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-1.5a6a85fe.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-18.49af16e6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-22.77473c1b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-2.5d02382f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-23.132fbdba.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-3.88e518ac.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-26.3e460242.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460123395&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-28.cf48975b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/ornament-29.bf39516b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-1.e3569743.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-3.f961bc34.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/brand-text.561ce6a3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-2.9a3b1afa.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET //im.qq.com_new/7bce6d6d/asset/favicon.ico HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-1.5a6a85fe.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-2.5d02382f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /im.qq.com_new/f2ff7664/img/page-3.88e518ac.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET //im.qq.com_new/7bce6d6d/asset/favicon.ico HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460126410&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /qzone/qzact/act/external/tiqq/logo.png HTTP/1.1Host: qzonestyle.gtimg.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
Source: global traffic	HTTP traffic detected: GET /qzone/qzact/act/external/tiqq/logo.png HTTP/1.1Host: qzonestyle.gtimg.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460129422&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460132421&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460135424&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460138438&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460141424&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460144436&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460147435&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460150480&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460153493&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460156497&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460159507&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460162518&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460165535&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460168545&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460171549&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460174549&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460177553&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460180564&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460183576&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460186577&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1Accept: /Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23infoAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
Source: global traffic	HTTP traffic detected: GET /p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102 HTTP/1.1Host: txz.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /index/ HTTP/1.1Host: im.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac

Source: global traffic	DNS traffic detected: DNS query: xui.ptlogin2.qq.com
Source: global traffic	DNS traffic detected: DNS query: qq-web-legacy.cdn-go.cn
Source: global traffic	DNS traffic detected: DNS query: imgcache.qq.com
Source: global traffic	DNS traffic detected: DNS query: ui.ptlogin2.qq.com
Source: global traffic	DNS traffic detected: DNS query: localhost.sec.qq.com
Source: global traffic	DNS traffic detected: DNS query: localhost.ptlogin2.qq.com
Source: global traffic	DNS traffic detected: DNS query: report.qqweb.qq.com
Source: global traffic	DNS traffic detected: DNS query: ssl.captcha.qq.com
Source: global traffic	DNS traffic detected: DNS query: ssl.ptlogin2.qq.com
Source: global traffic	DNS traffic detected: DNS query: txz.qq.com
Source: global traffic	DNS traffic detected: DNS query: im.qq.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: qq-web.cdn-go.cn
Source: global traffic	DNS traffic detected: DNS query: cdn-go.cn
Source: global traffic	DNS traffic detected: DNS query: aegis.qq.com
Source: global traffic	DNS traffic detected: DNS query: v.qq.com
Source: global traffic	DNS traffic detected: DNS query: beacon.cdn.qq.com
Source: global traffic	DNS traffic detected: DNS query: vm.gtimg.cn
Source: global traffic	DNS traffic detected: DNS query: otheve.beacon.qq.com
Source: global traffic	DNS traffic detected: DNS query: static-res.qq.com
Source: global traffic	DNS traffic detected: DNS query: h.trace.qq.com
Source: global traffic	DNS traffic detected: DNS query: qzonestyle.gtimg.cn

Source: unknown

HTTP traffic detected: POST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveContent-Length: 1576sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/xmlDate: Sat, 20 Jul 2024 07:20:25 GMTServer: tencent-cosx-cos-request-id: NjY5YjY1MzlfOGI3OTQwYV81YjczXzg3N2U5MQ==x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWRlZDk5YzgyOTg0ZTg2ODA1ODFjOGY0MWFhYWFhOTdmZWZiMTE1MDY5YzA1ZGY5MzIyY2I1OTg3YjI4MDViMDI=Content-Length: 507X-NWS-LOG-UUID: 898460393527192638Connection: closeX-Cache-Lookup: Cache HitAccess-Control-Allow-Origin: *Vary: User-Agent,OriginCache-Control: max-age=666Is-Immutable-In-The-Future: false
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sat, 20 Jul 2024 07:21:45 GMTContent-Type: text/plainContent-Length: 13Connection: closeServer: openrestyX-Powered-By: ExpressAccess-Control-Allow-Origin: *

Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.https-=deleted=ldw
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374810100.000000000EF5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://check.https://ssl./getimagetenpay.comptlogin2.gdi
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364457601.000000000D061000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://dldir2.qq.com/invc/xfspeed/qqpcmgr/clin
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368772751.000000000E71E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371508123.000000000E883000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2359931466.000000000E882000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297385552.000000000E882000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297334007.000000000E881000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242610063.0000000002876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	String found in binary or memory: http://dldir2.qq.com/invc/xfspeed/qqpcmgr/clinic/image/tipsicon_qq.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000999000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/inde
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.3i
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.3i-
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.3iW
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.hth
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6C0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B534000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2296211807.000000000E90B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.000000000825F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.000000000098E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2296087808.000000000E90A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23info
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23info(seP
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000999000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23info...
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23info...p:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23infoK
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23infock=pt_qqprotect_version&wparam=&lparam=&session=info...=
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23infol
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23infom
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23infonF
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.html%23infop
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://id.qq.com/index.htp
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: http://im.qq.com/browserupgrade.html
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267817752.000000000E786000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268382865.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363137788.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268051842.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2362640152.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267993599.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268320937.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363216801.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268079831.000000000E78B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268023030.000000000E789000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374514614.000000000EEE0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3369942926.000000000E78F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363276647.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242610063.0000000002876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268348589.000000000E78D000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	String found in binary or memory: http://im.qq.com/macqq/index.shtml#im.qqformac.plusdown
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://im.qq.com/mobileqq/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: http://im.qq.com/mobileqq/#from=login
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://im.qq.com/mobileqq/#from=loginA
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://im.qq.com/mobileqq/#from=loginm
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://im.qq.com/mobileqq/#from=loginx
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267817752.000000000E786000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268382865.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363137788.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268051842.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2362640152.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267993599.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268320937.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363216801.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268079831.000000000E78B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268023030.000000000E789000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374514614.000000000EEE0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3369942926.000000000E78F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363276647.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242610063.0000000002876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268348589.000000000E78D000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	String found in binary or memory: http://im.qq.com/qq/2013/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265590295.000000000E706000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265495482.000000000E704000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265374020.000000000E702000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265273576.000000000E701000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374856271.000000000EF5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368353516.000000000E708000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265649359.000000000E707000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://imgcache.qq.com/ptlogin/v4/style/0/images/1.gif
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242704101.000000000CFE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://imgcache.qq.com/ptlogin/v4/style/0/images/1.gifo
Source: c_login_2[1].js0.0.dr	String found in binary or memory: http://isdspeed.qq.com/cgi-bin/r.cgi?
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374399449.000000000EED7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://isdspeed.qq.com/cgi-bin/r.cgi?http://isdspeed.qq.com/cgi-bin/r.cgi?SSOAxCtrlForPTLogin.SSOFor
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364125949.000000000B879000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mat1.gtimg.com/www/js/common_v2.js
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368353516.000000000E708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mat1.gtimg.com/www/js/common_v2.js:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://pan.baidu.com/s/1qWKD5ve
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242704101.000000000CFE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ptlogin2..x.ptuix.ptui.domain(s
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368314324.000000000E705000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ptlogin2.4j
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374561133.000000000EEE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ptlogin2.https://ssl.ptlogin2.f
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368314324.000000000E705000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ptlogin2.om
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://q1.qlogo.cn/g?b=qq&nk=
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374636819.000000000EF08000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://qq.com
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298007996.000000000E864000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298099137.000000000E866000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371311491.000000000E862000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298212088.000000000E868000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297951006.000000000E862000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298160030.000000000E867000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298051870.000000000E865000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://qq.com/check
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe	String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.youku.com/playlist_show/id_25824322.html
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aegis.qq.com
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://captcha.gtimg.com/1/tcaptcha-frame
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://captcha.gtimg.com/staticha.jspt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_lo
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2296770879.000000000E8D5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3372054922.000000000E8D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://captcha.gtimg.com/statichttps://global.captcha.gtimg.com/staticGET_CAPTCHA_CONFIG_REQUEST_ER
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://cdn-go.cn/aegis/aegis-sdk/latest/aegis.min.js
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3353306544.0000000002857000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/z
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364457601.000000000D061000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/blob/v
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360017098.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297706285.000000000E893000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297669390.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297730384.000000000E897000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3375765155.000000000EFB8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371550763.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297484812.000000000E88F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297640957.000000000E891000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297616204.000000000E890000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297758530.000000000E899000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.21.1/LICENSE
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297014891.000000000E8B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2296869328.000000000E8B0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360226110.000000000E8B4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297157924.000000000E8B4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360135403.000000000E8B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297233494.000000000E8B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371969127.000000000E8B5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297086679.000000000E8B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-jsP
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374933651.000000000EF62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zloirock/core-jsl(
Source: c_login_2[1].js0.0.dr	String found in binary or memory: https://huatuospeed.weiyun.com/cgi-bin/r.cgi?
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3363975510.000000000B849000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://huatuospeed.weiyun.com/cgi-bin/r.cgi?NatK
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368353516.000000000E708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://huatuospeed.weiyun.com/cgi-bin/r.cgi?https://huatuospeed.weiyun.com/cgi-bin/r.cgi?NatK
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265590295.000000000E706000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265495482.000000000E704000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265374020.000000000E702000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265273576.000000000E701000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374856271.000000000EF5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368353516.000000000E708000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265649359.000000000E707000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242610063.0000000002876000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i.gtimg.cn/huatuo/sdk/huatuoping-sdk.min-0.1.js
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364457601.000000000D061000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://id.q
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://id.qq.com/cgi-bin/pri_mod
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://id.qq.com/cgi-bin/pri_mod&xx=0VBScript.RegExpIgnoreCaseMultilineSinglelineGlobalPatternExecu
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242610063.0000000002876000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://id.qq.com/index.html#accounte
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD10000.00000004.00000020.00020000.00000000.sdmp, chromecache_331.5.dr	String found in binary or memory: https://im.qq.com/index
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265495482.000000000E704000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265374020.000000000E702000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370425169.000000000E7C6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368314324.000000000E705000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361870744.000000000E7C4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265273576.000000000E701000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361912517.000000000E7C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://im.qq.com/indexhandleBtnConfirm
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3361676512.0000000009153000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3372389345.000000000E90A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360283049.000000000E909000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://im.qq.com/mobileqq
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/m
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364125949.000000000B879000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368353516.000000000E708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360017098.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297706285.000000000E893000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297669390.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297730384.000000000E897000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371550763.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297484812.000000000E88F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297640957.000000000E891000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297616204.000000000E890000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297758530.000000000E899000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368721917.000000000E718000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/20/images/c_icon_1.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364457601.000000000D061000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/20/images/c_icon_1.pngE.
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/20/images/c_icon_1.pngE.insertInlineCss
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3347875869.000000000018F000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png&
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png...
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngJ%
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pnga
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngc
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pnger$
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngi
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000999000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pnglogin%2Fproxy.html&s_url=http://id
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngt
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B534000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/logo.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/logo.pngQ:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/logo.pngptlogin/v4/style/theme/theme_0.css.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.pnga($bSn$
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://localhost.ptlogin2
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	String found in binary or memory: https://localhost.ptlogin2.
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371765702.000000000E8A6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.dwSSO_Account_dwAccountUinSSO_Account_AccountValueListstrSSO_Account_strN
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3363975510.000000000B849000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.ptui_qqprotect_querystatus_CB
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3361676512.0000000009153000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.qq.com:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6CA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.qq.com:4301/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6CA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.qq.com:4303/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6CA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.qq.com:4305/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.qq.com:4307/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.00000000008FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.ptlogin2.qq.com:4309/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://localhost.sec
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B69F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.sec.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360778546.000000000E822000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360931248.000000000E824000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370813173.000000000E829000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360866756.000000000E823000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361186654.000000000E828000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3361676512.0000000009164000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361022443.000000000E826000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361082852.000000000E827000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	String found in binary or memory: https://localhost.sec.qq.com:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.sec.qq.com:16873/?cmd=101&service=1&action=undefined&timeout=5000&_tk=0.0852621786
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.000000000825F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://localhost.sec.qq.com:9410/?cmd=101&service=1&action=undefined&timeout=5000&_tk=0.08526217866
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	String found in binary or memory: https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_open
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267817752.000000000E786000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268382865.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363137788.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268051842.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2362640152.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267993599.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268320937.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363216801.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268079831.000000000E78B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268023030.000000000E789000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374514614.000000000EEE0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3369942926.000000000E78F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363276647.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268348589.000000000E78D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_openbackground:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298007996.000000000E864000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298099137.000000000E866000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371311491.000000000E862000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298212088.000000000E868000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297951006.000000000E862000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298264309.000000000E86B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298160030.000000000E867000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2298051870.000000000E865000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	String found in binary or memory: https://ping.huatuo.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360778546.000000000E822000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360931248.000000000E824000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370813173.000000000E829000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360866756.000000000E823000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361186654.000000000E828000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361022443.000000000E826000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361082852.000000000E827000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ping.huatuo.qq.com/httpcode
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://pre.cdn-go.cn/
Source: xlogin[1].htm.0.dr	String found in binary or memory: https://pre.cdn-go.cn/qq-web/any.ptlogin2.qq.com/33d4907a
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.000000000827D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.000000000827D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/AG
Source: xlogin[1].htm.0.dr	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364215217.000000000B880000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364125949.000000000B860000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2183494867.000000000B863000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2183385104.000000000B862000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3361676512.0000000009153000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.js
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.js#
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.js7
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.jsJ
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.jsT
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/20/images/shouQ_v2/qr_t
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/checkbox_chec
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B545000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/checkbox_unch
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.00000000008FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/error_icon.pn
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/error_icon_ie
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.000000000097B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/go_left.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.00000000008FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/go_left_ie.pn
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.00000000008FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/go_right.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.00000000008FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/go_right_ie.p
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.000000000097B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/phone.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.00000000008FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/phone_ie.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/phone_ie.pngg
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/vip.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.000000000097B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/vip_ie.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B534000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/theme/theme_0.css
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B534000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/theme/theme_0.cssU
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/theme/theme_0.csspngq-?
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2359931466.000000000E882000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297439193.000000000E885000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3375606261.000000000EFAB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360017098.000000000E885000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297385552.000000000E882000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371550763.000000000E886000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297334007.000000000E881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://qq-web-other.cdn-go.cn/biz-libs/latest/any.ptlogin2.qq.com/fingerprintjs/index.umd.js
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://qq-web.cdn-go.cn/
Source: chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn//im.qq.com_new/7bce6d6d/asset/favicon.ico
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/chunk-vendors.120b3a4b.css
Source: chromecache_369.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/mobile.73b646b1.css
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/other-chunk.08167b84.css
Source: chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css
Source: chromecache_453.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/cp-ql.c6a6fbbe.png)
Source: chromecache_453.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/cp-wz.dde8b398.png)
Source: chromecache_453.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-jy.26b790ff.png)
Source: chromecache_453.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-sd.a5b9101b.png)
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/chunk-vendors-legacy.6a4b10d6.js
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/chunk-vendors.952b5fa2.js
Source: chromecache_369.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/mobile-legacy.be6dfd43.js
Source: chromecache_369.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/mobile.b9db3e97.js
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/other-chunk-legacy.69fda2fc.js
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/other-chunk.ddf042d1.js
Source: chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/pc-legacy.dc28df17.js
Source: chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/pc.f8a9f5ae.js
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/vue-chunk-legacy.c1f73fbf.js
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/vue-chunk.bc9c2585.js
Source: chromecache_369.5.dr, chromecache_307.5.dr	String found in binary or memory: https://qzonestyle.gtimg.cn/qzone/qzact/act/external/tiqq/logo.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B69F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://report.qqweb.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364125949.000000000B860000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://report.qqweb.qq.com/report/007?app=
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371311491.000000000E862000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3361676512.0000000009153000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://report.qqweb.qq.com/report/007?app=.
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081C0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://report.qqweb.qq.com/report/007?app=qfingerprint-device-id&url=device-id%2Funsupport&type=1&h
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sg.captcha.qcloud.com
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370760577.000000000E825000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360778546.000000000E822000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360931248.000000000E824000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360866756.000000000E823000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl./ptgetimageptlogin2.captcha.http://check./getimagegdi
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com//
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2307367706.000000000D21C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B69F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.js
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B69F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.js&8gQ
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B69F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.jsK9
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3372054922.000000000E8C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.jsNatKL$:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.jsT
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B69F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.jsV9
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.jsent(
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.js~
Source: c_login_2[1].js0.0.dr	String found in binary or memory: https://ssl.ptlogin2.
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297014891.000000000E8B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2296869328.000000000E8B0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360226110.000000000E8B4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297157924.000000000E8B4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360135403.000000000E8B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371969127.000000000E8B5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297086679.000000000E8B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.&pt_3rd_aid=ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3375606261.000000000EFAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.&regmaster=ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3363975510.000000000B849000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.8
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2294961086.000000000E836000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360866756.000000000E834000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361670427.000000000E835000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374561133.000000000EEE2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370887427.000000000E836000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.domLoaded
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3369040800.000000000E732000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.f
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3363975510.000000000B849000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.http://ptlogin2.
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2294961086.000000000E836000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360866756.000000000E834000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361670427.000000000E835000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370887427.000000000E836000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.http://ptlogin2.f
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368314324.000000000E705000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.q
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.0000000008280000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3363975510.000000000B849000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368680446.000000000E716000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000999000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/?
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3353306544.0000000002819000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/e.shouldProxy
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/e3
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368680446.000000000E716000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/i
Source: xlogin[1].htm.0.dr	String found in binary or memory: https://ssl.ptlogin2.qq.com/j_newreg_url
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.0000000008280000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/j_newreg_urlP
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/k=ptui_getuins_CB&r=0.3211629091283624&pt_local_tk=794037794
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/ogin2.qq.com/k=ptui_getuins_CB&r=0.3211629091283624&pt_local_tk=79403779
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=166398
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/ptqrshow?appid=1006102&e=2&l=M&s=3&d=72&v=4&t=0.9210375481365429&daid=1&
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://ssl.ptlogin2.qq.com/ptui_forgetpwd
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.0000000008280000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/ptui_forgetpwd5
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.0000000008280000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.qq.com/ptui_forgetpwdb
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374810100.000000000EF5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.ptlogin2.supertoken&pt_qzone_sig=1superuinauth_nickauth_areaauth_uin/getface?appid=authL
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370760577.000000000E825000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360778546.000000000E822000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360931248.000000000E824000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360866756.000000000E823000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.supertoken&pt_qzone_sig=1ptlogin2.&auth_token=&pt4_shttps=1superuinauth_nickauth_areaaut
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265590295.000000000E706000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265495482.000000000E704000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265374020.000000000E702000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2359931466.000000000E882000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265983289.000000000E70F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265796343.000000000E70D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265273576.000000000E701000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360017098.000000000E885000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371550763.000000000E886000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265700432.000000000E70A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265649359.000000000E707000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265926795.000000000E70E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.uiptlogin2/cgi-bin/mNatKH$6
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://static-res.qq.com/static-res/ptlogin/kefu-qrcode.jpg
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B534000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://static-res.qq.com/static-res/ptlogin/kefu-qrcode.jpgm
Source: xlogin[1].htm.0.dr	String found in binary or memory: https://support.qq.com/products/14800
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.qq.com/products/14800/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_l
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.qq.com/products/14800W
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374399449.000000000EED7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.qq.com/products/14800https://id.qq.com/index.html#account
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.qq.com/products/14800pic_chs
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t-captcha.gjacky.com
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.captcha.qq.com
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://t.captcha.qq.com/cap_union_prehandle
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B69F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.captcha.qq.comom
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/report?id=301240
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/s
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://ui.ptlogin2.qq.com/style.ssl/40
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3361676512.0000000009153000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style.ssl/40http://id.qq.com/login/proxy.htmlhttp://id.qq.com/index.html#
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364125949.000000000B879000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242704101.000000000CFE0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368353516.000000000E708000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/1.gif
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B54D000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gif
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gif...
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gif?
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2307367706.000000000D21C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gifA
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gifH
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B54D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gifT
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B534000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.png1
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.png184P
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.pnglogin2
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.pngq9tQ
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081C0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	String found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_3.png
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267817752.000000000E786000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268382865.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363137788.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268051842.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2362640152.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267993599.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268320937.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363216801.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268079831.000000000E78B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268023030.000000000E789000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374514614.000000000EEE0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3369942926.000000000E78F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363276647.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268348589.000000000E78D000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	String found in binary or memory: https://ui.ptlogin2.qq.com/style/34/images/icon_5.png)
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360017098.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297706285.000000000E893000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297669390.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297730384.000000000E897000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371550763.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297484812.000000000E88F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297640957.000000000E891000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297616204.000000000E890000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374399449.000000000EED7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ui.ptlogin2.qq.com/style/https://ssl.captcha.qq.com/TCaptcha.js
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogi
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.0000000008280000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000999000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.0000000008280000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/L
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid6102&daid=1&style=23&hide_border=1&proxy_url=http%3A
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&pro
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.000000000098E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3359136838.0000000008A35000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=htt
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360283049.000000000E909000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0:E
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0QE
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0pD
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0r
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0~E

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 55337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 55338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 55339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 129.226.103.162:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 123.6.105.199:443 -> 192.168.2.5:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.136.80:443 -> 192.168.2.5:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 129.226.103.162:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.136.80:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 129.226.107.134:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 43.135.106.65:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 157.255.220.168:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.5:49966 version: TLS 1.2

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_004231F0 IsWindowEnabled,TranslateAccelerator,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow,		0_2_004231F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00424F00 GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00424F00

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006C4B24 NtdllDefWindowProc_A,CallWindowProcA,	0_2_006C4B24
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00420030 GetClassInfoA,LoadCursorA,GetStockObject,NtdllDefWindowProc_A,	0_2_00420030
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00425BF0 GetClassInfoA,NtdllDefWindowProc_A,	0_2_00425BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006C4ECC GetWindowRect,wsprintfA,wsprintfA,GetClassInfoA,NtdllDefWindowProc_A,	0_2_006C4ECC

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_0041E520	0_2_0041E520
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00427250	0_2_00427250
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_004255C0	0_2_004255C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_004415E0	0_2_004415E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006BA7E6	0_2_006BA7E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_004338E0	0_2_004338E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006BE8A7	0_2_006BE8A7
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_0040E9C0	0_2_0040E9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_0041AEA0	0_2_0041AEA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_0042DF30	0_2_0042DF30

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Code function: String function: 006B4914 appears 51 times

Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe

Static PE information: Resource name: RT_DIALOG type: DOS executable (COM, 0x8C-variant)

Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal52.winEXE@22/386@60/24

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Code function: 0_2_006C6348 FindResourceA,LoadResource,LockResource,

0_2_006C6348

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\xlogin[1].htm

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe	ReversingLabs: Detection: 47%
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe	Virustotal: Detection: 57%

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe"
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2044,i,11612594567742170903,17690001802971080553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4676 --field-trial-handle=2044,i,11612594567742170903,17690001802971080553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2044,i,11612594567742170903,17690001802971080553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4676 --field-trial-handle=2044,i,11612594567742170903,17690001802971080553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: oledlg.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dxtrans.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: ddrawex.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: ddraw.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: dxtmsft.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Section loaded: imgutil.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Code function: 0_2_004243E0 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow,

0_2_004243E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006B4914 push eax; ret	0_2_006B4932
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006B29D0 push eax; ret	0_2_006B29FE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_0E9C39E5 push 8B000002h; iretd	0_2_0E9C39EA

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00420140 DestroyCursor,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu,	0_2_00420140
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_004243E0 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow,	0_2_004243E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00420810 IsIconic,IsZoomed,	0_2_00420810
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_0041AEA0 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus,	0_2_0041AEA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006A9F6B MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect,	0_2_006A9F6B

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: 89E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: 9200000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: B820000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: B880000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: B8A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: D1E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E6A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E6E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E740000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E7A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E7E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E840000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E8E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E920000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E940000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E9A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E9E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EA00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EA20000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EA40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EDF0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: E800000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EE10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EE30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EE50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EE90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EEB0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EF10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: EF70000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: F010000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: F030000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: F050000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: F070000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: F090000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: A70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: 7B0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: 7D0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Memory allocated: 7F0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

API coverage: 4.5 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_006C32DE __EH_prolog,GetFullPathNameA,lstrcpyn,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpy,	0_2_006C32DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00413670 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA,	0_2_00413670
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_0041CA30 FindNextFileA,FindClose,FindFirstFileA,FindClose,	0_2_0041CA30
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Code function: 0_2_00424D50 FindFirstFileA,FindClose,	0_2_00424D50

Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW\
Source: SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Code function: 0_2_004243E0 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow,

0_2_004243E0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Code function: 0_2_00441000 GetProcessHeap,OleInitialize,GetModuleFileNameA,SetCurrentDirectoryA,LoadCursorA,GetStockObject,GetCurrentThreadId,

0_2_00441000

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Code function: 0_2_006B44DC GetLocalTime,GetSystemTime,GetTimeZoneInformation,

0_2_006B44DC

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Code function: 0_2_006B44DC GetLocalTime,GetSystemTime,GetTimeZoneInformation,

0_2_006B44DC

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Code function: 0_2_006CD244 GetVersion,RtlInitializeCriticalSection,

0_2_006CD244

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	1 Input Capture	2 System Time Discovery	Remote Services	1 Input Capture	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Query Registry	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Process Injection	NTDS	1 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	21 Obfuscated Files or Information	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	13 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
SecuriteInfo.com.FileRepMalware.6250.26408.exe	47%	ReversingLabs
SecuriteInfo.com.FileRepMalware.6250.26408.exe	57%	Virustotal	Browse
SecuriteInfo.com.FileRepMalware.6250.26408.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
ins-ojz90ij2.ias.tencent-cloud.net	0%	Virustotal	Browse
localhost.sec.qq.com	0%	Virustotal	Browse
ins-diu1q33u.ias.tencent-cloud.net	0%	Virustotal	Browse
aegis.qq.com	0%	Virustotal	Browse
best.ovslegodl.sched.ovscdns.com	0%	Virustotal	Browse
cdn-go.cn.lmtlego.sched.apdcdn.com	0%	Virustotal	Browse
qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com	0%	Virustotal	Browse
any.cdn-go.lmtlego.sched.apdcdn.com	0%	Virustotal	Browse
ins-azm2llib.ias.tencent-cloud.net	0%	Virustotal	Browse
ins-yf1um8dh.ias.tencent-cloud.net	0%	Virustotal	Browse
ssl.captcha.qq.com	1%	Virustotal	Browse
imgcache.qq.com.sched.legopic1.tdnsv6.com	0%	Virustotal	Browse
any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com	0%	Virustotal	Browse
ssd.tcdn.qq.com	1%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
localhost.ptlogin2.qq.com	0%	Virustotal	Browse
ins-swbr0hdo.ias.tencent-cloud.net	0%	Virustotal	Browse
static-res.lmtlego.sched.apdcdn.com	0%	Virustotal	Browse
301yjo64.sched.sma-dk.tdnsstic1.cn	0%	Virustotal	Browse
ins-9hkazpwd.ias.tencent-cloud.net	0%	Virustotal	Browse
v.qq.com	1%	Virustotal	Browse
ins-u4xprfqu.ias.tencent-cloud.net	0%	Virustotal	Browse
txz.qq.com	1%	Virustotal	Browse
ins-ck07kq9h.ias.tencent-cloud.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://ssl.ptlogin2.qq.com/i	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-6.1922815c.png	0%	Avira URL Cloud	safe
https://aegis.qq.com/speed/performance?dnsLookup=0&tcp=0&ssl=0&ttfb=338&contentDownload=13&domParse=3216&resourceDownload=1070&firstScreenTiming=5540&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=	0%	Avira URL Cloud	safe
https://static-res.qq.com/web/im.qq.com/qq9_introduction_poster.jpg	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/brand-text.561ce6a3.png	0%	Avira URL Cloud	safe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/theme/theme_0.csspngq-?	0%	Avira URL Cloud	safe
https://support.qq.com/products/14800W	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460180564&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	0%	Avira URL Cloud	safe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/checkbox_chec	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460147435&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	0%	Avira URL Cloud	safe
https://localhost.ptlogin2.qq.com:4303/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_	0%	Avira URL Cloud	safe
http://ptlogin2.om	0%	Avira URL Cloud	safe
http://im.qq.com/qq/2013/	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-10.4f6a1e0d.png	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-2.bb8e2315.png	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460132421&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-8.c0d3424b.png	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-js/blob/v3.21.1/LICENSE	0%	Avira URL Cloud	safe
http://imgcache.qq.com/ptlogin/v4/style/0/images/1.gif	0%	Avira URL Cloud	safe
https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_open	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-7.12c86460.png	0%	Avira URL Cloud	safe
http://.https-=deleted=ldw	0%	Avira URL Cloud	safe
https://localhost.ptlogin2.qq.com:4309/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460096350&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-5.87d757fd.png	0%	Avira URL Cloud	safe
https://localhost.ptlogin2.ptui_qqprotect_querystatus_CB	0%	Avira URL Cloud	safe
https://ui.ptlogin2.qq.com/style/0/images/load.gif	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/library/latest/qqapi/qqapi.wk.js	0%	Avira URL Cloud	safe
https://ssl.captcha.qq.com//	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460084247&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-17.ca026495.png	0%	Avira URL Cloud	safe
https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0QE	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.&regmaster=ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:	0%	Avira URL Cloud	safe
http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460099355&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-3.f961bc34.png	0%	Avira URL Cloud	safe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.jsT	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.&pt_3rd_aid=ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/k=ptui_getuins_CB&r=0.3211629091283624&pt_local_tk=794037794	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/pc-legacy.dc28df17.js	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-6.7bfb07b7.png	0%	Avira URL Cloud	safe
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info	0%	Avira URL Cloud	safe
http://pan.baidu.com/s/1qWKD5ve	0%	Avira URL Cloud	safe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-2.f6af1bfb.png	0%	Avira URL Cloud	safe
https://aegis.qq.com/speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/boy.c5ae9f89.png	0%	Avira URL Cloud	safe
https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_openbackground:	0%	Avira URL Cloud	safe
http://isdspeed.qq.com/cgi-bin/r.cgi?http://isdspeed.qq.com/cgi-bin/r.cgi?SSOAxCtrlForPTLogin.SSOFor	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-4.a0581c94.png	0%	Avira URL Cloud	safe
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid6102&daid=1&style=23&hide_border=1&proxy_url=http%3A	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-4.2763deef.png	0%	Avira URL Cloud	safe
https://xui.ptlogin2.qq.com/	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460117371&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	0%	Avira URL Cloud	safe
http://q1.qlogo.cn/g?b=qq&nk=	0%	Avira URL Cloud	safe
https://ssl.captcha.qq.com/TCaptcha.jsK9	0%	Avira URL Cloud	safe
https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0pD	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/user-profile.a6a93e4d.png	0%	Avira URL Cloud	safe
https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.pnglogin2	0%	Avira URL Cloud	safe
https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png...	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.e3569743.png	0%	Avira URL Cloud	safe
https://ui.ptlogin2.qq.com/style/	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-jy.26b790ff.png)	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-5.497658cf.png	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-5.fe6684a7.png	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.5a6a85fe.png	0%	Avira URL Cloud	safe
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23	0%	Avira URL Cloud	safe
https://huatuospeed.weiyun.com/cgi-bin/r.cgi?NatK	0%	Avira URL Cloud	safe
https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pnglogin%2Fproxy.html&s_url=http://id	0%	Avira URL Cloud	safe
https://ssl.captcha.qq.com/TCaptcha.jsent(	0%	Avira URL Cloud	safe
https://t.captcha.qq.com/cap_union_prehandle	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460183576&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/phone.55b5179d.png	0%	Avira URL Cloud	safe
https://qzonestyle.gtimg.cn/qzone/qzact/act/external/tiqq/logo.png	0%	Avira URL Cloud	safe
https://imgcache.qq.com/m	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-2.3e3799e7.png	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-jsP	0%	Avira URL Cloud	safe
https://aegis.qq.com/collect/events?payload=%5B%7B%22name%22%3A%22QQ%E6%96%B0%E7%89%88%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5%E6%9B%9D%E5%85%89%22%2C%22ext1%22%3A%22%22%2C%22ext2%22%3A%22%22%2C%22ext3%22%3A%22%22%7D%5D&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.9d39f9ad.png	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.http://ptlogin2.	0%	Avira URL Cloud	safe
https://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102	0%	Avira URL Cloud	safe
https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png	0%	Avira URL Cloud	safe
https://static-res.qq.com/web/im.qq.com/qq9_1080.mp4	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-6.1dc4108f.png	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-sd.a5b9101b.png	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-1.45f490cc.png	0%	Avira URL Cloud	safe
https://im.qq.com/indexhandleBtnConfirm	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/j_newreg_url	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/mobile-legacy.be6dfd43.js	0%	Avira URL Cloud	safe
http://id.qq.com/index.html%23info...	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-29.bf39516b.png	0%	Avira URL Cloud	safe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/vip_ie.png	0%	Avira URL Cloud	safe
https://ssl.ptlogin2.qq.com/ogin2.qq.com/k=ptui_getuins_CB&r=0.3211629091283624&pt_local_tk=79403779	0%	Avira URL Cloud	safe
https://ssl./ptgetimageptlogin2.captcha.http://check./getimagegdi	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-5.587b1e5e.png	0%	Avira URL Cloud	safe
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-11.b87d994b.png	0%	Avira URL Cloud	safe
http://im.qq.com/mobileqq/	0%	Avira URL Cloud	safe
https://github.com/zloirock/core-jsl(	0%	Avira URL Cloud	safe
https://ui.ptlogin2.qq.com/style/0/images/load.gifH	0%	Avira URL Cloud	safe
https://t.captcha.qq.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ins-ojz90ij2.ias.tencent-cloud.net	129.226.103.162	true	false	0%, Virustotal, Browse	unknown
localhost.sec.qq.com	0.0.0.1	true	false	0%, Virustotal, Browse	unknown
ins-diu1q33u.ias.tencent-cloud.net	129.226.102.234	true	false	0%, Virustotal, Browse	unknown
aegis.qq.com	43.137.221.145	true	false	0%, Virustotal, Browse	unknown
any.cdn-go.lmtlego.sched.apdcdn.com	43.152.137.29	true	false	0%, Virustotal, Browse	unknown
ins-u4xprfqu.ias.tencent-cloud.net	129.226.106.210	true	false	0%, Virustotal, Browse	unknown
best.ovslegodl.sched.ovscdns.com	43.152.29.77	true	false	0%, Virustotal, Browse	unknown
qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com	36.250.242.247	true	false	0%, Virustotal, Browse	unknown
ins-azm2llib.ias.tencent-cloud.net	43.129.115.202	true	false	0%, Virustotal, Browse	unknown
ins-yf1um8dh.ias.tencent-cloud.net	43.135.106.65	true	false	0%, Virustotal, Browse	unknown
cdn-go.cn.lmtlego.sched.apdcdn.com	43.152.137.29	true	false	0%, Virustotal, Browse	unknown
ssd.tcdn.qq.com	203.205.137.236	true	false	1%, Virustotal, Browse	unknown
localhost.ptlogin2.qq.com	127.0.0.1	true	false	0%, Virustotal, Browse	unknown
ssl.captcha.qq.com	157.255.220.168	true	false	1%, Virustotal, Browse	unknown
ins-swbr0hdo.ias.tencent-cloud.net	129.226.103.162	true	false	0%, Virustotal, Browse	unknown
imgcache.qq.com.sched.legopic1.tdnsv6.com	123.6.105.199	true	false	0%, Virustotal, Browse	unknown
any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com	203.205.136.80	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.186.100	true	false	0%, Virustotal, Browse	unknown
static-res.lmtlego.sched.apdcdn.com	43.152.29.15	true	false	0%, Virustotal, Browse	unknown
301yjo64.sched.sma-dk.tdnsstic1.cn	42.177.83.111	true	false	0%, Virustotal, Browse	unknown
ins-9hkazpwd.ias.tencent-cloud.net	129.226.103.162	true	false	0%, Virustotal, Browse	unknown
ins-ck07kq9h.ias.tencent-cloud.net	129.226.107.134	true	false	0%, Virustotal, Browse	unknown
txz.qq.com	unknown	unknown	false	1%, Virustotal, Browse	unknown
v.qq.com	unknown	unknown	false	1%, Virustotal, Browse	unknown
qq-web-legacy.cdn-go.cn	unknown	unknown	false		unknown
beacon.cdn.qq.com	unknown	unknown	false		unknown
imgcache.qq.com	unknown	unknown	false		unknown
static-res.qq.com	unknown	unknown	false		unknown
otheve.beacon.qq.com	unknown	unknown	false		unknown
xui.ptlogin2.qq.com	unknown	unknown	false		unknown
im.qq.com	unknown	unknown	false		unknown
qq-web.cdn-go.cn	unknown	unknown	false		unknown
cdn-go.cn	unknown	unknown	false		unknown
report.qqweb.qq.com	unknown	unknown	false		unknown
ssl.ptlogin2.qq.com	unknown	unknown	false		unknown
vm.gtimg.cn	unknown	unknown	false		unknown
ui.ptlogin2.qq.com	unknown	unknown	false		unknown
h.trace.qq.com	unknown	unknown	false		unknown
qzonestyle.gtimg.cn	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://static-res.qq.com/web/im.qq.com/qq9_introduction_poster.jpg	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-6.1922815c.png	false	Avira URL Cloud: safe	unknown
https://aegis.qq.com/speed/performance?dnsLookup=0&tcp=0&ssl=0&ttfb=338&contentDownload=13&domParse=3216&resourceDownload=1070&firstScreenTiming=5540&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460147435&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/brand-text.561ce6a3.png	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460180564&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460132421&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-8.c0d3424b.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-10.4f6a1e0d.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-2.bb8e2315.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-7.12c86460.png	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460096350&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-5.87d757fd.png	false	Avira URL Cloud: safe	unknown
https://ui.ptlogin2.qq.com/style/0/images/load.gif	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/library/latest/qqapi/qqapi.wk.js	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460084247&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-17.ca026495.png	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460099355&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	false	Avira URL Cloud: safe	unknown
http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-3.f961bc34.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-6.7bfb07b7.png	false	Avira URL Cloud: safe	unknown
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-2.f6af1bfb.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/boy.c5ae9f89.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-4.a0581c94.png	false	Avira URL Cloud: safe	unknown
https://aegis.qq.com/speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-4.2763deef.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/user-profile.a6a93e4d.png	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460117371&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.e3569743.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.5a6a85fe.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-5.497658cf.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-5.fe6684a7.png	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460183576&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/phone.55b5179d.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.9d39f9ad.png	false	Avira URL Cloud: safe	unknown
https://qzonestyle.gtimg.cn/qzone/qzact/act/external/tiqq/logo.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-2.3e3799e7.png	false	Avira URL Cloud: safe	unknown
https://aegis.qq.com/collect/events?payload=%5B%7B%22name%22%3A%22QQ%E6%96%B0%E7%89%88%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5%E6%9B%9D%E5%85%89%22%2C%22ext1%22%3A%22%22%2C%22ext2%22%3A%22%22%2C%22ext3%22%3A%22%22%7D%5D&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=	false	Avira URL Cloud: safe	unknown
https://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102	false	Avira URL Cloud: safe	unknown
https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png	false	Avira URL Cloud: safe	unknown
https://static-res.qq.com/web/im.qq.com/qq9_1080.mp4	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-6.1dc4108f.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-sd.a5b9101b.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-1.45f490cc.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-29.bf39516b.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-11.b87d994b.png	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-5.587b1e5e.png	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://support.qq.com/products/14800W	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/theme/theme_0.csspngq-?	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/i	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368680446.000000000E716000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/checkbox_chec	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://localhost.ptlogin2.qq.com:4303/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6CA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ptlogin2.om	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368314324.000000000E705000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://im.qq.com/qq/2013/	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267817752.000000000E786000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268382865.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363137788.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268051842.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2362640152.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267993599.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268320937.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363216801.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268079831.000000000E78B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268023030.000000000E789000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374514614.000000000EEE0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3369942926.000000000E78F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363276647.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242610063.0000000002876000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268348589.000000000E78D000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-js/blob/v3.21.1/LICENSE	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360017098.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297706285.000000000E893000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297669390.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297730384.000000000E897000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3375765155.000000000EFB8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371550763.000000000E892000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297484812.000000000E88F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297640957.000000000E891000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297616204.000000000E890000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297758530.000000000E899000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_open	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DD7B000.00000004.00000020.00020000.00000000.sdmp, c_login_2[1].js.0.dr, c_login_2[1].js0.0.dr	false	Avira URL Cloud: safe	unknown
http://imgcache.qq.com/ptlogin/v4/style/0/images/1.gif	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265590295.000000000E706000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265495482.000000000E704000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265374020.000000000E702000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265273576.000000000E701000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374856271.000000000EF5C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368353516.000000000E708000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265649359.000000000E707000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://.https-=deleted=ldw	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://localhost.ptlogin2.ptui_qqprotect_querystatus_CB	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3363975510.000000000B849000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://localhost.ptlogin2.qq.com:4309/pt_get_uins?callback=ptui_getuins_CB&r=0.3211629091283624&pt_	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3366627925.000000000DE48000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.00000000008FC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.captcha.qq.com//	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0QE	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.&regmaster=ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3375606261.000000000EFAB000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/pc-legacy.dc28df17.js	chromecache_307.5.dr	false	Avira URL Cloud: safe	unknown
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.jsT	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/k=ptui_getuins_CB&r=0.3211629091283624&pt_local_tk=794037794	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.&pt_3rd_aid=ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297014891.000000000E8B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2296869328.000000000E8B0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360226110.000000000E8B4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297157924.000000000E8B4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360135403.000000000E8B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371969127.000000000E8B5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297086679.000000000E8B3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pan.baidu.com/s/1qWKD5ve	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/js/	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364215217.000000000B880000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3364125949.000000000B860000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2183494867.000000000B863000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2183385104.000000000B862000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	false	Avira URL Cloud: safe	unknown
http://isdspeed.qq.com/cgi-bin/r.cgi?http://isdspeed.qq.com/cgi-bin/r.cgi?SSOAxCtrlForPTLogin.SSOFor	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6D7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374399449.000000000EED7000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_openbackground:	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267817752.000000000E786000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268382865.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363137788.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268051842.000000000E78A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2362640152.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2267993599.000000000E788000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268320937.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363216801.000000000E78C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268079831.000000000E78B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268023030.000000000E789000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374514614.000000000EEE0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3369942926.000000000E78F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2363276647.000000000E78E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2268348589.000000000E78D000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid6102&daid=1&style=23&hide_border=1&proxy_url=http%3A	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://xui.ptlogin2.qq.com/	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.0000000008280000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000999000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.captcha.qq.com/TCaptcha.jsK9	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B69F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://q1.qlogo.cn/g?b=qq&nk=	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://xui.ptlogin2.qq.com/js/c_login_2.js?v=v1.55.0pD	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.pnglogin2	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png...	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B6F1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ui.ptlogin2.qq.com/style/	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2242541924.000000000CFF2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-jy.26b790ff.png)	chromecache_453.5.dr	false	Avira URL Cloud: safe	unknown
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pnglogin%2Fproxy.html&s_url=http://id	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000999000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://huatuospeed.weiyun.com/cgi-bin/r.cgi?NatK	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3363975510.000000000B849000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.captcha.qq.com/TCaptcha.jsent(	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081C0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.captcha.qq.com/cap_union_prehandle	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B5E3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp, xlogin[1].htm.0.dr	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-jsP	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297014891.000000000E8B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2296869328.000000000E8B0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360226110.000000000E8B4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297157924.000000000E8B4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360135403.000000000E8B2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297233494.000000000E8B8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3371969127.000000000E8B5000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2297086679.000000000E8B3000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://imgcache.qq.com/m	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.http://ptlogin2.	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3363975510.000000000B849000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://im.qq.com/indexhandleBtnConfirm	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265495482.000000000E704000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265374020.000000000E702000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370425169.000000000E7C6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368314324.000000000E705000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361870744.000000000E7C4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2265273576.000000000E701000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2361912517.000000000E7C5000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://id.qq.com/index.html%23info...	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.0000000000999000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/j_newreg_url	xlogin[1].htm.0.dr	false	Avira URL Cloud: safe	unknown
https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/mobile-legacy.be6dfd43.js	chromecache_369.5.dr	false	Avira URL Cloud: safe	unknown
https://ssl.ptlogin2.qq.com/ogin2.qq.com/k=ptui_getuins_CB&r=0.3211629091283624&pt_local_tk=79403779	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B540000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/vip_ie.png	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3351180447.000000000097B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B610000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ssl./ptgetimageptlogin2.captcha.http://check./getimagegdi	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3370760577.000000000E825000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360778546.000000000E822000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360931248.000000000E824000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000003.2360866756.000000000E823000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://im.qq.com/mobileqq/	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3362233390.000000000B698000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.captcha.qq.com	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3368021377.000000000E6C0000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/zloirock/core-jsl(	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3374933651.000000000EF62000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ui.ptlogin2.qq.com/style/0/images/load.gifH	SecuriteInfo.com.FileRepMalware.6250.26408.exe, 00000000.00000002.3356705123.00000000081EF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
43.135.106.65	ins-yf1um8dh.ias.tencent-cloud.net	Japan	4249	LILLY-ASUS	false
129.226.107.134	ins-ck07kq9h.ias.tencent-cloud.net	Singapore	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
129.226.106.225	unknown	Singapore	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
129.226.102.234	ins-diu1q33u.ias.tencent-cloud.net	Singapore	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
123.6.105.199	imgcache.qq.com.sched.legopic1.tdnsv6.com	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
43.152.26.209	unknown	Japan	4249	LILLY-ASUS	false
203.205.136.80	any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
43.152.29.20	unknown	Japan	4249	LILLY-ASUS	false
42.177.83.111	301yjo64.sched.sma-dk.tdnsstic1.cn	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
43.137.221.145	aegis.qq.com	Japan	4249	LILLY-ASUS	false
43.152.137.29	any.cdn-go.lmtlego.sched.apdcdn.com	Japan	4249	LILLY-ASUS	false
43.129.115.202	ins-azm2llib.ias.tencent-cloud.net	Japan	4249	LILLY-ASUS	false
129.226.103.162	ins-ojz90ij2.ias.tencent-cloud.net	Singapore	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
203.205.137.236	ssd.tcdn.qq.com	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
129.226.106.210	ins-u4xprfqu.ias.tencent-cloud.net	Singapore	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
43.152.29.77	best.ovslegodl.sched.ovscdns.com	Japan	4249	LILLY-ASUS	false
36.250.242.247	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false
43.152.29.15	static-res.lmtlego.sched.apdcdn.com	Japan	4249	LILLY-ASUS	false
119.176.27.237	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
157.255.220.168	ssl.captcha.qq.com	China	17623	CNCGROUP-SZChinaUnicomShenzennetworkCN	false

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1477172
Start date and time:	2024-07-20 09:20:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.FileRepMalware.6250.26408.exe
Detection:	MAL
Classification:	mal52.winEXE@22/386@60/24
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 52% Number of executed functions: 183 Number of non-executed functions: 138
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 192.229.221.95, 142.250.185.99, 142.250.186.78, 74.125.71.84, 34.104.35.123, 142.250.185.234, 142.250.186.42, 142.250.185.170, 142.250.185.202, 172.217.16.202, 172.217.18.10, 142.250.185.138, 142.250.186.138, 142.250.186.74, 142.250.184.202, 142.250.181.234, 172.217.18.106, 172.217.16.138, 142.250.186.170, 142.250.186.106, 142.250.185.106, 142.250.185.67
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:21:11	API Interceptor	12x Sleep call for process: SecuriteInfo.com.FileRepMalware.6250.26408.exe modified

QR Codes

Source	URL
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Screenshot	http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
43.135.106.65	mm.exe	Get hash	malicious	Redosdru	Browse	i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F2237003000
43.135.106.65	conhostdhfw.exe	Get hash	malicious	Redosdru	Browse	i.qq.com/?s_url=http%3A%2F%2Fuser.qzone.qq.com%2F2237003000
129.226.107.134	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse	txz.qq.com/p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124
	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse	txz.qq.com/p?k=KQWmZEIxWioCuxOXiciZ1NVf19zF4dlb&f=21000124
	SecuriteInfo.com.Win32.BackdoorX-gen.29330.26736.exe	Get hash	malicious	Unknown	Browse	ptlogin2.qq.com/getimage
	SecuriteInfo.com.Win32.Evo-gen.25243.12011.exe	Get hash	malicious	Unknown	Browse	check.ptlogin2.qq.com/check?uin=749041304&appid=15000101&ptlang=2052&r=0.14332994706818808
	buding.exe	Get hash	malicious	Unknown	Browse	txz.qq.com/p?k=xLGz5DS8UljQ2Am0AEtWOUQGKZpkYi6I&f=715030901
	SecuriteInfo.com.Win32.Evo-gen.10471.19957.exe	Get hash	malicious	Unknown	Browse	txz.qq.com/p?k=gZXdMoly4g4bkPyoAAiDwXfSfT7ChSjT&f=37000201
	vfKkwM2QFU.exe	Get hash	malicious	Unknown	Browse	txz.qq.com/p?k=2cUcT-UVwZ4VGoaoGO2TA3htuJgPar6d&f=715030901
	1qpNajxly5.exe	Get hash	malicious	Unknown	Browse	txz.qq.com/p?k=Yh*svW7H25yvaespiIXzpxeba35tLsI3&f=715030901
	ZxvxicUcnL.exe	Get hash	malicious	Unknown	Browse	txz.qq.com/p?k=kgs8mIAnczbLmqV1a*nqDp1Vk5oqN-6z&f=715030901
	9frujh3fhU.exe	Get hash	malicious	Unknown	Browse	txz.qq.com/p?k=1FghAza71RuNqYzfZG0bPJ--MaE-e*b8&f=715030901
129.226.106.225	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse
	buding.exe	Get hash	malicious	Unknown	Browse
	kDTGTVIHAr.exe	Get hash	malicious	Unknown	Browse
	vfKkwM2QFU.exe	Get hash	malicious	Unknown	Browse
	APKPure_v3.19.08_apkpure.com.apk	Get hash	malicious	Unknown	Browse
	CapCut_Video_Editor_v8.0.0_APKPure_Installer.apk	Get hash	malicious	Unknown	Browse
129.226.102.234	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse
	kDTGTVIHAr.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Evo-gen.10471.19957.exe	Get hash	malicious	Unknown	Browse
	G9NCnBiMys.exe	Get hash	malicious	Unknown	Browse
	1qpNajxly5.exe	Get hash	malicious	Unknown	Browse
	APKPure_v3.18.7504_apkpure.com.apk	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
localhost.sec.qq.com	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse	0.0.0.1
	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse	0.0.0.1
	buding.exe	Get hash	malicious	Unknown	Browse	0.0.0.1
	kDTGTVIHAr.exe	Get hash	malicious	Unknown	Browse	0.0.0.1
	SecuriteInfo.com.Win32.Evo-gen.10471.19957.exe	Get hash	malicious	Unknown	Browse	0.0.0.1
	vfKkwM2QFU.exe	Get hash	malicious	Unknown	Browse	0.0.0.1
	G9NCnBiMys.exe	Get hash	malicious	Unknown	Browse	127.0.0.1
	1qpNajxly5.exe	Get hash	malicious	Unknown	Browse	127.0.0.1
	ZxvxicUcnL.exe	Get hash	malicious	Unknown	Browse	127.0.0.1
	9frujh3fhU.exe	Get hash	malicious	Unknown	Browse	127.0.0.1
aegis.qq.com	http://www.globaltimes.cn	Get hash	malicious	HTMLPhisher	Browse	43.137.221.145
	https://rp.mockplus.com/rps/Cn8B8S01hT/UrSgrq-uFq?	Get hash	malicious	Unknown	Browse	43.137.221.145
	https://rp.mockplus.com/rps/LiqtEEdI7A?%20Please%20view%20%22pdf%22	Get hash	malicious	Fake Captcha, HTMLPhisher	Browse	43.137.221.145
	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse	43.137.221.145
	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse	43.137.221.145
	buding.exe	Get hash	malicious	Unknown	Browse	43.137.221.145
	kDTGTVIHAr.exe	Get hash	malicious	Unknown	Browse	43.137.221.145
	SecuriteInfo.com.Win32.Evo-gen.10471.19957.exe	Get hash	malicious	Unknown	Browse	43.137.221.145
	vfKkwM2QFU.exe	Get hash	malicious	Unknown	Browse	43.137.221.145
	https://rp.mockplus.com/run/jsTKTZ1Gjc/wanVsdthpp/_d6UKKwfoe?nav=0&cps=hide&rps=hide&ha=0&la=0&fc=0&out=0&rt=0&%20Please%20view%20%E3%80%8AJill%20Ganser%20shared%20a%20document%E3%80%8B&c=E,1,jAKDP2hRRG-Reds9wsicS5bjnzW6ih9Upw6mpi6TXvW7K5KcQB53pwZ91ZLXZ5SjKdUgsOdEyFcD9NfB7-bFMq_R10dHWZE54eOqlgliZQqIIzIpS-BMKQ,,&typo=1	Get hash	malicious	Unknown	Browse	43.137.221.145
ins-ojz90ij2.ias.tencent-cloud.net	Uc8jiEFesW.exe	Get hash	malicious	BlackMoon	Browse	129.226.107.134
	qgceB8B0Gz.exe	Get hash	malicious	BlackMoon	Browse	129.226.103.162
	W6qa6ioGl3.exe	Get hash	malicious	BlackMoon	Browse	129.226.103.162
	OO81I5RQqm.exe	Get hash	malicious	BlackMoon	Browse	129.226.107.134
	d2c6dwuz1l.exe	Get hash	malicious	BlackMoon	Browse	129.226.107.134
	wLed9541F7.exe	Get hash	malicious	BlackMoon	Browse	129.226.107.134
	ss3yaKlhny.exe	Get hash	malicious	BlackMoon	Browse	129.226.107.134
	Xp8AgoPRwt.exe	Get hash	malicious	BlackMoon	Browse	129.226.103.162
	prip4o4PP2.exe	Get hash	malicious	BlackMoon	Browse	129.226.103.162
	zG5X4aeG4b.exe	Get hash	malicious	BlackMoon	Browse	129.226.107.134
ins-diu1q33u.ias.tencent-cloud.net	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse	129.226.102.234
	SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe	Get hash	malicious	Unknown	Browse	129.226.102.234
	buding.exe	Get hash	malicious	Unknown	Browse	129.226.106.225
	kDTGTVIHAr.exe	Get hash	malicious	Unknown	Browse	129.226.102.234
	SecuriteInfo.com.Win32.Evo-gen.10471.19957.exe	Get hash	malicious	Unknown	Browse	129.226.102.234
	vfKkwM2QFU.exe	Get hash	malicious	Unknown	Browse	129.226.106.225
	G9NCnBiMys.exe	Get hash	malicious	Unknown	Browse	129.226.102.234
	1qpNajxly5.exe	Get hash	malicious	Unknown	Browse	129.226.102.234

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	92.249.48.47-skid.mips-2024-07-20T09_04_16.elf	Get hash	malicious	Mirai, Moobot	Browse	39.87.74.56
	U8E1VlGTmr.elf	Get hash	malicious	Mirai	Browse	175.172.31.224
	arm7.elf	Get hash	malicious	Mirai	Browse	60.9.222.82
	Solicitud de precio Img_Quotation PO 202400931.exe	Get hash	malicious	AgentTesla	Browse	116.162.51.98
	TWzzHuqCOF.elf	Get hash	malicious	Mirai	Browse	60.24.162.247
	Qa5qvgWyUn.elf	Get hash	malicious	Mirai	Browse	122.140.177.210
	LRMAuF4TbF.elf	Get hash	malicious	Mirai	Browse	112.109.179.128
	8tGqHMzByM.elf	Get hash	malicious	Mirai	Browse	153.4.223.223
	GU7Uk4pAQw.elf	Get hash	malicious	Unknown	Browse	113.236.231.25
	l5EsscvvPL.elf	Get hash	malicious	Mirai	Browse	116.151.46.55
TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	92.249.48.47-skid.mips-2024-07-20T09_04_16.elf	Get hash	malicious	Mirai, Moobot	Browse	124.157.152.29
	http://mj-api.kun-ai.com/	Get hash	malicious	Unknown	Browse	119.28.115.29
	https://www.cognitoforms.com/EngendaGroupLimited/EngendaGroupLimited	Get hash	malicious	HTMLPhisher	Browse	49.51.78.226
	TWzzHuqCOF.elf	Get hash	malicious	Mirai	Browse	124.157.170.122
	lets-test.msi	Get hash	malicious	Unknown	Browse	103.7.30.83
	https://www.cognitoforms.com/EngendaGroupLimited/EngendaGroupLimited	Get hash	malicious	HTMLPhisher	Browse	49.51.78.226
	Fatura20240617.exe	Get hash	malicious	FormBook	Browse	124.156.166.165
	NEW RFQ - Viasat LSDR.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	124.156.237.71
	REV-New Order 20240717.pif.exe	Get hash	malicious	Remcos	Browse	170.106.47.94
	yHIoCL9LQV.elf	Get hash	malicious	Mirai	Browse	170.106.89.57
TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	92.249.48.47-skid.mips-2024-07-20T09_04_16.elf	Get hash	malicious	Mirai, Moobot	Browse	124.157.152.29
	http://mj-api.kun-ai.com/	Get hash	malicious	Unknown	Browse	119.28.115.29
	https://www.cognitoforms.com/EngendaGroupLimited/EngendaGroupLimited	Get hash	malicious	HTMLPhisher	Browse	49.51.78.226
	TWzzHuqCOF.elf	Get hash	malicious	Mirai	Browse	124.157.170.122
	lets-test.msi	Get hash	malicious	Unknown	Browse	103.7.30.83
	https://www.cognitoforms.com/EngendaGroupLimited/EngendaGroupLimited	Get hash	malicious	HTMLPhisher	Browse	49.51.78.226
	Fatura20240617.exe	Get hash	malicious	FormBook	Browse	124.156.166.165
	NEW RFQ - Viasat LSDR.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	124.156.237.71
	REV-New Order 20240717.pif.exe	Get hash	malicious	Remcos	Browse	170.106.47.94
	yHIoCL9LQV.elf	Get hash	malicious	Mirai	Browse	170.106.89.57
TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	92.249.48.47-skid.mips-2024-07-20T09_04_16.elf	Get hash	malicious	Mirai, Moobot	Browse	124.157.152.29
	http://mj-api.kun-ai.com/	Get hash	malicious	Unknown	Browse	119.28.115.29
	https://www.cognitoforms.com/EngendaGroupLimited/EngendaGroupLimited	Get hash	malicious	HTMLPhisher	Browse	49.51.78.226
	TWzzHuqCOF.elf	Get hash	malicious	Mirai	Browse	124.157.170.122
	lets-test.msi	Get hash	malicious	Unknown	Browse	103.7.30.83
	https://www.cognitoforms.com/EngendaGroupLimited/EngendaGroupLimited	Get hash	malicious	HTMLPhisher	Browse	49.51.78.226
	Fatura20240617.exe	Get hash	malicious	FormBook	Browse	124.156.166.165
	NEW RFQ - Viasat LSDR.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	124.156.237.71
	REV-New Order 20240717.pif.exe	Get hash	malicious	Remcos	Browse	170.106.47.94
	yHIoCL9LQV.elf	Get hash	malicious	Mirai	Browse	170.106.89.57
LILLY-ASUS	92.249.48.47-skid.mips-2024-07-20T09_04_16.elf	Get hash	malicious	Mirai, Moobot	Browse	43.16.140.105
	kz7iLmqRuq.exe	Get hash	malicious	Quasar	Browse	43.153.99.33
	http://icioud-ios.com/	Get hash	malicious	Unknown	Browse	43.134.58.153
	TWzzHuqCOF.elf	Get hash	malicious	Mirai	Browse	42.130.115.82
	LRMAuF4TbF.elf	Get hash	malicious	Mirai	Browse	43.118.46.88
	8tGqHMzByM.elf	Get hash	malicious	Mirai	Browse	43.32.221.135
	l5EsscvvPL.elf	Get hash	malicious	Mirai	Browse	43.85.16.33
	MCiOZ89mRZ.elf	Get hash	malicious	Mirai	Browse	40.253.158.24
	http://www.fotoschuppen.net/	Get hash	malicious	Unknown	Browse	43.175.135.229
	ToDeskApp_HYI.x64.msi	Get hash	malicious	Unknown	Browse	43.152.26.142

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	https://en-bridge-iotrezor.github.io/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://togisi-mubkm5ptpncdtkm5ptpncdt.narymar.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://pub-6d4ffd18b60b47739e1d6be3b9e5e9d4.r2.dev/auth_response.html?folder=anzlbqtvi6&module=	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://pagereviewer-no13569745.io.vn/	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://web-whatsapp-kf.work/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://jkhjhjki.weebly.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://cd9688-law-library-cd9688z21.netlify.app/form.html	Get hash	malicious	Unknown	Browse	23.1.237.91
	http://disbursement-ftxltd.com/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://jg28w.shop/	Get hash	malicious	Unknown	Browse	23.1.237.91
	https://web-metamask--crome.gitbook.io/	Get hash	malicious	Unknown	Browse	23.1.237.91
28a2c9bd18a11de089ef85a160da29e4	SecuriteInfo.com.Trojan.KillProc2.23303.5664.10362.exe	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	file.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	184.28.90.27 20.114.59.183
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	184.28.90.27 20.114.59.183
	https://uitp5vcr.paperform.co/	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	184.28.90.27 20.114.59.183
	https://en-bridge-iotrezor.github.io/	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	https://candid-dolphin-01tk1111-cd9f5b.netlify.app/form.html	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	https://juga.be/nieuwsinfo	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	https://togisi-mubkm5ptpncdtkm5ptpncdt.narymar.com/	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
	http://mj-api.kun-ai.com/	Get hash	malicious	Unknown	Browse	184.28.90.27 20.114.59.183
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	setup.exe	Get hash	malicious	Babuk, Djvu	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	setup.exe	Get hash	malicious	Babuk, Djvu	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	setup.exe	Get hash	malicious	Babuk, Djvu	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	setup.exe	Get hash	malicious	Babuk, Djvu	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	setup.exe	Get hash	malicious	Babuk, Djvu	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	setup.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, Quasar, RedLine	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	9YDEsXvk5V.exe	Get hash	malicious	Vidar	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	43.135.106.65 129.226.107.134 129.226.103.162 123.6.105.199 157.255.220.168 203.205.136.80

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	data
Category:	dropped
Size (bytes):	49120
Entropy (8bit):	0.0017331682157558962
Encrypted:	false
SSDEEP:	3:Ztt:T
MD5:	0392ADA071EB68355BED625D8F9695F3
SHA1:	777253141235B6C6AC92E17E297A1482E82252CC
SHA-256:	B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
SHA-512:	EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\TCaptcha[1].js

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	91558
Entropy (8bit):	5.574252291333137
Encrypted:	false
SSDEEP:	1536:G6TKPJaRjFexcYMs2Dozqh1KISgSLTKqlK51OumBW/MNfH4OYg32iGSzeljx08l:HSxcYMs2Dozqh1KISgSfOOBBW/wYD8C
MD5:	BB5AF5C29DB38CA7E2273D98882BA7FB
SHA1:	9B60C3B6414286E6550BB4D530D17709A72D5B4C
SHA-256:	2336887FCA3D5431E5BE6EB89DB75A3F9FD8E44EA8D3DB53E5BDD03BC840A7B1
SHA-512:	983467D1D6401FE7553A0914682ABB6117BA969488C65B300552728ECE5A17957326BDE6F2401E722EF26F23AE3E2BB16C44086063BDBE2D07A13044571762BE
Malicious:	false
Reputation:	low
Preview:	!function(e){var t={};function i(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{__esModule: undefined}};return e[r].call(n.exports,n,n.exports,i),n.l=!0,n.exports}i.m=e,i.c=t,i.d=function(e,t,r){i.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(i.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)i.d(r,n,function(t){return e[t]}.bind(null,n));return r},i.n=function(e){var t=e&&e.__esModule?function(){return e["default"]}:function(){return e};return i.d(t,"a",t),t},i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.p="",i(i.s=21)}([function(e,t,i){"use strict";var r=this&&this.__createBinding\|\|

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\c_login_2[1].js

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65304), with no line terminators
Category:	dropped
Size (bytes):	217912
Entropy (8bit):	5.568370736901113
Encrypted:	false
SSDEEP:	3072:Rd0cfE25AFmqhkmYQI+m0RNmxjRX0rujfHzFfHuLzeIY:v0l2SIqCv+m0FEfHzFfHczO
MD5:	6FCB24D509E189AC5D3E9CBE21222478
SHA1:	F3FA75FC9DC2DA5C2559413E41B696D483E92CA4
SHA-256:	A8B9DCBF1AF8943A54C7B0A8AF1AE4537A3B450271A7148F49200017102D56EB
SHA-512:	16A975543FB5E3D8C811AF98C83B3A1755F6ED6117398F915540FDC95FBF46DFD54222CD03DBC84330CC0E00CAD5E84157DBA5B15EF8AA84C12A14873D28A105
Malicious:	false
Reputation:	low
Preview:	!function(n){var o={};function i(t){if(o[t])return o[t].exports;var e=o[t]={"i":t,"l":!1,"exports":{}};return n[t].call(e.exports,e,e.exports,i),e.l=!0,e.exports}i.m=n,i.c=o,i.d=function(t,e,n){i.o(t,e)\|\|Object.defineProperty(t,e,{"enumerable":!0,"get":n})},i.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{"value":"Module"}),Object.defineProperty(t,"__esModule",{"value":!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{"enumerable":!0,"value":e}),2&t&&"string"!=typeof e)for(var o in e)i.d(n,o,function(t){return e[t]}.bind(null,o));return n},i.n=function(t){var e=t&&t.__esModule?function(){return t["default"]}:function(){return t};return i.d(e,"a",e),e},i.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},i.p="",i(i.s=51)}([function(t,e){var n=function(){return this}();try{n=n\|\|new Functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\theme_0[1].css

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	121
Entropy (8bit):	4.791827288303831
Encrypted:	false
SSDEEP:	3:IEGOcFSKP0+qMx3EXFOgJZfMW3QwiNmgEPxgJOL0S8ZJsw:IEGOqR0m3erfnoN01z8fsw
MD5:	410E0D065899B7A313A1B47FE1D4BB9F
SHA1:	8C0804B2AE903D7D911F81D08D1400E32D843713
SHA-256:	B13B979BB0B43E121E91C95174C7A6A08DA54F87A243C096DEC1461557A30BBF
SHA-512:	E998F720DB8E41EB2A550A853BAD2457151D98C94B08D11990D1EFC50A8D5AE44A8F693996412B3E178CC4614AB7B7137A83DC3FCB13A8239D150074EACBA029
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	body{background-color:#FFF}.qlogin .face .nick,.qlogin_list .return{width:100%}.qlogin .qr_1 .qr_invalid_tips{color:#FFF}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\007[1].json

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.4594911601991534
Encrypted:	false
SSDEEP:	3:YGKAAuW9:YGKALO
MD5:	5219356778325FA5F324031D0378806B
SHA1:	7BF98207062E481928DC757BCBADECA699BE47FF
SHA-256:	DBD237496257D386DD7F9D97D870774D06F1FE2D02373460A509185732F07591
SHA-512:	D9F376CEF40F40CB2A96899B801E795AA42925A6BF5472837D7DD48AE727E430144E742F1E952C9464F1B3E7CBE55B775AB7D58DB6B585C5CE597E19DACD37FF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"code":0,"msg":"success"}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\go_right_ie[1].png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	PNG image data, 12 x 21, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	494
Entropy (8bit):	7.384574933171422
Encrypted:	false
SSDEEP:	12:6v/7g8RGYrqXRdWytGkxNtXLsEUi5xTspDsFGZTfK5/a1:GXGXz2WwEUi5xTspvZTe/g
MD5:	FAA4ACEC8888ECC3F7517CDF0B58530C
SHA1:	1868F32BC2EEFCAA2C3D7D132E6BCCD0CE6C5B5C
SHA-256:	9D7FC34725B5721E6B9C98465AF5C0BC2BE111DEF1297DBD9D8B39C2D55B9750
SHA-512:	3FA4DAAC9516A69401A0C4E138CF8E3C6AF84D0119F224BFB92019C1E7B822F03E552995AED82E738679863E6A796AEA9871A12E19EFB3EEFBE7B51C9ACA7B45
Malicious:	false
Preview:	.PNG........IHDR.............r.......sRGB.........IDAT8O..Ak.A...ow..C......6..C....A.I.Y.......;....=4m....Phi/-.7.%..6:.fqC..............AplY...._.'=.BT..5.s":r].w".....R.O...\....j?.Ad.N..(..\|...p.8.j..}.......=.qN..\..2.fw.....n.a:.~.........m.....R.......MlYV.^....{@,H)..(.Xk]...&.P...._.p.L.L...GD.uO...I.R~..Tk}...R..D.....F.Q...zPJq.....Sj..V6.......r.7.0....ahL..VJ.<....d2I/.....wi:......x[...s...m.V).c.f..{...E........a....V.U..h.J.8#..VJ.\|....l.kC..E~.9.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\logo[1].png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	PNG image data, 12 x 13, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1190
Entropy (8bit):	6.3211509477290635
Encrypted:	false
SSDEEP:	24:lq1hfvWwjx82lY2T3JVrK3aTEyJ3VryvudGhfC30sc:iANn2NI3U3J382dC1
MD5:	EF8CE42602EAAE0DC7AA5C4685608AB2
SHA1:	0107D051C7013FB305E8B15FF1C7E5DC7791F54F
SHA-256:	B1622211265E90B44352AF19B79769110166A39C7AC95877C534644A9992B500
SHA-512:	7BFA66FE0596504876735EC1A17B28EE11EFBB67CD37228C128610F1440D61B941DE70893AB43D1BB6C2524B4E662E159BB5C45B756568C59F38F08461F51850
Malicious:	false
Preview:	.PNG........IHDR................p....gAMA......a.....sRGB........&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:845AFFF90FB411E792B09BE08095878B" xmpMM:DocumentID="xmp.did:845AFFFA0FB411E792B09BE08095878B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:845AFFF70FB411E792B09BE08095878B" stRef:documentID="xmp.did:845AFFF80FB411E792B09BE08095878B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>hq.%....tEXtSoftware.Adobe ImageReadyq.e<...QPLTELiq.r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\c_login_2[1].js

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65304), with no line terminators
Category:	dropped
Size (bytes):	217912
Entropy (8bit):	5.568370736901113
Encrypted:	false
SSDEEP:	3072:Rd0cfE25AFmqhkmYQI+m0RNmxjRX0rujfHzFfHuLzeIY:v0l2SIqCv+m0FEfHzFfHczO
MD5:	6FCB24D509E189AC5D3E9CBE21222478
SHA1:	F3FA75FC9DC2DA5C2559413E41B696D483E92CA4
SHA-256:	A8B9DCBF1AF8943A54C7B0A8AF1AE4537A3B450271A7148F49200017102D56EB
SHA-512:	16A975543FB5E3D8C811AF98C83B3A1755F6ED6117398F915540FDC95FBF46DFD54222CD03DBC84330CC0E00CAD5E84157DBA5B15EF8AA84C12A14873D28A105
Malicious:	false
Preview:	!function(n){var o={};function i(t){if(o[t])return o[t].exports;var e=o[t]={"i":t,"l":!1,"exports":{}};return n[t].call(e.exports,e,e.exports,i),e.l=!0,e.exports}i.m=n,i.c=o,i.d=function(t,e,n){i.o(t,e)\|\|Object.defineProperty(t,e,{"enumerable":!0,"get":n})},i.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{"value":"Module"}),Object.defineProperty(t,"__esModule",{"value":!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{"enumerable":!0,"value":e}),2&t&&"string"!=typeof e)for(var o in e)i.d(n,o,function(t){return e[t]}.bind(null,o));return n},i.n=function(t){var e=t&&t.__esModule?function(){return t["default"]}:function(){return t};return i.d(e,"a",e),e},i.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},i.p="",i(i.s=51)}([function(t,e){var n=function(){return this}();try{n=n\|\|new Functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\icon_3_tiny[1].png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	PNG image data, 274 x 697, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10711
Entropy (8bit):	7.940933220251439
Encrypted:	false
SSDEEP:	192:eU5yTVfJD9XJY5FFeGyIyRN435n4rewsx/Th9MoPSpL5dx49DcOgfuM6IUL:eU5uf5lJCeZtjk54r4MM9DMmM9K
MD5:	2F50636FEF990151C4A5807394F1EE3B
SHA1:	7302F501BF0ABB4EECCFB7CB9EFC09ABB18C3C9A
SHA-256:	18CAA5D351B724B183BA41CBC8076F6A86D972DF2281A0532861C9DD509E335C
SHA-512:	51534DBDD010145AC88499882CD3BFFF4A28C0B3E3AF1294DA921D51D2E654F112C8DA45B1B287B9B92CD3CFAB81060D25F96054C7073C1FE3BFCFA72EC63801
Malicious:	false
Preview:	.PNG........IHDR.............D.Q.....PLTE....................r..q..r....................342JOE.......-......&..$.....%..&.\|.........Y........$..$..+..+.....%..%..'.................$...................................................W........................e............/n.%..../l.$.....................}../..}../...<..u.)u.).....[..B.................................t.(...x.)}.+......!.(.................-.. ../..................r....#n.....k...........A.....Z....#..!u..w..{..~....%...................................}../........%..........B%"-......"z....0....A.#..........6....&....9:I......12AN....%..............................BDW.....b.....z....Njlp..............3...= ....TV`........;5.....R3 .=...S.qri.....wP.z\|.......C,.tr...9....J..g..s....:'.\|..TH...i.sEJ.........ltRNS.n2I..,.2.....&.......)....}..C.'#..WA<l`6..iO.L..v.=RV....^....3.......3.....SVX.dqT.~........H..........&.IDATx...j"Q...0.h5..4.$w.:..$..I#.H!.$.n`....*..^Q..6{..h>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\load[1].gif

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	GIF image data, version 89a, 16 x 16
Category:	dropped
Size (bytes):	771
Entropy (8bit):	6.908939349525579
Encrypted:	false
SSDEEP:	12:oNSSQDR1Nws0pFItTuuG+IaFTDbjj9X194LVhGSuqyM3N/Y4cv4ZimsDjnUA/lU:Xj+fbBuzFj3aL3GyJa0im6jUA/e
MD5:	00EF871B291BC03A497D608A5BD8EC99
SHA1:	942D8FE092C1C473AF19906751C2BEE5322A9B55
SHA-256:	81A161D5793AC2A33F02DDCD64FB0DC2D028616DAC084E4F64E77F4898B0C4E4
SHA-512:	659AA4AC73230A847E7D836D486EE04289D73B3D3E7000A9A3333F6E40804D0CCB57DBACD999C0DBB730D5566520B27A0068A94D6087EA52F6A65E36B308190D
Malicious:	false
Preview:	GIF89a.....................................wul..y............!..NETSCAPE2.0.....!.......,..........O......{....Y.`....I.D8..+S....(.......D..(.I~.. .H`...Z.f....k.N..q..;'.L..!.......,..........N.......{..@.1....Q]AiN.:..)S.T..,.......b....$?...Q(0.).j.f....{....n.-~N...!.......,..........M........,Eeu.....%5..E...f3. .....g(..<...L...D".X`.RJ.J.N..........9..=..!.......,..........N...J..Z.'B. ..q`.....P)8./,S&.$.$......y....D...."..`.R.ak.b.........m..^S...!.......,..........M......Z.gJ.....}.H..I...b$.(.t..}.....~9..@Y,2.........i00......\|.....t;..!.......,..........M...R..Z..R.. ..}.H..I.l...t.P0....B....v>.CG1.2...i.P...J.0.R-.....J....t;..!.......,..........M.....Z..Z..$..}.H..I.l...at..0........8..B d..L.I.B)...q80...&..t.....3..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\error_icon_ie[1].png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	394
Entropy (8bit):	7.301522958007915
Encrypted:	false
SSDEEP:	6:6v/lhPkRbBmD5aCr5Id+0YY5dTjhaH9FxOMbeejs8nicCixSxNCpaHChy2DJ0wJ7:6v/78bBmNaCG80YY5MSMbB6fWFYRS1
MD5:	DD6F19337DD5A7EC79FB3566167D3100
SHA1:	0A0FFEC10882C686F03C594CE437E5ADBAE0A554
SHA-256:	05B314C7B31AFBA08F06B4D639D48C29B156748771A5DB3CDD3D732BBD63107F
SHA-512:	A9E8B43B9A3516FABAD3AE97516A294D8323C9BA2F98E2356EC860F96BF494B99CB39C571943897685E9068A0CE6D2BC945782145EF574912DEFD61B06C4437E
Malicious:	false
Preview:	.PNG........IHDR................a....sRGB........DIDAT8O..=K.A........T.O..+........`..RllR.q...X[.]..."...!x..d.^.......<3/..0v4..H..y`~........K.D~..+... ..#w..F...~.....8.. ...G....>...K....Z5..mYte#..>;.>^...{..,......rf..1...$.R4_...h...A. ......H....p.8..M..k..V...%.~.....8s/..v.$.6.Z..u.........Tl"2...F".vX.....Q....k.:..b..,S\|...{3UDs ...-..t.....czT.nx.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\go_left_ie[1].png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	PNG image data, 12 x 21, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	488
Entropy (8bit):	7.40655677793515
Encrypted:	false
SSDEEP:	12:6v/7g8RGs+uiaXCiwDSxE3ky42zR9OgFob9gpgC7YtQ6ZS0+:GpXCiRaj42zMJgOxQ6S0+
MD5:	DC7FD3BB66140C9FB9312C190BEFEACD
SHA1:	41BD64F34ADA65BD6D25D92FB7DF10B3563E1E16
SHA-256:	93B531A7192FB8B7997B4756658B230A549357C76BF9E7DF5EAFECE127473E27
SHA-512:	5E85EFB45C5F10A2D0EB356662AA71341BD392CB54887408D9D521095C4EF71836BABA8B4BD0364F09BDD994D5B5C90FAB03383B69E96A623C90FA03C8C1A199
Malicious:	false
Preview:	.PNG........IHDR.............r.......sRGB.........IDAT8O.S.j.A.=wv. .q.&....!.......QX...@.F...U..b53+.7.q.H!08..Q....H@.D$.......Z)S.{.s.y..xB.e.....y.J.U._...p...<o.....+...3..f..h4..X.p=...J...H@....Z..x......+....?...6......a.X......y.1.K..<..>...?........x<>...N'.n.G.Y....'Dt.4.8..g.MJ).c..c.....!).......s.>OH.Bp...."..\.....!\AJyDDS.z..q.Z.G.....{.........H...s....A&..D..]..m.&.R2.\|.N..#...j...8~.&n...9....z...,..<0.v.&.u.7.m_...G.X..S(.....A..+v....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\icon_24_c_3[1].png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	PNG image data, 274 x 355, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	9532
Entropy (8bit):	7.939964694799824
Encrypted:	false
SSDEEP:	192:xaPqSCzK2Wbfz+zqsQSgENNolXBIYPBXybhFl9kO5glXTewb3Yi4wkitNlC:+2u2QrgqsdjmXB95ybhPJgBCwb3awtNk
MD5:	4FF0D1008075A82E9A030B7F2F8927C0
SHA1:	B9C634F9D35C7735CF5798225952ABC646BEA8B4
SHA-256:	57DE6C0087C6E8FF15C2AD6205E85A7751D959B11F28D93B65B08798B96D538B
SHA-512:	366571FD880B245174E06E51B52993E763E2E2F29189D1C31642D5B21D681DBFA0FC4392DA49F732BCE0C83DAF9C5B6385408A0E0EECDA536E8C06B817489D58
Malicious:	false
Preview:	.PNG........IHDR.......c......tu....PLTE..............,.....m.&<................3...........g.".!.,...l.$........u.........\...............x}~~..!...Z.....................................................&..(..'..$..%..'.....$..'.."..".."..$..$.\|...0..2.............&..%.02-....#.01,.,.m..........................v..q..q................n.&..m..B-.gd..{.....bb....6..L7...u.a<".?8....~~.,..d..P...{T..(.i..ggj..A."?..lot.>...B..S.....UT^.......................BET.........79O..............N.......(.........67B."..&.--;.......... ..........'&1......A..Cu.(l....".."...\|....0s.(.."........./..}........................".,..%../j.....v.)m..../..#..!.. ~..r..p..u.)...!.)".%A..Z............................#~.,z..v..\|.+.....-..-.........z.*.........x.)..........................?)...ftRNS.o.`M......k.....4..@..[.K..U.q......-_..4.I..%z.`.=v4.[@L6.lVF.`...%....#...}.......&.oI.,...2..\.H...!.IDATx...oP.g..q.9.....?...0...LJ.@.r..Q...`.4$.7.8s....w8}...32.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\onekey_tips[1].png

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	PNG image data, 160 x 198, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4223
Entropy (8bit):	7.929446654983989
Encrypted:	false
SSDEEP:	96:XP6gxN98qtR+0Nv8yyYmnxUZkz4eqP5I8ri+iJ/sUDJbRbkaXwWCmnAgE5o:/6gFW0NvWx4DPVnFUDn9CmnAgE5o
MD5:	532842B0C8F56610E2A777DEB0FC29CE
SHA1:	E7DF1F837924EB3104E51BFBAB139EA1457C8E20
SHA-256:	AECB41E092444F6DDF215740E6E147C5C442D3CD766DF6644112708308CE84A5
SHA-512:	9ACED847C666BCF02DFD2515D4D4BE3A54BF0938F46DDF701093B948020F3F218A36AC443EA589BDA62E6D1258CA54A7A036110B78E7AF08696DBA241D4879F5
Malicious:	false
Preview:	.PNG........IHDR.............b.{X....gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq......YYY........................................~~~................................................r.............T.....:.............G..............f......!........dZR...]........UKB......wmg1..@....o..=7-.V>.udK.s..P.S!Hk.M......tRNS...Q.&G0...m.L.....'.......IDATx...[.....S...`6.....I.....8.B.........-...{.C"............m.\|x..l..nTd..[..O...3?5....A....6.{..[{U...e...}..i..e..G.T@.c....e..U.$o.V...:.,..,.{.j.vXb..4.l..H.$%.~...>...Vak..1@......=.5.o..*^.....~.^..n...+.Vk>...h...t.C..p$.....g..^h;N8...i..C.x{/.B..^...I<...<....5O.<x.9..,k.[..:........a'l[v..{S..a..j.lx.I-.....C.U......`.A....-....)..m..?-......V7......`...<x2..i..z2.z=.Y?E.-.$.....P]..ek.e&..~?i.<.].!.@;...v.^.8.........v.t.....!/q!d....+m..`...... 8..v.]..Ym/L..x.eu:].c. @..%..!.;..>.]..=P......0...j^.z..?!..k..y.U.U.xV.U..gyV....fk.5...5..p...\....k

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\xlogin[1].htm

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (46950), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	102521
Entropy (8bit):	5.63621070362194
Encrypted:	false
SSDEEP:	768:swymCL1KHPUvgs5KkHHfHwFaMV0U2KVuL2YYvXl6tZGf9+tUmAu/vYje615oss4Z:3C2kiofH6mhSl6XIEjAeq04kudJzp
MD5:	03B0D9D14A5124653A3E97A535D5A0EB
SHA1:	C99D5B9482586C65CE40137559DF557B047EBAB9
SHA-256:	CFCF9EB2BA8CF0F6EE7D9476D24DFDB4CA499EB4AE97C0C8D2CEEC134A788185
SHA-512:	5B05048C28B600D446FC07B7125C9B16FEE57EBFF0559CFCB3160EE8C09D9C881AADB1ACB31EDAB2A0FE00F2FDB4432A49C65D8989B1353447AAE1AA0D9D614F
Malicious:	false
Preview:	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"> [if IE]>.<script type="text/javascript">. window.Aegis = null;// ....</script>.<![endif]--> [if !(IE)]> ><script>if(void 0===Set\|\|"function"!=typeof Set.prototype.keys)var Set=function(){"use strict";var t={"[object Array]":!0,"[object Arguments]":!0,"[object HTMLCollection]":!0,"[object NodeList]":!0},e=Object.prototype.hasOwnProperty,n=Object.prototype.toString;function r(t,n){return e.call(t,n)}var i=Object.defineProperty&&Object.defineProperties;function o(t,e,n,r,o){i?Object.defineProperty(t,e,{enumerable:r,configurable:!1,writable:o,value:n}):t[e]=n}var a=!1;function u(t,e){a=!0,t.size=e,a=!1}function s(e){var r,u,s=0;if(o(this,"baseType","Set",!1,!1),o(this,"_data",{},!1,!0),i?Object.defineProperty(this,"size",{enumerable:!0,c

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jul 20 06:21:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9799498119097847
Encrypted:	false
SSDEEP:	48:8TdJjTRVYfHIidAKZdA19ehwiZUklqehRdy+3:8z77wdy
MD5:	235E1ECA08C2EB9FE86543D4A3E45F30
SHA1:	C57D8B86F0F9D98D6F240BBE3F74A45070C3C422
SHA-256:	0275C560475E89A13BC2FC651E2E7FEF59A7D71A77FADB5C11A023244C4F71C8
SHA-512:	8A2EC91B6D03225C3BC5ACEE06066C3C013F5242F75FB98BF1439AD93C892474646906784D39779C3C8859B7300E5D80035283C3854FC8DD26082F085C4931BF
Malicious:	false
Preview:	L..................F.@.. ...$+.,......Cnu...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jul 20 06:21:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.995783795222544
Encrypted:	false
SSDEEP:	48:8IdJjTRVYfHIidAKZdA1weh/iZUkAQkqehgdy+2:8y7J9Q/dy
MD5:	52716D32C80A8643C3FBD75450CD1AAC
SHA1:	B4F67CE9339812A23197535A12A096C5672956FC
SHA-256:	29FFA90371028236F6494B374DD1F2ADE74935C08B5110B5C80E494ECED56F10
SHA-512:	20D0A5474068678E80D562F3B9D29FC2A0352ED298817EC1C426369C6CC402C710FF74B249E953258282519426EFD1CCCC51713E73CD6CFD3ADB615C0398F3B0
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....[.nu...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.008652717566082
Encrypted:	false
SSDEEP:	48:8xudJjTRVsHIidAKZdA14tseh7sFiZUkmgqeh7sGdy+BX:8xs7tncdy
MD5:	857CFAE1CE7B88EB289483DBF4ADA3F1
SHA1:	208406C07953E7554780421F155FF7828EEA5468
SHA-256:	A7342D08805D96265715B04E057D48DD692D98413362DE73742290CCDCCA8E9F
SHA-512:	26BDA070229F1A0BD81CEDAD3556B73B9788974233E45C94765D9BEBA06252A6BBB69EBB55604E3CDF4D006A7CFFFD7BB3F98982ECCAE5FBF45A191DBBE38954
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jul 20 06:21:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.997546452190542
Encrypted:	false
SSDEEP:	48:8HdJjTRVYfHIidAKZdA1vehDiZUkwqehEdy+R:8X7Kudy
MD5:	FD7D9C108E5C65CD2605EACF187F44A6
SHA1:	3BB28A3CAF61D9D6F24AC3822D0C761F26465C95
SHA-256:	CD7065AEF75CF020118BD3F90B54F12DF49B53EBCF166130BBF3C3DC4A89AFC4
SHA-512:	94B233C8ED825E323354D7641BE44E621B2CD572A8F51DF84C7196D4161FC02780B4EBA5FBFC2DE83A90653E4AABCBB79E29CB839B52D44E10DF58F85DCD60BC
Malicious:	false
Preview:	L..................F.@.. ...$+.,......#nu...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jul 20 06:21:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.982981917931987
Encrypted:	false
SSDEEP:	48:8dQdJjTRVYfHIidAKZdA1hehBiZUk1W1qehCdy+C:8da7q9idy
MD5:	897DF552FE476806686A3C15882E40E2
SHA1:	2673CB80F4BE919ACA580BA898A9B062A153C782
SHA-256:	1EF69A3672823452BD2C2DA4B768480EA7EBF3212C1D19847945AF39C8DA8327
SHA-512:	82FA6251B0C2385C566025FE58B1975C8C7E07FF6E6189FC8A5CDAD8E2D1910BA64CEEB626BDE45DCD19A4B1693E4A71431582641780E6EC2924931ED2100F0D
Malicious:	false
Preview:	L..................F.@.. ...$+.,......8nu...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jul 20 06:21:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9969087765314777
Encrypted:	false
SSDEEP:	48:8PdJjTRVYfHIidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbcdy+yT+:8/70T/TbxWOvTbcdy7T
MD5:	6D433EF09BE2105933B5C7BDB6675F3B
SHA1:	CB796D8D61F5D10FF07375ECFDB064B0CFEBC2BF
SHA-256:	F7F055352C6ABB964723C99999C8B95E773D58E315816176B310C6D7DFDD761B
SHA-512:	4CF481AA6B7ABAF2BF1E522841C6CBBC5F0B1D72B89C15A1F7C4B8BD3309B0EAB14096D941D910AF0A9B9855CC1F34ADC245DA799516CCAD39F25ECBF58CC313
Malicious:	false
Preview:	L..................F.@.. ...$+.,.......nu...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X.:....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 245

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 644 x 1394, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	500143
Entropy (8bit):	7.997463471995346
Encrypted:	true
SSDEEP:	12288:wM/RXIaQptkpRnquUoIGaezl75XXt/cBNVPBwaR:wOIqHQVC7pXtUdZL
MD5:	C99A57EDF453AD280BE2101ADFF1A8F4
SHA1:	550A742C9D7856DB62CFCCDECB43DCACE7D758EB
SHA-256:	87ADA15169D408E2AC3F82E6AA8B5C337398AFDBC6619E8409B40C2CA17CFD46
SHA-512:	F148866610B2BCFA805544AE9EA2E54B0DD3323AA89DBD913AB4019B5862564A6C2159ED464BDB7B6A454134A407B39543A905331E55806AA884282950D9DCED
Malicious:	false
Preview:	.PNG........IHDR.......r.............pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6....IDATx.....q..U.{8.=...^.G$-Yj[.....@`:@.\|J.@.....?.+..B.....5...r.... n.K.D..).(..)J.(...w<.a...[....U....P"iu?...>.Z5W.Z..0.....g..;DG....6..i7...).\|............f....G.........SA.}..s....v.....o..d_...J.......t.....1]....;j.I......R`._'y\|F...6..~...4T.(.37...W.mL..gM:......j...U..<.o\|...C.S..N..3............/r....../..P2.;....E+.t\|..g....1..<.^........j.......<..G....y..I.......?..!..~.{.....z...e..e...[..e..v'E......_/6y.pe.E..7.^.@..I....5m...W:...+....m...5.[A...\.z.]..W^-';.....t......B..)]....{...5.z....L..Z..s.....9.../.].7.WNK......

Chrome Cache Entry: 246

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.918619934259333
Encrypted:	false
SSDEEP:	24576:llDFHtmQPjafXKPONEhKHdhf5tQseClu/Zp6qnUaFfkfX:llZtmQPufaE9Hdr2Zp6qnUaEX
MD5:	DC39A44C0E9F9FF34A35E509208A70B3
SHA1:	64C40AEF34DF78C7C1B225DF93D0BC8FE7EDF128
SHA-256:	A6668698513BEB633EE40060FB6F3022C94F00B60BB33E39254EF818383173FA
SHA-512:	7B9C1E9F11D31B59FA361D1EAF77B52D5DA17B0D409CE9B0E4A42C789FE2DBBC6B836F61BD43E3DCB30856E06A6197FC6D0227F3E106764FEAB8D721CFC1A9F6
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:0
Preview:	... ftypisom....isomiso2avc1mp41....moov...lmvhd..................V.................................................@.................................~.trak...\tkhd......................V.................................................@........8.....$edts....elst..........V...........~Wmdia... mdhd..............a..!vhU......-hdlr........vide............VideoHandler...~.minf....vmhd...............$dinf....dref............url ......}.stbl....stsd............avc1...........................8.H...H...............................................8avcC.d.2....gd.2.r.......j...............Q0...h.9DHD....stts....................stss.......&.......-...............(...E..._........... ...^...................,...P........... ...............7...d...................*..._...............>..........7.ctts......................N ......'................................................................p......................................................'...............................................N .

Chrome Cache Entry: 247

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	64092
Entropy (8bit):	7.992531468178547
Encrypted:	true
SSDEEP:	768:w6rLtcso3GkXCmVetR7ZqN1wKLNoYzHVZswwOZdHT1XiNU2K8SkAwUhpkX+U58NW:w6ra72kXCMXfNHsw/ZdHTE68SkTMEeJ4
MD5:	B3F8BAC78A4FBF8CA55EA0759B0D7ADD
SHA1:	3BB60C748E6F6D31E2E98D65F2ACCC2CDC27D5FF
SHA-256:	D105E7F68E5ADC11E3A7CB7C93355FAB28BCFB9AFDEB7FC3B730684633AC9701
SHA-512:	7E1FC67B286F47931DEAD8170071A6AEDAB531D05F802F189339845A1911280EBFBB6A44E4AF85EDB577A110BB9E68D2260D73E71994A37B85B0F482EA1DE11B
Malicious:	false
Preview:	.PNG........IHDR.............F..?....PLTE.;)4/.9..TS:W]Alt`WaG#..YV>....~:H>2PJBP6=D..24.!..".....#..... .."".............& .%&....%#....!,....#.......%0.......%%.(+....(.!(....+$.........,:&f8.+3!.'. "..(.NXDOX;$>.hs_(6YnV...+<2cmX/8,S]=./.....$/%VV@.0!FC&67.+C53+.];.51.Y7.35$....7r^u\...@? .4f5&.S=. 7)6PH<..11.;K@5?4...$6#3?,>7.QQ>=D)WX8l5.bug3..Y_@...DJ)qud...QU3`mNV\I\ePPbCj{g6="..../YMM7^fY...irT"=.-K=`m`t:.YP9%C:Vl`MH-. %K9.iz\<:(hgQ...e?.nl[2C=b}pUve7I6(..\|..nzoy5..<}18.TK3H\JYfF_5.FU=a~dCE5~..+MG`W@zxf<WOEO4vwX:<..+LPmY...ScZDPGQgMp.t)5}s.dYB..#0cbF-C,.%>/TQ......(A.q-_GA.q@.F`VGmd\|.q,(.<..I;#}1m...D5.i/y... 75p\|.x..y..e.\|Rzs.\|eb..x251P.......<c....i..\|.m......s..7`]f...5Pj,K...\|...[~.TP....vw.B]....bg.6R..GxXs...kIg.Nr......~l.....~oY...........u.........P$!G(Xc..5#6............tRNS$....``...`._...{.}.....IDATx..Mh#e......i.&...r.,Y. .N......a...!....c..He...`..CRbh6..f.!.[v..E.."......_......X.((.?3..v.l..7..#{.Cg......T..{.^......j.W..\|.A..N..[..

Chrome Cache Entry: 248

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	53795
Entropy (8bit):	7.974223305065804
Encrypted:	false
SSDEEP:	1536:WCCly8m2oGlDoCk89ALyWWN6/d2Ru3t1c:WLly8m7CbmyWZgRkt1c
MD5:	E45A512CAF1BFECF4C9BB018BF791B58
SHA1:	7D56230FF5E552C828CEFCB4D1ECF8BDF0062548
SHA-256:	4DC833994645A107E10E6C346D5C5E72E792E16080BB5831559B1F83A32F0C92
SHA-512:	DE95613C44D4AF54106BBA642639744D5BD5D25107478F5E540103391DC8F7589F050DB706D9F915AE67F937D06FE89846BB63E0FFF2C2F6BFE5F2D2DDEAFC65
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE...............yyyRRR..........................................................lQFhNCD.nSI...rTI......kOC[F;eLA...XC8dJ>..................iPF...uXN...pRFqVN...G0,]I?mTNhL@>/-......8+(B20aH<........F53N95V?4......aHDA,';-+...x\U...U96Y=:...J30eMHXD@...XHGNAB..N# .f_\|aZP51R>9...qZTsUS^B?QDG.le.tX...un......lOL[LL.qj........gRMH<?.....}....zt...5&$..x.....<($..............................\|`.........?6;^QS..........L.)..........E!.............kd.....(...\|x.ut.tq........^sa^.eR...SIUc@8............\|ki."....J.qW.....r_Xa.....}.YG.n[...l.....................z...........kv=$.....lWt./D.".bu...y5U.B6....\|!.A].T#.h.....UX.i0...us....Z..?.T:.U{.>...^.......?>....~\......JC.......~...z....Uy....j].....)..{..h.&..8R\|.~.;...-....tRNS....7)T...t..qqcFW......IDATx..=..0....`........j...r.4.....+.O..e.].EY......>6.......L...a..a...jx.O...6.&.U@..d.\_..8O0.c'.%3..R..<jH..]L..'....h.].T.!4.z6!.....F..

Chrome Cache Entry: 249

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (62182), with no line terminators
Category:	downloaded
Size (bytes):	62182
Entropy (8bit):	5.844734866685896
Encrypted:	false
SSDEEP:	1536:8T5RlK3pUVZoVMiKMdi9BpNu3drIuVMr2PlohbWOO:8DaMdsa2X
MD5:	A78D5E12CD76046B313D2F5406A67169
SHA1:	51BCE781670569147262826C01137CA0DE2232D5
SHA-256:	A2F8D007C0CC2A236A7E49E1B09A9DD6F528C0E5204C9B0F26030A63404DAB99
SHA-512:	70F73BF9B3DFBD358C9CE6DE8798DE4787C053B369CE89090FBF1421A19C1F794A13A16F80B3AF326112313F3CE13EDA752D1B0729A5BE72B7E1D58996D6A3A4
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/pc.f8a9f5ae.js
Preview:	!function(){"use strict";var e,n={3334:function(e,n,a){a(6992),a(8674),a(7727);var i,o,t,s=a(5010),c=(a(1539),a(4747),a(3396)),l=a(6623),r=(a(4916),a(5082)),d=(a(5306),a(5322)),u=a(5678);!function(e){e.PGIN="dt_pgin",e.PGOUT="dt_pgout",e.IMP="dt_imp",e.IMPEND="dt_imp_end",e.CLCK="dt_clck"}(o\|\|(o={}));var v=function e(n){i?i.reportEvent(n):setTimeout((function(){e(n)}),500)},m=(a(9653),a(7139)),_=a(4870),g=function(){var e={hour:-999,ignoreDangerousSet:!0,path:"/"};[{name:"uin",domain:"qq.com"},{name:"skey",domain:"qq.com"},{name:"uin",domain:"im.qq.com"},{name:"p_uin",domain:"qq.com"},{name:"p_uin",domain:"im.qq.com"},{name:"p_uin",domain:".im.qq.com"},{name:"p_skey",domain:"im.qq.com"}].forEach((function(n){var a=n.name,i=n.domain;u.cookie.set(a,"",(0,r.Z)({domain:i},e))}))},p=JSON.parse('[{"name":"\u9996\u9875","path":"/","link":"https://im.qq.com/index","pgv":"im.news.homepage","datongReportValue":1},{"name":"\u4e0b\u8f7d","path":"download","link":"#downloadAnchor","pgv":"im.news.do

Chrome Cache Entry: 250

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	33514
Entropy (8bit):	7.959490679912619
Encrypted:	false
SSDEEP:	768:p0cnHDvCJkiBf4sQu1N9RfIrxg2bSl1u5D+TF3AGWiLDTh:p0YH22cff3fZQbSfSD+TF6iLDt
MD5:	B50E3305D3EF24787D34A0F86A9FDACF
SHA1:	A698ADB59DCF9D9620740555AE121BAFFE9D464A
SHA-256:	1768A03E093969E1C23C41716E01BFBC05A09D027BB857BF575C0FA8A044C595
SHA-512:	71ED500745DC9022DDD43DFB699243BBF4B24F3EAA6E0615B316EDCFE99D673BDA0C328312478789D241E49C2B3B5A57FA84D57E6A8C68D0AF11723C597066A4
Malicious:	false
Preview:	.PNG........IHDR...x...x.....iC......PLTE.......SNTQX...HCF....u.pf.?7..H.......'&.......&.v.1.................h`.......D..MD..\|...93.~u.xl.......^X.P.G15.F:.G..lf.....l..f.....k .n.......c.........d..............g.............I..P..`..d.......V.....Z..^..B..[......., ..C..j......._..[.....%.......K..R..T..9..%.......0........N..J.....U...................8...........G&............A......[.$..:!.....a..C...._]...0)...T.....FD.I.. .......b;<.....RRmDE.C....<56.OK......]....ic.fn.>.....XU....JAW11.....i.=2.sq....{u.:9...NE.5..tT.O..8..+......8:....af.QN._M.B7.-.uMN.FF.c..5....U].\S.a@.I:.~...qU..?(.UZ.T%.W..R..~...1.r0.xK..wlr.NR.=5.me.UE.F6.^%.)..0/b9....s...up...cP.}.d]a....c\......\..D......D.l>.J3.7......u.\.!..v.NA.%.u.........tRNS.........!..;BI.~iZW..j.{................/r....kIDATx..n.0....F...F.]... .."...UK..@W....I..U..}..E..R...M....D:V...tt..Y...B.P(...B.P(.G....?`.......&...7U.^....u..I.m

Chrome Cache Entry: 251

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 868 x 1592, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	186062
Entropy (8bit):	7.976052427970381
Encrypted:	false
SSDEEP:	3072:U4YQ/YltYaktLa++NlpHMSH4v85WebWBHcB5lRrKN2ciWxIjLY70IKEzmdoolifA:U4Y0akVaFzHMSYv8tbWBHcBL5lciHYz4
MD5:	1802AB075609934B68B194238808E6DA
SHA1:	27B1C78682B1D25F3EE89A1EF0593EFEA070F5A5
SHA-256:	49FB5963C746A33F9942D3CE39DEBB364350D0036871B5B369D25FF4AC15148B
SHA-512:	BBA048B2986AACFE7041D351D658121121F8830EFD11776DDAA6D1F3C9BB4749C84BDC0E78958870B5EA610FBA9CAEE07F19BD5AC4958FBE4EDEC6A5CF9C78D6
Malicious:	false
Preview:	.PNG........IHDR...d...8......B......PLTE....9}.:}.:~.;~...9b............................................".._^^...........$...?A@9.........../5S.....63>$'11.9M..9....2KO\DGT78G........rmn...q..'E.............:@Thn}PKQ=C`B?KM_.QYu...FMj0..(;:b[iZP]...Zd.iQR.....c..nbdC..,4X\h.RZd....~..\|uyNh.r\|......Q@B;X.\HKi{.io.#[.fauq..Zt..nf.,VF6:`.....2E.z................p........6$4iDqASz\go...^...^.50...Vy.i.....=e.:w........Kg.\|k.[..!k........XF)....x...zm.aY...-D.4T.....................h............/D.........g......lE..8....g6 ..$y.;.......KP.}s..s........$....C.....z.....g..jK.L.I)...`..eh.i...Yt.......Y..c1a.@..z.........r......\.T<....H`..A".h.Ak..&..l.....S=...q.Tf...]..)...HH.S#<..S..w.. ..zP.......mA;...%....w0.DW.p/k.....Gs..YT.e...k....{s...6./.....tRNS.....54.r...[...wIDATx............................................f..a ...?.fo3...e..PpdY.@.R..`0.....`0.....`0....c0..x....,...?.^.%.T.P..l..L...C.K.!.....(...b^Q.<..d....A<.N

Chrome Cache Entry: 252

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 121 x 121, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10520
Entropy (8bit):	7.97949289515813
Encrypted:	false
SSDEEP:	192:IXYAmWhoq9Ff8KcQyKwOuV+litV+z/27VBtIV3menRaG7xRsfjxaB:IXSYrf8PNx+oUj27VExmenBxR3
MD5:	596E73982012010E6A3972C0E0D848C1
SHA1:	BC655FC79E3781E7C68C46C1645B198E2797FFF8
SHA-256:	13EB64C2097B21543E4B0632D529E695853A90BEB7FD8DD2429A3522F1DA8F61
SHA-512:	689E9B6B0DC67AC978B940525B803769C9EF70DC4691E3B110DBD98D5874C4E2EE33170F5C85DCAA716B9A3214869575B6D99E9854036FCEBD578F537FEE5CAF
Malicious:	false
Preview:	.PNG........IHDR...y...y.....$~{....PLTE.... .Q....P5.P.\F..r.q7.B..z.%..bJ...X.C..../.P.7..`<...r=.iAG..?..O.....1..+..i5......Y..../..8..^0.e..q<.E!.R)...:......'...A."...,..w..5...X.....o...\|O.V-.M$.J"{>..{J.tE......g;.......^9......y...#~._7.f6.J.N%....~....T.W..M....`.H\.~O.Rh.......tE.>.......yE....`..S\|8.........}.j.BX.>...B..q.o.G$.Z+.dt.........]+.Z.`8.T(.p....`.K.s4yI...{..o.[n.nG.\|B.(.........Ff:..i..fz..d.T.4=.Q9.n/Y2........y..d.fN.O/.4........x.f.n_.jE.m9.(...p?r+....Ui.B3.Wj..Y.xY.~X.k(.@..J.....:.X-L..;....og7IuO3.%&.......{..k.R.S.u...}n%5c#.....V$/............j.@MtG"./.....\|......i.&[....Gp..e.`3....1..(....,3.p.\...JW}0>....9..=... ..s..`..5t.7."....j.!.\|..UZ...r..l{.DC......dK.>H....t]]K:\..-"CYW..^..L.........tRNS.@.@B.....:...z.......S.G..%.IDATh..}L.e..gu...L.1AC.`.M..l{..4....NO..Ml..Bx..m$}.Rm.y....)..v......:JP.N.eN......f.........I?..=.....]......].a...s..ae)....&:;.3..x

Chrome Cache Entry: 253

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	downloaded
Size (bytes):	360448
Entropy (8bit):	7.870764390364689
Encrypted:	false
SSDEEP:	6144:0uJpxF/61PJ8H73bBFouGo0p7w3A1XQ9vdHRGdjNTgUrups4OSnzhtg3OGVoMO7O:NJJS1PJ8HL7n3QXKCtrQaAm39O6
MD5:	6C73279DC7E80875C021DA55B125FB4E
SHA1:	2B218089E562C65FB5094AFFAE587D09022D07F8
SHA-256:	46EFE8A00BEF60B8676E3A4A6E12F5CFE46B076F759E90B1D14856F0451F8919
SHA-512:	B21C38258974769968617D82F9A04597C2493DE09082D67EDEC834E3D9E255AB3E61F00F15EED9CCD1802801D9CADF93F120F24833F488C25F8E6FCC4789734A
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9_1080.mp4:2f7c3ef359dcc7:0
Preview:	... ftypisom....isomiso2avc1mp41..s8moov...lmvhd...................@................................................@.................................:.trak...\tkhd........................................................................@........8.....$edts....elst......................:Lmdia... mdhd..............]... .U......-hdlr........vide............VideoHandler...9.minf....vmhd...............$dinf....dref............url ......9.stbl....stsd............avc1...........................8.H...H...............................................5avcC.d.2....gd.2.r....................&...h.9DHD....stts...........!.......hstss...................6...i...............)...A...x...........$...N...g...................I...g.......Hctts......................'...............................................N ......'................................................................p.......................................................p.......................p...............p..............N ......'.....

Chrome Cache Entry: 254

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.9993944760933955
Encrypted:	true
SSDEEP:	24576:8H4GOKl970kYtYk3OBNVsWAWn2d3KlSSxVeA:8HeKlZ0Ph+B3sWbncKNxVeA
MD5:	676998F25D96F461587E5B7EB7C0A1F5
SHA1:	2960CC0D6432E5705CF30C6D36AC236D482775FF
SHA-256:	C0F1991B61D10E0A856079E576B25DEEF6A04181CE9C70473905B17AD98B8DAB
SHA-512:	AD207F13652BEC7618FAA6790A805F6D6B594FA96227C11057275396E5702FF81DB35DC774BD0C446CC4349C8CE3E1F5AAA4AFBF72C64DD25F492CA162589F0F
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:1
Preview:	...A/t..!...V"$I....N.$A....!8A .....y.V.rm....>...;..:....&..j.B.G.y....F...#.LKu.....D.g...].f.Ao.V.SRo7..H.FX.K'j`Y..=y.>......b..{....2A.7;...].d.Q.j.4sA.Y&..\. ..-.....g.K.a.].6._..s.wG....v.v.......R.....t..%.YZf:0F..t3....8v06.UM.....E....7.d....H{5...F&.1....R.)..C..6....$.v.v..X4.0.v..b..._.....+.......p..!../.`KC....}.".J._..6L..W..J........4l......q...`.@19r....r.@......pc..\|1.y....kj.t.G.U.f.......J....7.ThD{;......a1#8...\M.E..bx~...>.=."..~.......8.....'%.6H.S.O.r.YAO...a8.{.;....v.Yc..u.DH.C./......Z..w.....M...\.v. G6.....b...\|.Z.i..H......B.$7...u..h.@.....KNIj..9".%.2m4......g.`s...HZOE...............I.f..I....p.........=...U....z..}.2.....x]._.......M3.;.B.y.RL.9Y.`.9.j...=..Eim..0.....=.....+$..:..R..F.K..{X..c.bH.2.h..u.~. 6 .........&/39I.0[....@].>.....].pVr...^.._ .o..3.._....0....Fa8HZF..3g..;c7.'6BK.-.w./.C.o.u.&.....E[.......P.h.T...o..=b..Y.h.z...Go+..,.g...r.+45@.....#...UM..%...dRk..&...&.....t..

Chrome Cache Entry: 255

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	64325
Entropy (8bit):	7.967705821097859
Encrypted:	false
SSDEEP:	1536:zCw6Rco5a8qKG9WzlHCpyKfl301dtsb7/y:zMRL5HqNkCpFd5K
MD5:	83D60FE0C5E9BD5838C3A173FA42E93F
SHA1:	8828F2A8234DCEBFD7437D1534FF418519FA5B7D
SHA-256:	320783C41ED98540738C723B56B4A048D0D33B7D7DA37C03CE9833D81E898801
SHA-512:	DF601DEF87E690E8F64E21874D7E9F83D238AE51FCC8C0ACD8A75D971C6F98B6EEAC65564977758DA158FD9B3ABE6EF23C4546F29403BA3C107C632238FEA91E
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE..............ooo.......................\|...w.MJV...bW...q..]R\|....ZT`.....n.k.aK!fZQLWJIU_V`....dU....WR].hN.cL...^L.cNVPZ.y@......]+...ROY..b.P...\|7.........iX..i+dN.hN.<.aR.L.p0.G..2.\|B..njK...j.1.........'...{:eeH.@.ZO..v.P"..`.....\T[.t:..{d[d......O. ...g-..VVMU..Z.,..D...5.Q......8.e...u...ub{=@.l......q.@Wr8.f".<..juP.+....^.d/.H@eP......@.n3}@.eX].z,..^..x..X_..Z.wR\|jH.q8..vvT......Y..~@..z.Y6..C.f.......v..M.9.]-..a.,..}n`b...}.v(..n.V..F....sI.M......m9.\|$..{&z]d.a....wL4s[.o?NjS..J_rQ..R..J.SF}j...B.\|.eG.7ac0$XK8[L...\|\...N$w....R...Z....gw...w.....bPaGV.T........`u.Y\........K,...Jv^e.}..s.t...m..moe4r................wijX.qC...d1^NS.q.f.m......G..mSO..Z.e....I.\|TC....^......tRNS....3rT.....k....IDATx..=o.A...PB...8.Hq. #].....Km.O....K7.DOA...(.."..E*..OP3..3.6..`.y.........:wL&..d2.L&.....L..6..q./D07......u.@..Q]w..[..'k.....w7...-\|m...z

Chrome Cache Entry: 256

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14224), with no line terminators
Category:	downloaded
Size (bytes):	14224
Entropy (8bit):	5.209891096410396
Encrypted:	false
SSDEEP:	192:y0Ol/BFQ13X9qEhMvbMx1TdywFCMC7Rh1Q9JzfFsLw47Jic36oL7:k3FQ13tThMcUwDfFsLwC2q7
MD5:	031D4F327F45D359FC22DD29A007F8F2
SHA1:	21B9AEA85D863FB5B83528E8B2DC7338D03D5B49
SHA-256:	533CB6057593AD013902E21636B83345CAA3006F88F0B07F1D36842B4DA7F26B
SHA-512:	157A86ADC1A58C98DC3133110FD40AF76B8CE8DAAB9F8831A922057C393CBE51FBA3089F49E3268A8DA4A09B3CA49309F2855D1780FBDDA44ED25458A40E3287
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/other-chunk.08167b84.css
Preview:	.q-share-picture{color:#666}.q-share-picture__img{position:absolute;width:253px}.q-share-picture__panel{background-color:var(--bg_top_light,#fff)}.q-share-picture__title{display:flex;justify-content:space-between;align-items:center;padding:16px;padding-right:10px;text-align:center;font-size:14px;color:var(--text_primary,#000)}.q-share-picture__title .q-icon{padding:6px;font-weight:700;color:var(--icon_secondary,#999)}.q-share-picture__list{display:flex;flex-wrap:wrap;padding:0 12px;margin:0;list-style:none}.q-share-picture__item{text-align:center;font-size:12px;margin-bottom:16px}.q-share-picture__item:not(:nth-child(5n)){margin-right:11px}.q-share-picture__icon-wrap{width:60px;height:60px;background-color:var(--bg_bottom_standard,#f5f5f5);border-radius:16px;display:flex;flex-direction:column;justify-content:center;align-items:center;margin-bottom:6px}.q-share-picture__icon-wrap:active{background-color:var(--button_bg_secondary_pressed,#e6e6e6)}.q-share-picture__icon{width:24px;height:

Chrome Cache Entry: 257

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 146 x 170, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10726
Entropy (8bit):	7.9699290675293275
Encrypted:	false
SSDEEP:	192:2taETf9lbSgB72SKFonFcYeGsgUn/+6XIl3YEXx4vy4NjtEe:2takf9x7ASUAcYgn/+6X6o04vy4XX
MD5:	E705F1CEC1E66F61882A8BA92CA59FFB
SHA1:	0B78ACD5F83187847147AEC5D31290998206A85C
SHA-256:	9D68152864EF6CC0D918B972CBFC76A1265E4775C129C3CF5528D5FC09DC28D8
SHA-512:	BAE4F1D6451861A7D5A88761D776EB35CA6BC62B2F6751FDFF2126B6185332BBD84CDE3A952D3C55E2A500C1D25C92F3DE81C6A1F7A0D8F2CBE94291DB97E6FC
Malicious:	false
Preview:	.PNG........IHDR.............q..\|....PLTE...wxofd\.~uKKF..fg`AB;TUO...\]U...YYRYYTZZTooh]]V^^X...ttl^_X...KLF]]WPQK...^^X_^Y...^^Xde^\|\|t......dd]ee^kkd.....tskTTN....}..z...hibwxpyzr...wzs..}.....y.........mnf...............................MPJ......`aY^_X## &&#\^WZ[T[\V01-23/ab[$$"./,()%%&!XZR,.XYT)'. ."".((#+,(UWP562 !.,-(TUN#&#&(%8:6350>@:RTL;=:DE>CD@OQINOK...WXQEFB@B<HMJMOG784+%...@DABC=JKDFHD12+LMJ7;8iplNTPLMF<>7:;8./(bie\`WQWT:<5251UXS892ch_...PRK>B>;?<HIB385mtn]bXRVOFJHHJE'+)Z_VBGE.2.FG@^eaTZW)/,t{uY_\\|.~W]YLQLX]TKQNIMFek`ag\fli\b_.D./41...pwsx.z>2&jph"('...............wwsI0.r......67/..\|...ssp...yzwQRN.........\|{yhkd....X..C...._c[.G....Q$.\|.....Y/..N..N......qxn`a]\&.e......d....?+....+33.9....H%..1.4..m1..C..9..,../.i&..;..?\7 .?.G:/3) +"....l<..}I.l..L.....c=I@7.j3w>.i?(.R<..Q....GtRNS...c.G.....'.I)..>E.......a2....9..r.e5Y...M.......nD&.....\...~....X....&QIDATx.....@...la ..X...B.p......w..J..4&..L.Bp...@EF.b...e..."XH.{.\|...B..n.k.....7...1..0..0..0..0..

Chrome Cache Entry: 258

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 716 x 110, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9809
Entropy (8bit):	7.954559967359701
Encrypted:	false
SSDEEP:	192:XRrl09geCFh4JwyxrwThpjMARIE9ZNIXF/Qe/jrj:B0C/TbhpjLRxWdR/jrj
MD5:	5AF07979C5CDF3FB896B467640D3ABA0
SHA1:	64EB66EFBBC890C5D8AC6FC43325624AC73E576A
SHA-256:	0F1692A7F73D039DCB6703ED915D094E5C6E88EB1E01770AD1927C0B5F21CE52
SHA-512:	DCDC5E65035AE596508800DFA53D256EC2C087694B2F5E9258C61BB40DE741039B062359E7C1952A38FC31C61F608CC01F80F1CDDBB26AE3B1FB6168B63F86C5
Malicious:	false
Preview:	.PNG........IHDR.......n.....3.E.....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..$.IDATx.._r.....x....`D.*..V...`...X.a....YA..F...v...b.7.....{>..k.m.i.l.....C"..N...w~.@.,......?....?...a0...?.>.B"s..C.c.}.....c...p8.x...w}\|===..........':n.......8=..^.-ONN...w.....c}.x...+.S..8.5<}....Y..'=..G.]\\..ey&.. .....>m.#..._....NT....ITt,a.e..........C=.&..~..r._.l.@G.....w.....e.....8.w.w...^...4.or}..!..g<....K.8...z........z.09.L..5.W.g.i}..`z2Qb0MH5....d......<.d.L..f~3..fuo>.=zs{._>.`y.....K^...^8.z5.........I2@....,p.....O s...\| ..3I.'+~6...b...f'i.$O..97l;9I.....t...Gz...J..<6......N.Q.1..N.V$...'d.3I4..H.......L.U.B.

Chrome Cache Entry: 259

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 863 x 1584, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1168126
Entropy (8bit):	7.991501408732424
Encrypted:	true
SSDEEP:	24576:n6hPogblOenlw5jYtfzU2bTUKm4u0RJgjVL4fGqnhOWR8ybDcliMfs:n6hPo2ECS5ufzU2XUjd0TkV/E0YTbDkk
MD5:	717967BDB03DEE08D45E00C98E1C7835
SHA1:	997A961C2BCE7A02BCDAF5917B1A331563F19C7F
SHA-256:	71EBB3BED948A2CF3113C87B8E67592CF0A65A5C6BF8509AA4885837FFAF53EC
SHA-512:	A3C0DC87699C51412677560A9FAE7EBDA422497257F53872327B32E73B05B1411CAB9A32E72FCCD010DBBE0BCAB0DF39B64F00A507A42C648861B1FBBE654FBC
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-2.f6af1bfb.png
Preview:	.PNG........IHDR..._...0........A....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6...?IDATx....e.&..:.0.S.$....+.'......C.PwQ.p....^...,....}.Z.B..a.`..... ...LT{.2. B....'.z..... .D...***.r...Q=D...G...]_.../...o..+.Y.O...O.t........qm;.o.K.....{e.9M....}..t.......3....5ux..m.f.......^...s...\|.Y......Y.Ke=..w0...R......=.......\..>..t....uX.;......hd.....V.6.2.9...<....uK......y...x..eV....r=&.+...#yH...\|a...~.l.<.G.f2.#]8..\....2]._.1...c=.v}...g.B....z..g........./.......Y..s>../9...s..t..}...z.l...^D[/.L{o...cKIQ.{.....V...n.@....2f..4.^6{u.DwV..(..i]/. 9.}..u..i.^...-3....A%_...{4g\|.H.<...................-..?

Chrome Cache Entry: 260

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	139706
Entropy (8bit):	5.394870829759392
Encrypted:	false
SSDEEP:	1536:wHaVo+oo+NC9aNO4pqGqK3Sdl3hpMRgV1a8HxiWcRIZRvi9It8ixrwfRgK4HZqv1:Joo+EeZUK3Ip/4Ib4b991
MD5:	4F1A32738E3BA3090BA80EF6787116F4
SHA1:	11246335D790170AC9AC27B6597FEF01D8208B4F
SHA-256:	C2632F43A3EDF5ACA12FBCD5B2358E505D4E378C6BB13D0EBE6536214187ADB9
SHA-512:	FCC3C1AD61E431976CEF5932E7522E0AA26816E59AD43D525207D6B684CE1C88D7F54F1E6D8CAB7CFDD8854AD14443B2EB5B7FE991E184C4C25348657C4C978B
Malicious:	false
Preview:	(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[277],{9662:function(t,r,e){var n=e(614),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a function")}},9483:function(t,r,e){var n=e(4411),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a constructor")}},6077:function(t,r,e){var n=e(614),o=String,i=TypeError;t.exports=function(t){if("object"==typeof t\|\|n(t))return t;throw i("Can't set "+o(t)+" as a prototype")}},1223:function(t,r,e){var n=e(5112),o=e(30),i=e(3070).f,u=n("unscopables"),a=Array.prototype;null==a[u]&&i(a,u,{configurable:!0,value:o(null)}),t.exports=function(t){a[u][t]=!0}},1530:function(t,r,e){"use strict";var n=e(8710).charAt;t.exports=function(t,r,e){return r+(e?n(t,r).length:1)}},5787:function(t,r,e){var n=e(7976),o=TypeError;t.exports=function(t,r){if(n(r,t))return t;throw o("Incorrect invocation")}},9670:function(t,r,e){var n=e(111),o=String,i=TypeError;t.exports=function(t)

Chrome Cache Entry: 261

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 407 x 934, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	78538
Entropy (8bit):	7.964424423912686
Encrypted:	false
SSDEEP:	1536:rA1yRNxe26Z8Z/A+rjLPBKzl0xiSvmefztDB9Diq2/Be+VM:qyM26ZH+f+l0xVXfzP9Oq2ZM
MD5:	C6065B94DEC27A8E1D605F66A8918E4C
SHA1:	9C1FD60BC378097091280F9B1F3D00AEB84DFB7A
SHA-256:	12CB698C715DC67F6FF9C487524DE81FBA578F0F31B6BA1B7914945707789018
SHA-512:	33BAB3EC2D3A38F099DC4397357EFE30A33101D13B564CEC590DCC0BA0A55C0EAC2EC33DE7BD5115C36235A7D2BD9303D08BF96ED7A43E6C756CD334C947F73C
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/boy.c5ae9f89.png
Preview:	.PNG........IHDR...............(.....PLTE.........[XZc...rq........................<dw...........pgd..........`...je.....eX...[SX5/,..@..jE..-+#............................................................2+,......^..+.-.........}....................................:.....1.......B..U.....$#='>.........{u...TV....&...v5.......tnL..!}........jd1.....c`......IY....^c.....\|...p..XU...................k...........qH...o..`..'..#..jdp.h@....JF.np..........Ve87:..........L.....=<.........`..z...u.......S...T..tXM.A=.>KK;K.~y.xK....u..ilR2).\|.cf...u.......LI.dy....tgE:.^Wwo..ay....pe...X.qM.zvng...wz=RA.h..n..WSI\|j..U.....g.gc...\6.n.\|Lk....2....].xT.....X7~....ID1Q_q.......Ju.tc@[Qy...>iW.....%.c.h......{r.o.k/..td.V......7{..%f....Rt.....%tRNS..7..7.[....Y\|...\|.[........o.u....?...../TIDATx..k.a..s).B...Q.\..I...K..`.K.!:$uP.;d.....@.......o..K...Qp8,"..@A..f....y...7g.....>.{....r....^\|.,.hl";...<........T..

Chrome Cache Entry: 262

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 223 x 206, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	10534
Entropy (8bit):	7.972168833531366
Encrypted:	false
SSDEEP:	192:e/2Vsi7KFbmNSR5OZBzfILVeUVjBgCqXxGJhfpkvl5khLBNL1N61dRODFbd:e/2mFeowzfufVjBEYivvkhLnX61dROn
MD5:	A1E07D3D8BB55DFC2F935D7F9728CE02
SHA1:	6D2E229C15B8473419E0E7073D63042EDA7C09F9
SHA-256:	8B8D55DAEAB9F04B425E058872184714ED1C6C1CB9DA644C7E43A0A2CA2B06D7
SHA-512:	6CCDEB90D25AC0F24A8C28F78C9F082C77BDFD7A3555F6CF5C1E81E19A1972B69A8DF2EB2BD8C913CA540BCDA3B931534144C5AD714BB7CC476D656546F8DF9B
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-4.a0581c94.png
Preview:	.PNG........IHDR...............' ....PLTE.....................................................................................................................................................................%..................3<.........i..........`.................y........................?.....P..............................u............................g..............KO.6D.........GO{...<F........3B.:G.......@L....1;..t...np..{.n...+5......./9.7E.M?...F..1;.................................................................................................................................................c...'.o..8....O...C..X..N...4.z.........&.......J..b.!@.......20.....]...4.W.+;....................*.=....I.#0....sh.......&...........`2..%...y....Y<.DJ.CR.Y.....tRNS.........................................................o.."...............C..,....2......I...^....m.!.J..?.\....m...............v.........%>IDATx...............

Chrome Cache Entry: 263

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 537, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	81200
Entropy (8bit):	7.967787281945485
Encrypted:	false
SSDEEP:	1536:ymecUzyL/bOg1mo75pToXnb4Iaks5WEQrOL2OP9oUgTs46o4:ymecUzGSg0oIIJQmP9ATs469
MD5:	09E326456A0BE10523FF5DE020282745
SHA1:	58CA5B81684C13BCCE4CF9FCCE40F5DF7993EF64
SHA-256:	11B17AB71623BAD8C73AC2D714F09A517DA83A57C47D7AD1CA191814D17C8FE1
SHA-512:	CB4F28659B515D6C7DF3596CE4E5AAB518B24F9445DAC89A9381515955D6764DF6B52DE4D5DB53BFD63AF947EC2547CDABB50E8BA85BAC08517B973A235F16EE
Malicious:	false
Preview:	.PNG........IHDR..............%.....PLTE..............z{{..........................n.g8..rh...s7o...h9.d7.j>....o>.m?.rD.p3.r@...J...y:.j;P.....L.m=b....w...x6.m2....d6.l9.\|<.xI.......uC.w>.\|A.W....pDP~.....`5..QI{...>.z..uK..]5...s.Y.t4._Qp.u6.T-v..Dz..{R...~.....a.}O.........F..........d.i.m..i....:....y4..{=KE`.sL.}H..X^B7.[1.P.kZ..r...X.^....eZy..b..`.b<.v...r.q-{...L.hTq.T....\|...II..}Doo.D,...^.\|.kEL{u..kl8*s.zT3+h......\|Y...S.z{..@v..A.F87.W3.........p`{.7%.[W.t......>+.M.........B.<:j.p..WLg...[.j..r2_..\|.ma.yJ9....w.b?..pBbd..3Pyc.VIc..Sg^.FG.d-..\|....Z....1.y....7($~j....m."..w..fnz^..Mt.:..\|..r............zj..p......d.}...M.rM.....b...kh~]Ud[F.....k.^D.......ra......N.tf.V.....Y.m<`.)...PRt....=o...qh......u...7...tb....f+w{....tRNS....U9.w..o...@../..9.IDATx...j"g....nI.....Z!a"..l.0B.h...Q.("1......x.......W.3o.x'..>...d&....MR.g......\|..o....................Z...T..Z..\|.4...@2...O^......:T...O.&

Chrome Cache Entry: 264

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	89643
Entropy (8bit):	6.031495955140461
Encrypted:	false
SSDEEP:	768:IrYEHb2SrYEHXxmxvQKyKOVrZo3iW8udMOe2QaU/N4zUr4py+VWfrtv:ZEHbUEHXYoKyK+Zo3PTMOewCNr8pjaRv
MD5:	1185D0FDB994C3DF53FF11A4768907F5
SHA1:	635A15E1F3E39195BDD1DD8969964E6E7E1062F7
SHA-256:	F7FF6B94A96692BC2FBEB086711AC3CD989AA85A698B11D93AF36B15D16968D0
SHA-512:	2F9CE46A3AF4B8A203C4660F798213A910F5468C9C0F7421BDF001E80F73E059C95A897F84CBD492EB8D42714A00452D7D9BC774FCED0DED5FC5D39681EBA32A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/mobile.73b646b1.css
Preview:	.header{position:relative;height:.76rem;z-index:1000;border-bottom:.01rem solid rgba(0,0,0,.1)}.header__logo{margin:.2rem auto;width:.675rem;height:.36rem;background-size:100% auto;background-repeat:no-repeat;background-position:50%;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIcAAABICAYAAADcWeZrAAAACXBIWXMAAAsTAAALEwEAmpwYAAABZWlDQ1BEaXNwbGF5IFAzAAB4nHWQvUvDUBTFT6tS0DqIDh0cMolD1NIKdnFoKxRFMFQFq1OafgltfCQpUnETVyn4H1jBWXCwiFRwcXAQRAcR3Zw6KbhoeN6XVNoi3sfl/Ticc7lcwBtQGSv2AijplpFMxKS11Lrke4OHnlOqZrKooiwK/v276/PR9d5PiFlNu3YQ2U9cl84ul3aeAlN//V3Vn8maGv3f1EGNGRbgkYmVbYsJ3iUeMWgp4qrgvMvHgtMunzuelWSc+JZY0gpqhrhJLKc79HwHl4plrbWD2N6f1VeXxRzqUcxhEyYYilBRgQQF4X/8044/ji1yV2BQLo8CLMpESRETssTz0KFhEjJxCEHqkLhz634PrfvJbW3vFZhtcM4v2tpCAzidoZPV29p4BBgaAG7qTDVUR+qh9uZywPsJMJgChu8os2HmwiF3e38M6Hvh/GMM8B0CdpXzryPO7RqFn4Er/QfBIQM2AAAKMUlEQVR4Ae2cT2wcVx3Hv7vrjY3T2lukFqQkzcuhIaUBb4QUVKkiU4mKS6lcEGouyFMQUg6Nkt4qleK1OCGB7NALqCBv4VjRTRHiyG6CWgQc7CLDgctO6l5wJbymKf67+/p+uzvb2Zk3//+snb6P9NPab2be

Chrome Cache Entry: 265

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 3840 x 1722, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	793290
Entropy (8bit):	7.982958424724078
Encrypted:	false
SSDEEP:	12288:Ex7datotWDMRHG4+/YRXyS2ncQHQn6VVk4qQa1DThebvS4FNIVTRm+jlG:ltvo15kmx2crn6VO4W1BeDS4FN61hxG
MD5:	B8AB281997D9CA30FB94A17328CB869C
SHA1:	50D8B9C62D0C632736BBB69E694062F53BFC2841
SHA-256:	9912AAFDEF380FEF9C21E785433A45A5847C8D478922DA1358133089477497F8
SHA-512:	90DCBCBAFEACA49347E308D86CEA02AF6FA2F1AC4A07AA59E6F58B74B6A4881711A998771BB244B83BEBD85E5C1CE1943B40B91D96FB07559384C6991DDD8145
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/bg.252a624b.png
Preview:	.PNG........IHDR.............G,}.....PLTE..................557......TUW......klo...}~.........................................klo.........................................................%..........................ONP,.1DCE..............._TNi^W....."...bdh...lnq68>......................uwz.v....XZ]............C90...tj`.....1(....TH?....xj..............\|~.....<....T[n.....]cx.....u...jc..C....~qz~.IRe..a..or..........yo...gj..~4.pfy....vw........\|f.............n..{....[........j........\......q.tc.v.........x_Y.....7.....so.J......~...\|..8CY.........p....d................$........`n.\|K=..`.n.....W,j...N7..^*1D...dQ.pP.k.I......zF..J.qlb...Z7.......O~..W...~@..p..z..RP.......O...t..p............Dz....~...A..r.K...GK.x..J.Q...[q...}u..O.p..`....>`....!..M..........tRNS.Q.H;+b..n..y.../.....S..v...Y\DZ.....IDATx...=n.0....N.....iP.Lv...Z C.\.G(.C...r........IQ.u.?.K.2...WR.......^K...v.......&..M~c..5.R.y....................2.z.0F.;..4...I..

Chrome Cache Entry: 266

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 82 x 900, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	4121
Entropy (8bit):	7.859900132218484
Encrypted:	false
SSDEEP:	96:OZ2KKHDX6KfKSJNgLoot/tCUcWnL+aRGLJDD:8Kj9CegjJtC5WnqiGZ
MD5:	A13B4636ED3593819041FC602DF9ED5C
SHA1:	2433529C29FAFDAFA32FCA89B813C9E4BFF69F57
SHA-256:	F35E49E254355130D7042EE1434FAD1DB7D6304264E5F31412CCFFAFCCAD6BE3
SHA-512:	6D13C10CA6A4EBC8A8E611BF987DFA0E0BE305BDBE1C083F84069D2B69DEFAFECF6242AD9A29945759326490329047ED126827ADE703804AF912AEF461BD9851
Malicious:	false
URL:	https://vm.gtimg.cn/tencentvideo/txp/style/img/loading.png
Preview:	.PNG........IHDR...R..........}.....]PLTE.....RT.i.c.7..j...e.7..}...f..f.7......e.7.....e..e.8.....7...f.~.....8...f..f....8...f............tRNS...!+/BKLXefg.......................NIDATx..]kw.8.ENB(0.K.c....&...!Yv.=..~.s..I..ea;..B.P(...B.P(.........(.......\|....B...KxE+..\|...6.....AKY..~.. .w.)H...F.H.0J..4.s....B.P(...]+...AN.Q....8...J...`.Q.SB.9....3.}......../.ZP.A.B..!t.\|.,\...^#.....OlE3..W;+.U..../..F..bK.......~.....n......:.e..c).wk......B..J...Xb......e......4............8.#.~..z..P.8e..i..V..T(..l4_^!w...;..B6..=......2..4...0e....e.....dQ.F<.7.......&...~....RTB.I(g6.O.b..{..;..\|O.Z..O.b..AjR..X.3P..$...Bf..1.^.r..2...\|...%...l....(...........<.......Pf.m.....b.....#a...J..d.c..m(....l.:.E2...P}...wn.....%$..9.Y.)$Ug...."..v.cHd....0snSJd8....I=.b.N...jqE....-.f.Q..\:~..n:e....j.......7.)Mv(Q..F.2"..o1.A:%WB.P.~{%kz(..l..C....l&..t(...]&.9.#S_......bR....H...A..Df...c.......;..........L....p.,.W,.....c.,>.u"g...8,.)..t(MO.

Chrome Cache Entry: 267

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (884), with no line terminators
Category:	downloaded
Size (bytes):	884
Entropy (8bit):	4.796720197895307
Encrypted:	false
SSDEEP:	12:gE5FxToDNhWh2YvWDEV5eX3sFnahExsc8ppVVuk+uXkiM5RnX6fhZeVdH5R8Vd:zfTycRrens0I8p5FM0hg7Qd
MD5:	C9C32C67140933F154457F782EFE24C6
SHA1:	FA94430BA284ADD795009284CD363E75D124AE6C
SHA-256:	9FC14B0D31D1DECF276CCD3B926A2BD3FFB6C7A8C019B7F7491F5567CB429D85
SHA-512:	52C0D465F099A603B9C10076FB789DB8B06CC185FF3FF3042D2B4A2B8D4FB684538461AEC66B9E055EB228F24AF2C6D6528250D0080EDDA2CFA165EDD7ED0318
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/chunk-vendors.120b3a4b.css
Preview:	a,address,b,blockquote,body,div,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,label,legend,li,ol,p,s,span,table,tbody,td,tfoot,th,thead,tr,ul{margin:0;padding:0;border:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:-apple-system,sans-serif}ol,ul{list-style:none}a img{border:none;vertical-align:top}a{text-decoration:none}button{overflow:visible;padding:0;margin:0;border:0 none;background-color:transparent;font-family:inherit}button::-moz-focus-inner{padding:0}input,textarea{background:none;padding:0;border-radius:0;-webkit-appearance:none;font-family:inherit}input[type=password]{-webkit-text-security:disc}button:focus,input:focus,textarea:focus{outline:none}body{word-wrap:break-word}*{-webkit-tap-highlight-color:rgba(0,0,0,0)}.hybrid{-webkit-user-select:none;-moz-user-select:none;user-select:none}.hybrid a,.hybrid img{-webkit-touch-callout:none}

Chrome Cache Entry: 268

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3050)
Category:	downloaded
Size (bytes):	9409
Entropy (8bit):	3.8627449454505975
Encrypted:	false
SSDEEP:	192:KvkADp0wXlhMnEXb74PtkADp0wXlhMnEXb74PPkADp0wXlhMnEXb74Pe:mrbXlX741rbXlX74nrbXlX74W
MD5:	AF8675A61A81E9941A3CB303E4FD987D
SHA1:	6E72CDF2677356CA4D7AB8B99E544042F43D6D7F
SHA-256:	65A5FE2D566AF66945F50B6B3A428B01932C9F585EF251D2594100CE786F87B6
SHA-512:	638221A4F5D6D930C01D9F71025CD06E7EA1D33ADC1667A5BD80F6CD37564E350D2F2F23E1B53E6CE264250112B4C2D4FB5F3A906DBB12CA6825E1F40C764C75
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/qq9.03144aa7.svg
Preview:	<svg width="971" height="292" xmlns="http://www.w3.org/2000/svg">. <path. clip-rule="evenodd". d="M105.756 264.757C130.013 280.641 158.54 289.132 187.73 289.157H351.498V249.96H288.875C301.838 238.074 312.526 223.967 320.389 208.298C330.308 188.53 335.468 166.803 335.47 144.782C335.476 116.227 326.826 88.3107 310.616 64.5635C294.405 40.8163 271.361 22.304 244.397 11.367C217.433 0.429948 187.759 -2.44079 159.128 3.11769C130.496 8.67617 104.192 22.4143 83.5408 42.5953C62.8894 62.7763 48.818 88.494 43.1056 116.497C37.3931 144.501 40.2961 173.532 51.4475 199.922C62.5989 226.311 81.498 248.874 105.756 264.757ZM187.878 249.96H187.861C166.589 249.964 145.793 243.798 128.104 232.239C110.416 220.681 96.628 204.251 88.4855 185.027C80.343 165.802 78.2113 144.648 82.36 124.238C86.5088 103.828 96.7515 85.0808 111.793 70.3665C126.834 55.6521 145.998 45.632 166.861 41.5735C187.725 37.5149 209.349 39.6003 229.001 47.5658C248.652 55.5313 265.448 69.0191 277.263 86.3233C289.077 103.626 295.38 123

Chrome Cache Entry: 269

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 288 x 288, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10792
Entropy (8bit):	7.928512726156912
Encrypted:	false
SSDEEP:	192:hhbDB4gaxuT19SSZXbMyqx0kXFrtduepb1MI1w8M3Y9eNFUUyozDnkAQ3vU:7fB4gaxuXS0XbMyS0EdPpdM3FFmkDk18
MD5:	85632BDF7020DF4019A08F5DE56B7BE4
SHA1:	247E066BB8367E6750725693BE345553D4DD5E91
SHA-256:	145D5C4071C5D749832B4568A0B8F688897F2ABB80A0B10BF0351F919B07F04C
SHA-512:	4EB48499EDA7319A6885E7EAAE888C043DB909E0DA25C15FB9B01C5D85B7E9FDB926E9B16EE882B9E454CB0DE21EE0CD9EF181028ACC74B81516EC9653ED48F1
Malicious:	false
Preview:	.PNG........IHDR... ... .....#]^.....PLTE.........................................................................................................................................................................................................................e$.......W#.[ .d".c".\..a".g'.......c".g#....] .......`#.j+.a".`".......}G.^-.m1.......^ ._"..._ .l-.w?.s9.Y#.....Y.W#.....M.c.........g.^!.d5.Y&.n!.....k.Z".]!.............yC.u<.k".....^..V..w....................\|V.\"...........c.z........\#.v ...........t.s..Q.u...............\|.X".f..k.........o5..............p.j>.q3.s.......}..k....p..........................._.........................d.vN.s"....................................................nC.{ ....................o..z...wJ.vA.m9.e+.l=.t..f..Z.j".q!....'....HtRNS.........(..>.0.......$..H.wc...ojS8..L.P,..pC.W`4....~]..t....zZ..c...&.IDATx..yP.u.........r.}...j.?~.N.(..@..!......C.....DG.#.X..GG.Q<P+j..v.5.1...6.~....I.d...C.x.

Chrome Cache Entry: 270

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 288 x 288, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	18401
Entropy (8bit):	7.960134833929269
Encrypted:	false
SSDEEP:	384:ZufF1T9WbHXHy29g5WD4JOM2GIwhzaJyoQOhumKdkR2w9v9jYhRr7:kx9WzS2WkidwwxuQ2q+m7
MD5:	5BF2F25D9DD6FFA0ABE78303A7376A3C
SHA1:	B0EBA0DA234C54435967C75C9DBFF35B2F058135
SHA-256:	A6EE012B26448225E4B34EF4797AAA2D9955042679FEDF2D9910B198F38838A2
SHA-512:	086910A2BE67EFE15B7019FBB23E4B165E3E446E9A9A44DA98EB78C3866EBDEA5AD8FF81A039347DB87387E26BE51B694C1DB7ECAEE22D197E40A6CD6799D1C5
Malicious:	false
Preview:	.PNG........IHDR... ... .....#]^.....PLTE.................b..........................................%...L.........................O..........D..].P.A.P.......O...M.=.t2.jF..............................Q..W..d.....].....K..o..j%.]........uJy...D.....I..\|..........................J18..C..Q..C.....B.....B....B.B..M...........d..D.71.b.A..B......4.O.E..W.._..I....t..[...A.l9.g..V..o....;....K.....p..I.q~....K.<....W.............t.......}..gk.....L{..RO}.Q.w.O.7R....N.....................x....w..=.....d.....B...~..\.~u...Y_..V.......pZ..j..K......a..m..s..g.........^.......................c............c..C...[....s.IlRA............B.....Z.Q.P...W..........g.9r.d..:....qI......f.......O....U.....{...\|........~...{....5tRNS..........` .(../.>F$....vOo7O.Vi..-.....j.kJ..{.......DaIDATx....@.@.(Q\|..'...m..N.;.(...I.."~._].KK....M.=.m..p.Q......n.[..j.\...z<..z..}.t.3X-.n.k.7..6.i8.=].oo.dgeO'

Chrome Cache Entry: 271

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	40692
Entropy (8bit):	7.9933925282665985
Encrypted:	true
SSDEEP:	768:xAsCfydVtG1MmhJwT9T2R1FeFHmEqQhqV88lLC54PxoxYN4TXHkhEEbbjzn9Ahtb:WoVk3DwV2R1F1whqVRdB8aUXEhzrjGhd
MD5:	2B17D75B6D85869E08D91FA63AD3A8C2
SHA1:	617D92A3E95A5716CC29B763629144B24F75A157
SHA-256:	3B4CE80D4FCA4E3CBD53508F037E623F43C1BBE823EDEA2EFBCE052BFAB8F4EB
SHA-512:	27DA2CE5E613CB8C53148E7CB898E7EDE8FB4955EF3D84716A1F99CF6F0A86D22045ACB195BAF6DEEC7EB1CF0538D0900D1518D69FAC463012EAE709453E4A0C
Malicious:	false
Preview:	RIFF...WEBPVP8X..............ALPH[.....0...BA.F...........dI.................................................................N..VP8 j....,.......>m2.I$%....I....gns.:......m.->>9.4.t.7...M.n......O.\|.;.\|o....>....pt}.....O..........z.%..P.......\|/R....Py..@.%.?...../z. +.~.=.....\|......}..?.^.......b......e......lZ.......@....@.Q\|.......;)h........N.Z..../y..<.N...=...~2....8...g]......8e....3..>0<6"..Y...q.?.&..........DpB.n..`'eX.P.#$...Wa..`D..mK.i..6#.p.........!.w.~4.3....!..G6./..'\.&.....[.T~..>.%...\|.0.d..[Q.K.$.....CF..RF".wW.:....K(..$/...CU.oG:.....Y..\|..........?.2.....Km..F...B...0.1.{..<.......t;I.....6..9Wq.H..+r.b..Rt...!wk...E5....*/....d..Xd.f....C.......T.[.B...+...W.p.n..U.$.?.l.....wbM..b.".\5.7Y.[k..@s./..}......fY.B.W.......r....f....C ..,8.F#.e...:u.\|a........-x.P.@...6c!..D.#.p........ .?..]../...g.o...k....6Ce>i2f..I}Ab..Zl.;.. ....?.(...9C..d.r.r.q<.?.R.w.[B...W... B....\|^>1..X....R....pd......?..f..s....z.._.}YM.

Chrome Cache Entry: 272

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	32253
Entropy (8bit):	7.958742758880246
Encrypted:	false
SSDEEP:	768:qlZSdg/54N7sPO7M1CdzlwoOqUrk6g/BrvbisG:cgp7sPOwYq36X/BrfG
MD5:	5100441802FAB75DBD3AD326C8A872C1
SHA1:	CFE25CD0CF51DC68788F53E51F73B852185997BE
SHA-256:	4A071501E44D57A20ED004EA8AD1489E76E6E5C2F9DDEC5B38DE731D25B0F9E7
SHA-512:	946AA06336F4ED1532AB4876FECC3BA72F30E43815ECCBF1A18B72E434C9DE6FD13BD0BA1400572EC8F85D0A1BF0146AAF1FFFE5BBA6712CD8852CB63D9E9BA5
Malicious:	false
Preview:	.PNG........IHDR...x...x.....iC......PLTE...6p.............=l....b..6p........<i....................:r.;v.9q..........m.....k.....j..Z..(Ge-Oj.KD4Jgy.........hi.]YbNg.................................-d.........................................................<t......<`....{...........I.............>w.r.....Hy....j..t..1i......./Vr...U..k..}..[................WVG`...bb.[[..z......'1Me.....F.(.............{......pl\.............@Y.....z....M...gc..............+..Sj.>bz.ws.QP...\#-.yp.....#A...Q\...D...........T...[Kf................GG...ai...prEm.......3S.dx.l=O...w....et.l-6;Ke...i_..JK...n........\|}....Gax......drtSd.sh..is.9A...bL.....r.CG..}..Ax.7..V..l}V4C......9]...OV....y....%F..Sh..E'4.v}....j....u.q.,.~..t.D.....L.f...h-..`...-tRNS....(..-G..h.V..G.k.......y......}.......Jm...z.IDATx...k#G..p....v.&..c......h.Xv.XX.[.$....1Ar.^U.B.R.E......1.\...u..7..;;+....H...;[..?=....^v.i..f.i..f.i..f.i..f.i..f.i

Chrome Cache Entry: 273

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 109 x 109, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	10650
Entropy (8bit):	7.974743785874016
Encrypted:	false
SSDEEP:	192:1RykbutDjmIpiZJ74aSo0CSrXt7ORWR26IIQ8ihVzh1TTNLg:vAxaIg8FovaR26jQ8ihnlxs
MD5:	70E6CA8E5D7D983AED25C7A3AA5FE556
SHA1:	2669ED69894AB0CE4BA4A9EFF19843BC0DD19515
SHA-256:	BC64C29E5189BF9A3BFA33BBA2A87EC95B09A85450BF65CE6CE1EB03B5D46842
SHA-512:	B3CC4A4F6FC19F9D60A98619784A93D503EA2538E0B1D2BB3991BDF04C70F1E13073767121FD8AF2D4D8D3A9D9A7674A7AE1835126D66C163BDAE265A56798BF
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-10.fdbd43f2.png
Preview:	.PNG........IHDR...m...m........V....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..'.IDATx..}....y.W}..?..=-h.-..XH.A.....&.......a..c...1..A.9'..2.8...L.$.....&..`.l...D8. .....>.....]....o...JzB$.................;...C..;.......R.C..).Li.IC..)...B.AL1......1<....a....i-..d>...c...{qN>...#.X..6...[v.m6.&.d..>..,[.......[....+h..b...._.o....-..F..fn..p.2.3.6.AJ.H]=..$z.M.Y..\|.y..}.ro.B2.......X..U.5...8.t.A3..Z...........3&\|..:%...o.@j.F;.@.ci.....[.._.1@@9b&.5..1~.7.%...ow5.p.....hR.mv...t..~.Z..L7...!S...IpC...8..<.a...?{.p.E.....V....1HW........9.D.i\...X.Cf.1uf..;5...!..4b...4....).Li.7]...B...d......Z..(....3..xc.2.p.....

Chrome Cache Entry: 274

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	35683
Entropy (8bit):	7.955053490136009
Encrypted:	false
SSDEEP:	768:YSktyF96W/Ed5UVnIYyDM6Hdy3EUNMwb+Xte/V8W3rO:BJF96/iI3DrDNwqXEbO
MD5:	583975B4342FD718871603AA4D228980
SHA1:	7E43257C86651A17D4EBDE6527B730B676196B39
SHA-256:	876A311EEF77C10933A7E93DA9007811A824DF220BDABDD3F7AB451455F3C2B3
SHA-512:	3CB04559444EFECCECB45CBCBF5BA8F2F2B4851A570501F1E1D74CBA9D7C427382A56FFE2C6C23E3A5949059850473035238E3EFD89E92F5B7ED35F96E18A0B4
Malicious:	false
Preview:	.PNG........IHDR...x...x.....iC......PLTE..........j..... ..'..U......>E....-...@..F.......g.P.v!S.=..4.....i..k}4:.7>._p.....l...59......]r.Xm..v..R^"B..x.H..^..................................................Zv......~.lFV.n.................gx...................[l....w..o..2L.Qp......ySc....h..`z...Wf..bs...kW9J.K..................o~pO_....v............V.....x~.....S..b..r.;.....[..z........AY........K......E../..........x..NOs.C..........qr...................Gh.np.{}i.=.HH.PU6...\|u.E....xKZ.....\a..].6..+...:\.gj.1G...C/<....>...E..F.&.,p.;c.V\.._.pj......!U....Q./.......DX..E]^.YL........x..Z.`q.`j....Woths.0..<... .R1..v:CQ$/...A.+.Bk......&8.c..n.a.;......[S`#.. .tG#YL5.../yyZ..q..n....I+..R...sm.).E.X.$...n.J$o.G.iA...:.g.p\|.....{.s.kw.......*tRNS........2....J;rT...x...tX..e....y....<]t.....IDATx......P..p.M...K$D.D.N..KDl..h.....%H.CfD"6....8.6./`.........J.....}.9.j>w.......zz.....eff..E.V.\.UV.\.........wy.o

Chrome Cache Entry: 275

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8656
Entropy (8bit):	7.92130568188592
Encrypted:	false
SSDEEP:	192:ttiyvyaJZmXxqcioeYjWxzXZYl8u5b3Xz0BuRt6YdFrXyPceZtZa:tt+moh6YazpYl8u57zr/dFrXyJDZa
MD5:	3D7CAD41880113413785CEB9C6F43B13
SHA1:	EE01723D87F3FAE441A9B2D9F85603D2FEE1EC05
SHA-256:	1C3C44EEC0F0D1D19FBDDBA0917A23A9EDE4E4D6D53B039D616BFF46A6709581
SHA-512:	10B6041AD99B457CFA99D67CC4074E52FBA5E26EFABF7BB45BDF2A12D724854D4EA184354A1ED0CC7A23E10802C83CD5DB4CE50FA1B5910CA20BA6D3C9B25731
Malicious:	false
Preview:	.PNG........IHDR.............e..5....PLTE...E..C...~a.qA..C......\|.mB..C~.C\|.C~..{.sA...O}.A~..v.~B~.D..C..O{.B..N..B..E......qM...B~.G\|...B...D\|....C...C}....~.v..B~.B......C}.B}.C\|..C..B}.@\|..B......C..B..Bz.@}......oJ..lJA{..lI.~.~....x.Kn...vX.}[.oL.hG.qRM{.fj..mI.h.nK.....n.FU...qP\j..rPF_.ol...]^.Zl..gVj..nlo.v.mk..m.p..u.......}........P.....a....._..W..N..^.....]..L..S..V..[..Z..J..U........H.........................K...........P.........................................{..........wG..............I...............................~F.....I..........\|.....v^...`y....[..]...i..k.d.{.k.~]D..\..[w.dv.iv..xT....pU..\..y.z..qpv...q.\|c]..yx.z.Po..vT...~.o]n...vqm......f.....zWy...w...M....G2...wtRNS........)...tI...L..!4...).......R..... ..>.n>...5...c.~k...W...[.^......wf...~...B4.........hXU......RNI.j...P..[....IDATx....k.P..p...b..:....S....^..0.......'D.%..0...m.:..

Chrome Cache Entry: 276

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	51873
Entropy (8bit):	7.968557639453807
Encrypted:	false
SSDEEP:	1536:afHKI/Bmgg78vFEHKylfkh78l6I4rYZiPNuy4mSQ:afTygvKHzlfJ0R6wNumP
MD5:	238BD5795EFD5FD2EE4E924284380331
SHA1:	296610E9718C251E598D7DCFD678731062CB462A
SHA-256:	7CEBE60110934A5D549FFFB715EEFF864148A060CEE43D9C4F8E4E6432CF75F1
SHA-512:	12DB23012CE0E817BA2BBA70E2F237229638CF2E763C9284DFE2D950E29321C0AF9ED32F3AE52736D6A94FFAC99E254BFE528A7B5C60A887CA820093CE459AD1
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE..............zzz...QQQ........................................................Rx.......EY.?W.Nw.Ty.He`Mid...Wy.LfaDb^.......@_[.........[z....Rmh...Qje........>\X[(3..L....D........>Ib^........H...........D_[Wpj....Y?E.........P...;S.8XU....Q^......b}.aCI.........=YV..............Lu..............R..B........s.......S-4............\.......q.\PQ?02]g.fMO...nVSv][....i.......[_sn...`4;.{.......feM=B..<..{............u.....................3SP......~\|..j..]...B<...\|..rp....~.qq..V\.b[`D"(njiug......rH@........mh.......{.lqyx.....H@].......P......J........UG[.....cW.BFz@M....{.....l....{O....................kR........w.....~N....mA........{.....TYu}..s.....\|k.`HMnw.......y.O..GD.S..K......tRNS.....8S).n...q.........P...;IDATx...r.@.Dc..ecW..J.]...{.Ug.:.7./.FK.L.....D8.. .o.zzgV...r.\......*....+<..~..g.7...T8..._.2..Eyu.^.....[.Z,....%D..7.]..w[..X.Ti.],...v..r

Chrome Cache Entry: 277

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	51873
Entropy (8bit):	7.968557639453807
Encrypted:	false
SSDEEP:	1536:afHKI/Bmgg78vFEHKylfkh78l6I4rYZiPNuy4mSQ:afTygvKHzlfJ0R6wNumP
MD5:	238BD5795EFD5FD2EE4E924284380331
SHA1:	296610E9718C251E598D7DCFD678731062CB462A
SHA-256:	7CEBE60110934A5D549FFFB715EEFF864148A060CEE43D9C4F8E4E6432CF75F1
SHA-512:	12DB23012CE0E817BA2BBA70E2F237229638CF2E763C9284DFE2D950E29321C0AF9ED32F3AE52736D6A94FFAC99E254BFE528A7B5C60A887CA820093CE459AD1
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-3.13d69f7b.png
Preview:	.PNG........IHDR................u....PLTE..............zzz...QQQ........................................................Rx.......EY.?W.Nw.Ty.He`Mid...Wy.LfaDb^.......@_[.........[z....Rmh...Qje........>\X[(3..L....D........>Ib^........H...........D_[Wpj....Y?E.........P...;S.8XU....Q^......b}.aCI.........=YV..............Lu..............R..B........s.......S-4............\.......q.\PQ?02]g.fMO...nVSv][....i.......[_sn...`4;.{.......feM=B..<..{............u.....................3SP......~\|..j..]...B<...\|..rp....~.qq..V\.b[`D"(njiug......rH@........mh.......{.lqyx.....H@].......P......J........UG[.....cW.BFz@M....{.....l....{O....................kR........w.....~N....mA........{.....TYu}..s.....\|k.`HMnw.......y.O..GD.S..K......tRNS.....8S).n...q.........P...;IDATx...r.@.Dc..ecW..J.]...{.Ug.:.7./.FK.L.....D8.. .o.zzgV...r.\......*....+<..~..g.7...T8..._.2..Eyu.^.....[.Z,....%D..7.]..w[..X.Ti.],...v..r

Chrome Cache Entry: 278

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	33514
Entropy (8bit):	7.959490679912619
Encrypted:	false
SSDEEP:	768:p0cnHDvCJkiBf4sQu1N9RfIrxg2bSl1u5D+TF3AGWiLDTh:p0YH22cff3fZQbSfSD+TF6iLDt
MD5:	B50E3305D3EF24787D34A0F86A9FDACF
SHA1:	A698ADB59DCF9D9620740555AE121BAFFE9D464A
SHA-256:	1768A03E093969E1C23C41716E01BFBC05A09D027BB857BF575C0FA8A044C595
SHA-512:	71ED500745DC9022DDD43DFB699243BBF4B24F3EAA6E0615B316EDCFE99D673BDA0C328312478789D241E49C2B3B5A57FA84D57E6A8C68D0AF11723C597066A4
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-wz.c59f5aa3.png
Preview:	.PNG........IHDR...x...x.....iC......PLTE.......SNTQX...HCF....u.pf.?7..H.......'&.......&.v.1.................h`.......D..MD..\|...93.~u.xl.......^X.P.G15.F:.G..lf.....l..f.....k .n.......c.........d..............g.............I..P..`..d.......V.....Z..^..B..[......., ..C..j......._..[.....%.......K..R..T..9..%.......0........N..J.....U...................8...........G&............A......[.$..:!.....a..C...._]...0)...T.....FD.I.. .......b;<.....RRmDE.C....<56.OK......]....ic.fn.>.....XU....JAW11.....i.=2.sq....{u.:9...NE.5..tT.O..8..+......8:....af.QN._M.B7.-.uMN.FF.c..5....U].\S.a@.I:.~...qU..?(.UZ.T%.W..R..~...1.r0.xK..wlr.NR.=5.me.UE.F6.^%.)..0/b9....s...up...cP.}.d]a....c\......\..D......D.l>.J3.7......u.\.!..v.NA.%.u.........tRNS.........!..;BI.~iZW..j.{................/r....kIDATx..n.0....F...F.]... .."...UK..@W....I..U..}..E..R...M....D:V...tt..Y...B.P(...B.P(.G....?`.......&...7U.^....u..I.m

Chrome Cache Entry: 279

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 145 x 145, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10613
Entropy (8bit):	7.969519207899228
Encrypted:	false
SSDEEP:	192:r4bYlWiNrG4NCDipJIfC9w24iNxXOijd9SmsoSvj7WZSPnrmedIQ9eF:dWTeC+p2f615hd9SvlSZ2txI
MD5:	0CE957FF769D91BF85EA8FA3BD1588BA
SHA1:	473D549616A57378690BCB9D7E6D235E21DB1FD1
SHA-256:	E7D7409888C659FB0A8C797E0A374FEBF1CB555889AF77D6FE99A83BE0F333AB
SHA-512:	D175ACE9220C956AEA0248414DD715ECE08EEA3972B3792364B938A9786624E5EB2CF2BF8E40347FB21B05ED99D7E9F9A15C53F512A1174F857EC1A83803FEC3
Malicious:	false
Preview:	.PNG........IHDR...............Z#....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..'.IDATx..}.t..y.?..\<......H..%Q.%...:.)5....4.i.:I...-.m..>..:q.8..k.........G..(..D.H.DJ1I..H..A.\|.$..x_.{'.....3;{q/p/...#..;;;;........5.PC.5.PC.5.PC.5.P....58.9....b.ACb.....5.P..<[.....q.l..jpA..!^:.I........8..../...W9j>.....mA..%...>.......K...3._....+..=b.M.J=p..'Q.@.N.\|......O@......@C{.&.UM"'.........$q.h..R..).UG"A..X=.~...r..P#....D.@/.eS.8[.).t....R......U%.bl.......'hh7^.j.G.......?...34...pE..I4..R....l.....p..I.0.X..@.C...........H..2....9D;..*....2^.$.3..W..;......\|.+P..H$I ..n.,.d>.C.p..Ys.5a....@Q......r..3.....$.V._..x..

Chrome Cache Entry: 280

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	50531
Entropy (8bit):	7.966740321893992
Encrypted:	false
SSDEEP:	1536:EMVMGp73Z0dyPU23vL/zeZwWnkOmbA1a2UuJ:rVMM73qds/emWMbA1V
MD5:	8CEDD744B699C86ECC62E474026FF0C0
SHA1:	1912B7A1D5444D47E4069D85DED80B0534E6AA9F
SHA-256:	7C677F62E0BB1B84ADF3361360596B61A1277EF550597AA228945D686F127C42
SHA-512:	158F9FD16D42C99AED25C191FD72C871D1AD6AF0B0924497078982771D224F5E76CAD9DDD474F437ADCE724EE380C064FF01CD632C8F6D54C6E2CABE6F51717F
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE..............zzz.........RRR......................................................................................................................`\V...\YV.....d_X................................fa\......a................................WVV...je_V....W....e.....................rZY.......[..........L............z`..^][......x_].....A.................t.........\...........oid............Q.......\_a......nkK.....@..zff.......urNOR......v..U.........x......~sk..~.....q..T.........~.......g............h..P.......vjq.qbgi...^.....w........................_....p......................^........k....m...mv....}.........p..Q..U.....q..f............fT......h..\|....C.......{..a...{....a..x..6....tRNS.....8.sU)............IDATx..An.@.E'(...g..."......Mr.9.{$Vl8......7......z6f4...n.KQ.EQ.EQ........._.G.<..h....8[..Cu)L&.T....2(B......x....TN.?..U6.8.....*F.....~.x.

Chrome Cache Entry: 281

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 627 x 1356, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	73157
Entropy (8bit):	7.982897369993432
Encrypted:	false
SSDEEP:	1536:ZVdrqf5fw1w5hPYHZYVBwJB+eok/PQk3P3dsDhWFTuV2ohO:dMSWhPYkwJ0NoQk/3dahGus+O
MD5:	3D2EC3CAD68BA80F42BD7FCFAD6628DB
SHA1:	46404455CECBAE1AD6DC512B516A1E3F2395F023
SHA-256:	443957598B75DAAD3A309B891A9C0A53DEFCE21D4B0C8AC9AB42D6E03009EC51
SHA-512:	37BD42C05BF8DD32904B0262760A176A6CF524235EA4ABAF2078F2719C3E81A0B468006BB9097061D3B4637F97FC18EDECEEA8B5028176BD704DDAFF962FECE8
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/phone.55b5179d.png
Preview:	.PNG........IHDR...s...L.....c.......PLTE........................................................................................y..........\........................ ....................LLL......==>.....'......i...........J...........zz}...............................f................................N............U..........................]]_...^^t........ZZ\.................bc{.cX.lkm....XWov.....S...............,0...........R..d...........NJ_........P...............TPfV..21EFCV.........x...WL,..>;N............y.................~...................v..:..........vvw....nc.................Z..........!....tm...........KB.......{x %:jm........yj...u{.....w5............]Ye>>...........QQ.x..jg............@h...nmN.2...iZT......C....Y.....tRNS........f....mIDATx..Aj+G..C .72.Y..2.....A..,l\|..M@........\|..[..^......\|.W...Ii.]3........g..b..hs}..~.^.t..n.2\...f.d.S'k..R....q2YN.6.ou..$...M~.......:g.....1.8b..M..u.

Chrome Cache Entry: 282

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	80
Entropy (8bit):	4.531198332810094
Encrypted:	false
SSDEEP:	3:mSfeSHeSHI2A2KtkR12KvmCGG5Z:mSfVVd3VQfFwZ
MD5:	F3D441D0F20CD2706207DF135E0DA94F
SHA1:	3BFBD9D92603543EAC2C0350169A1E1A768AD332
SHA-256:	AC4108B4E0F0B67C7FE1989AD652C3E3958C6AB93E4AB643AB4DC18BF587AA3A
SHA-512:	9C68064E8C5E75B5A2C13DCE4DAA9E94DA4F95D274EF59DED2A5D75BF0468A491DE754FE6213C35A4F2C5D18686108E6027E53EAED8C9FAE6FBB16740DCDEDE9
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmr-FMc7cF-YBIFDQbtu_8SBQ0G7bv_EgUNBu27_xIXCa9pZ80y5irREgUNBu27_xIFDQbtu_8SEAn9dg8S3dslBhIFDQbtu_8=?alt=proto
Preview:	ChsKBw0G7bv/GgAKBw0G7bv/GgAKBw0G7bv/GgAKEgoHDQbtu/8aAAoHDQbtu/8aAAoJCgcNBu27/xoA

Chrome Cache Entry: 283

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999622422416069
Encrypted:	true
SSDEEP:	24576:QKYdzGoczXhbmKJP9+8o5J4ovbVphkMYCsb7nTHHT/AleFPt3u:QKYhuzxRJP7ooozVpeMdmnzHsliPNu
MD5:	0BA6BCD14E92599669CBFA864186A57A
SHA1:	FE68D6FBDF72285D4A6B6FB59F4C308A62FB536D
SHA-256:	B9D49437A8FDB6584DED5BE989F932D66E80AEB0076B936421B514F3E1FBFF06
SHA-512:	980F688F4D57DF197CD111DBED5051E27D5E35075DE2A3938C4517D7A00E44EA57E5B45F4B8B3569491A55F45CF44E804AE95AB78DCA9D7C3F3400731DF94E1B
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:4
Preview:	.A..i....q.]....~X[.w.. .......9.\.G .....&.U...8..t.p.8.%PY.#.o.~]?..O..+XjJ4v....K.7.p........j ..XH.N......S......t....i.....S#.b.'c.=...<..pC..Go.7.Gd:O....u/......VF...g.l.!.b..BY.+2.["AT/.."...z..=8..&.^..?_.7.>.f.2...6yp].m....a.b..m.'F...s..1]@"%....t......M.R<.9B..&8._}...."....H@...<..j......}.x..2.qH.r..<-\.!a.v...@....Q$.D...1.....!.Ud).t..EQ@...t..gl.....C...i,4w.."...;.CMZ....+7.@....t\..V...4.,:.Ap.c.l.,@'....."v... ..H.D..(.".M....~...1..w.HL\|D.vn.'WsDwv.@.'.f.....`...r.b..>..@H0....&..........!.UM..hA..@..K@.#...q_d......j..e..../....x.%")U}.C.h.....Y.).e......0.....g.q....%...".P.....b.O...w%.y.pgy.18\v..T...l.l..UD....u.=..A......^3...6c.w.....V.r........V..Y.DG.@.3..]-.PM.>@.....r.......&..p2~..h..4G.%)C ..6...3.2g.e.b3....C..O.....ZSn...O7...6.....(S).ja^.j..6m...m....f.]...n.'W......d......z@........eZ....t...F.<..V.I.0..;.\|&b.#.MsvP.....P2P0.&..L.....X.Q..)l..R0PyCm...!.t....G0..s.W...Y.7.J.G.,R..u)

Chrome Cache Entry: 284

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	59873
Entropy (8bit):	7.975051851127102
Encrypted:	false
SSDEEP:	768:RsP+dBO2mkqldbtMDjJkoyfiP8HMJE43RVRTvlkLwTXuL55WBU5W6EL3IDQfCWSr:emdBHmFlJtsafpH5wRLGqud8h87Lk4
MD5:	CA542FDC551D6A47773C942ABA49E1EF
SHA1:	C5E4AD7B86B6FF99AC8ACB6CA5AFE1DB3014040C
SHA-256:	7230FF37FA7BF159A3A483EDEE96D61C533D6EB3299FEFB7277B1BE4CD7C850B
SHA-512:	4D57930AF3A1C5D9FD3BC1B86BEB14CC553697E37A45AFB1C4D5C59B1F3A4420E7114DCA138F7D76377030F526D6BB30470551F3D33125CDA5C24C839587CDD9
Malicious:	false
Preview:	.PNG........IHDR.............F..?....PLTE..-)......H..A0Ru....../Rt............t...............0O3.("..-Af+<]'6S.J2Mu.%D (>...6Ik."7,.......2.....9:S{..?.."[TZ%.E0S.RJM"3\+Cq..1^\pJDG:Z.c^hecoSOW..)ihwKc.`Z`..+[Yg@.4......fav......8C]<a.... >_3<S.....l\|....4JEX.&..u..^v.o..ZPQBQq.......Ul....VUaIGQok\|Gp.....8jXk....<g.e~../Yrr.P`.A=A."."Nx#Hj......616......J}.fq.-].j_]{~...........v...<`.eo....w..FOco........qw......8*&).....\|y.9o....7..Z..L.....Ip.......Yf~......................OZr...\y.........y......^.....f..pgj"...........{m.O.Y>.!L..'l. [....~........jWN..y[LDu...ja...x_X......:......y..,~......ur`..k...&....c..,..QC;...xcy...C71...M..~$Fu.._..d..shU...2R...z..S.7b..x.2.u....2B.N.+.....w..L...g..o..D...B_.0.....s..Rl.Cm.6.a..Fqg._.....J.}...e...I5B..[Sh...v..m....tRNS@.@..?.@.@@@@....[...IDATx...Hke.....?.h..~8"Z..tk.L..O\Y7...kR-....l.LZ..e`.EB%..........cq...."Jn6......;.k.s....>....{V..Me.._.e....%.qp........30;.2..y....9.N..?..F.ssc.AT.

Chrome Cache Entry: 285

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999401743003957
Encrypted:	true
SSDEEP:	24576:pluVMX8y5XQL+VSYVJoFHCyos5IMyKQDC9nkfKXlK:pIVMX8ypN1VDs5IMXBk8K
MD5:	CF5B08ED806479A4E47646EFDA4B932B
SHA1:	63F5E3F2E2D587F88F4037FC42159082EC4E8099
SHA-256:	3E27EA704DDB61776578FA59F55D11FF9717630C39C3F24EAA24EEF3024FFBAE
SHA-512:	62576219D9FAECD0E5B69CC36BED2507B729D9772F84254748178CFBCDB0A2838BAA56487DB4594E509A81228880D1D26EB8006071998F419C681FA720BA505F
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:8
Preview:	O...L.wZX.y.@.....{+#,..p.4.F.te5..........Q.\.t.y2W.......S...=.F.}t..5..@.QP.+....I.om..1...d v...b.........9!^.......Y.Bu..8.U...f.6B..F.mu...%%.M.....:..+.K.C.}"g%.4.2-j.G.+...s..7B....4....7$.0......dl......\<.P3.42......h...A.K...t3..#...=.P.e6.......6..e,....E.....2#.O,D.....I..8..^.O."`..O.......s.......c.........;.B.].>q$.[}B.7.U..tX;.7P..<Q.g$z...S.:....Hxh..O5.F2....3.b..rU8...2..G ....A.w......d..E@....p....../].I.1.r.ql......Q...\...C..jq%.~.A.?..!..b.%._6].=1...>.X.-.2'.t..3....1i.R...[>`...d/......C..<i.........G......8..xH.by8.V.'....Si+~..&....D....i....:7vm.........<M%.~..t*.Ui=."....G.+^C.<.........")H6...]...q8...z_C..gQ.h..8...;M ~..n...l.j.g...1..).....V.oc....!..........dE.L;.......A...L...O.q7........../"...F.......zX~....~.h.......g.9.N...Q.1.qw...(i.x.....A........O.Ws.....^.=..p.s.Hw.{.x.wG.l:5.=.n.;((./....dD....w.$....p...s..{....B..:....P.6..?.?.M.!..0c@....nX.=.!.....'.}4j....T....5U#B.]Y.)oFO2.P........V&..w

Chrome Cache Entry: 286

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	3.8073549220576046
Encrypted:	false
SSDEEP:	3:HeSHmn:HVmn
MD5:	2F1B7ECD11027A3EB456F564D2285918
SHA1:	7D556814804D309B847296EB929A8702DD7FA5EC
SHA-256:	5ABCE29EB96232BBD0A5C279F657CB029C418CAB6614ADD54D0844C4CEA6D435
SHA-512:	A125EF654538E41C8FBFF150389B0011C77DD84E089FE0BD14D1F22CA72D619B0EA801E958DCEB642A7AFA1F80A05D375DAF81174F172F482F520475E8F601F3
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmvaWfNMuYq0RIFDQbtu_8SBQ0G7bv_?alt=proto
Preview:	ChIKBw0G7bv/GgAKBw0G7bv/GgA=

Chrome Cache Entry: 287

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999487646341073
Encrypted:	true
SSDEEP:	24576:/YaY6esF58J+gkAcJk0fsEpWpLCvkYJ55GvXb95AAf:Ar6esQvLkELCvkYJnGjPAAf
MD5:	2508D1B9FA9FCF2A4DCD6859B40EBC63
SHA1:	3E6114EB46E711BECE167468C183D6B08F85FD73
SHA-256:	FB945324C58EB1EFEC44733844BB796F34A3D1E4F4DA03D7BA7541397310F51F
SHA-512:	D35942A1C8F6597B3E4710E662F9BACC42D74F0E0201A58525409D217BDA414155508044A64534DD06889B0D674F476362838C710DE453E09EE5EF3424D2A4A7
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:13
Preview:	P#.y#.0g+.....J..t..q.f....z{.&.U.....H.8&r..Bl.O<.f.6.qx}.......W.d-.saG....4..O.2......Q.2X.]....M....A!m .K...\|...v.MU..../.$F...u.@.....4. @.....8..dw.$g.]......uT......U6..Y.Z....\..:....r...._.+.M......@.=2...q.d...j]....z(......)9q...........e&..&..u.d.3f~......1E&U(..k&.!.u ..7.$...lW..-..86S.zPLU\...zw......p..l.O..V)~..p...<.t...&...-.{..h..J.I.....n._B+.O.(.%.?z.f.].h..w...`.G.......K..{..,%d...X...f.w.J&.v. ...c.?.j.[..S.}...a..6<....;)r.x..L....3.l..9...Z.........h.....`...-.fX..r.G..uh...?.}../N6..3.#...7.>5.o...m;.............Jd(>.....KR..u./{..T......J.....-......y.....b.....&S...+`>.m..@..........C...kI.....=f...J3.!.......`....!.@.......v....Y.....!v..0..{..C..LK.i...hL.b$..I,x.....".0.....B.&..>n.$....[.y.Sw<=.S.\|...X....a....I..Y.C.!....G. .......)8./..5r........E..>.KA..>.<.h.Dr.YZ..OQe.w...H.bS.)./..8.@..L.!QS..H#..VVXvP.5.&..^.@.%P..K5...m.N.c .W.n..%W..yf.^s.....\.(..4..2.L.#.N-b...........v..u.K

Chrome Cache Entry: 288

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	58441
Entropy (8bit):	7.9430727556328
Encrypted:	false
SSDEEP:	1536:p5ML7XgwWC4GpozmQD/gGckcz1a4QrZBdfqLRBYsp:fe7H0D/ghz5aTKp
MD5:	A2CE6F8AAB6A24D6CCC1D29D892C347D
SHA1:	802C2AA62CC9C1FE8CE3E4DC03D6397472130AFA
SHA-256:	152672C20605881C313AED9004E060F2F6EA4C7F8AC59C8736A5177B1D490D50
SHA-512:	74266FA440454CF8AFF3A0A88400FA24EC63501E57DB824A3435B760EDB5B7ED0A1FEA7B20439775B6CAE233004FA4DF108BD5B874B8D69A0B2EE5CDBBF490C1
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-8.c0d3424b.png
Preview:	.PNG........IHDR................u....PLTE...........zzz................zq.....u..q........}...........w..o.....z..................v..y..........\|l.......nf........M..q.p.ti....qm.^j................r..?..C..s....DI.iu.F.-..KR..U..r....4.....\|....8."y.T].....}....<.+..;...Q."...j...o5.f........@6P4...j.{<.,}.T?...{...b....~...1..........#vH5_....-..g._.......+..'..L..Wz...j..TDNL...M.u(pL6A......e0....-k....>(B..?C.z........?../Vx.....pOYvv...BR{]...:....;u.WOau.....&.D...:<....&o......Z.N..X..w......v........N..8[.<Gie..$h.E.....p`n..........q:P...]..j.Y..:..,7h`Y.......Q:s`):..........fQ....m{...M`..G.6..`..Ns...Jlq............d..Oj......\|..E..K...ye/.......n[.....t.n........x,....\.....).o..........\..B.fn.g{.IK..~.W."..p.HB..R.Lur.D?......tRNS...U8.s........IDATx..Mn.0..+4vJB.....)."k..Z.f.....=F.WC.)..ub..(QJ....q().\....r.\...Q......T...#.`6.\.........$.@...N.CH,....../w..+....nF..}Cr..,H?.Qb.Tw....*b...

Chrome Cache Entry: 289

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999545735665038
Encrypted:	true
SSDEEP:	24576:5zXEtu3/GGuWjLScbxuImWAL9vzxwG+wtCBr+f0nLJ:5zUtuv7uY3EImV9vVtsCcLJ
MD5:	F3D39AD8A2D3BB65C824D0521D7129A2
SHA1:	9D63743B4FE5F792F71F2A5FD6A1BB44620DEB9D
SHA-256:	2C8BCA5B51A5BBE36A244FE8C348619F24456BB77BF2D7B823C834098FA7FC8B
SHA-512:	29D0B7889573EEEB3C940F5354DB3A51D750148D1B16B1B67AD5F5086953D84C8A443456DFED1923CC87809EC86EF4E3820BBD60C9E15BEE196A2B45E62A4C59
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:9
Preview:	` ........6..]........3....-C.).T...._....~.;....C1........}.....t/.Rp].j.]..bx4..T...\|t4.....t..}.;.......Q..@..}.[%.i.$.q....Y..1.....V...G.6.k...~.{j...y,.... ..%J..."..{..=wv(.i..!.o.T.j,D3..i..i ...rD.........R............?......h.w\|Z....Q1X.k[...:e...H.Z.X:...Cr...@.M...}...3=..4..b..Wo....Na...\|....oO.Z..b..0 .y._X...\|xp-.7#...2..>.....s..$...hSr..d....;8V.Wf.Mk5..n.../W[.......S.?...K.c)Z...!..^...q.k...1.&..........wW.+....".3.h.&..xC.......M...e....pK.....qQl....p...~....e.....H....++M].Lg.H.[.a.....d.G.._ .&i..<.C^.?.K..W~...Q5..a.5.]...@.y....<]...!O...s.b...+.1.D..n3.2.T.)..w..--...K.?."(.\|..7........"ocY\|Vwss.LYWT..t.A.6.P.L}CY........TE.I,.p~.>Y.{!.'jD.asBq....!E.Gi........".._.P...a..C&.~...>..n..-`D .H.m..B.4.....g.]~...=..tA0..5.w.f..b.,7...e0.3.~..&.:T.......Q.%.0.W\.eM.5<.\....).n9..gy..s....~2d2.l../._.SclH..I.../.../5e..f1.*..>b.Q..o.~.........6.........N#...)>..'.5...Ak.y.s..A.\|...H-....uk.4...4...p

Chrome Cache Entry: 290

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 858 x 1641, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	117721
Entropy (8bit):	7.965154745681065
Encrypted:	false
SSDEEP:	3072:J6m6P6H3gOrkFaZheof0M7kDEwhGspPmHF6DCedis:J6tIMYsg0swEw0sm6DHn
MD5:	6BC4F626D92473A6F5821D1AEFFC47FA
SHA1:	1DB17B733C8A4214D7576B2320C6CC8203D67F90
SHA-256:	9CA684547941EC1CE7A6BEDD9A704D000731B467B7C0C0B814A0DFCB469BB21E
SHA-512:	8FEA481F8292D279C05AA5DC8049C4423C2B2E4904C330B612E92F4F7CCF789E5A5411A36CE3E352B3C17F10C4EA8E647678744CB10A010548831D33564D637C
Malicious:	false
Preview:	.PNG........IHDR...Z...i.....w.......PLTE....@u./k.4z.4y.?x.?~.9{.:z.;\|.:y.<..=..=................................................................................MMM..........................................................(...................................bbb.................................FFF'''...<<<{{{...]]]......ttt...777TTT......oooPPP...u.................333.........AAA..R......XXX.........lll.....Z.....................q........M.....{....D...eee.....................i.............Q".............ggg........................;.............K{..].......iiis...._.........'..........................Y............X...D...............f.....r.....,3...............7........x........y...............o..g............K..D.......c.....Hw.-^m..]T.......o...........y...+..k^s.....tRNS................9R8...n......]V...,...oIDATx............................................f.\.#.a(\....y.$.$.\|..[G.\B.P.r..........#.u...jv..Q..t.<.?....o&....D.+D!.R?....eF.Z..j~l.

Chrome Cache Entry: 291

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 280 x 280, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	12985
Entropy (8bit):	7.936839991503054
Encrypted:	false
SSDEEP:	384:lRHlh/zxECBngIp0bjjvkQAFL1y6xD+/6r:THlhmApWL5MBVxD+/u
MD5:	EC913DE479188EDA839D59C3688983B9
SHA1:	2D04C7289C3AFB458641A2194016CAAEA30B7F40
SHA-256:	9C4AFD4FACE2D4BC32934F4F815C6026DFBA45FD915A242CB112C4CC976B7378
SHA-512:	19DE875EAB953D78C6F41DC58C23390ADDBECDA8BFFD0491F6D5F662DB2DE87FBCBAF2F1200723305B58651101DE59B58C22CA8B727DC2CE1CCAEB41FE451223
Malicious:	false
Preview:	.PNG........IHDR..............P......PLTE.......x..............s..................................................................................................................^........a.....C....\|...@.....G.x...E..H.z...Z..H.G...].E..D...X..U.u...W.?...R.:..B...G.I..7...>.r...C.. ....1...........,......C.m...M..G.M...O..G..<.....[..O..E..E..W..K..;..7..1.....,..C..J..?.S...R..B..@.L...B..>.P......U.....D..8.G..C..4..p...3..8..@..=.....4..+....l......1..T..A.....:..6.....C.K..e...\..H../..'..<..%._...&.....A..5..(....p..Qw..?..-.i..[..=b..9.c..U{..R..5..1..H..!.j..7\..=.'..Fk..?.....*.X..Ms..:.O..(O..4.Bg.Jo.1W..$..5.t...G.!.............'.d..x...&."....GH..3.}..>.+......UY.pM..#.Z....`..X.. .u.......[l..P.qN.4.f:.......z..s..j..D..........tg..O..-.?+.t..U....6.T+..Y..?..4...N=F.....tRNS... .@`..........0.p...oP.!gp?../PIDATx...n.0.E....x..%..;.Z._........rIYE.."..ED.rpgH8.D".H$..D".H$..D".H...I.i..[..~..(O".Y.4..$.I.J...Egx%J^.,.$.........\|wX...!;..{.Z...5;.$

Chrome Cache Entry: 292

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 280 x 280, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	12985
Entropy (8bit):	7.936839991503054
Encrypted:	false
SSDEEP:	384:lRHlh/zxECBngIp0bjjvkQAFL1y6xD+/6r:THlhmApWL5MBVxD+/u
MD5:	EC913DE479188EDA839D59C3688983B9
SHA1:	2D04C7289C3AFB458641A2194016CAAEA30B7F40
SHA-256:	9C4AFD4FACE2D4BC32934F4F815C6026DFBA45FD915A242CB112C4CC976B7378
SHA-512:	19DE875EAB953D78C6F41DC58C23390ADDBECDA8BFFD0491F6D5F662DB2DE87FBCBAF2F1200723305B58651101DE59B58C22CA8B727DC2CE1CCAEB41FE451223
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-18.49af16e6.png
Preview:	.PNG........IHDR..............P......PLTE.......x..............s..................................................................................................................^........a.....C....\|...@.....G.x...E..H.z...Z..H.G...].E..D...X..U.u...W.?...R.:..B...G.I..7...>.r...C.. ....1...........,......C.m...M..G.M...O..G..<.....[..O..E..E..W..K..;..7..1.....,..C..J..?.S...R..B..@.L...B..>.P......U.....D..8.G..C..4..p...3..8..@..=.....4..+....l......1..T..A.....:..6.....C.K..e...\..H../..'..<..%._...&.....A..5..(....p..Qw..?..-.i..[..=b..9.c..U{..R..5..1..H..!.j..7\..=.'..Fk..?.....*.X..Ms..:.O..(O..4.Bg.Jo.1W..$..5.t...G.!.............'.d..x...&."....GH..3.}..>.+......UY.pM..#.Z....`..X.. .u.......[l..P.qN.4.f:.......z..s..j..D..........tg..O..-.?+.t..U....6.T+..Y..?..4...N=F.....tRNS... .@`..........0.p...oP.!gp?../PIDATx...n.0.E....x..%..;.Z._........rIYE.."..ED.rpgH8.D".H$..D".H$..D".H...I.i..[..~..(O".Y.4..$.I.J...Egx%J^.,.$.........\|wX...!;..{.Z...5;.$

Chrome Cache Entry: 293

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 644 x 1394, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	500143
Entropy (8bit):	7.997463471995346
Encrypted:	true
SSDEEP:	12288:wM/RXIaQptkpRnquUoIGaezl75XXt/cBNVPBwaR:wOIqHQVC7pXtUdZL
MD5:	C99A57EDF453AD280BE2101ADFF1A8F4
SHA1:	550A742C9D7856DB62CFCCDECB43DCACE7D758EB
SHA-256:	87ADA15169D408E2AC3F82E6AA8B5C337398AFDBC6619E8409B40C2CA17CFD46
SHA-512:	F148866610B2BCFA805544AE9EA2E54B0DD3323AA89DBD913AB4019B5862564A6C2159ED464BDB7B6A454134A407B39543A905331E55806AA884282950D9DCED
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/user-profile.a6a93e4d.png
Preview:	.PNG........IHDR.......r.............pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6....IDATx.....q..U.{8.=...^.G$-Yj[.....@`:@.\|J.@.....?.+..B.....5...r.... n.K.D..).(..)J.(...w<.a...[....U....P"iu?...>.Z5W.Z..0.....g..;DG....6..i7...).\|............f....G.........SA.}..s....v.....o..d_...J.......t.....1]....;j.I......R`._'y\|F...6..~...4T.(.37...W.mL..gM:......j...U..<.o\|...C.S..N..3............/r....../..P2.;....E+.t\|..g....1..<.^........j.......<..G....y..I.......?..!..~.{.....z...e..e...[..e..v'E......_/6y.pe.E..7.^.@..I....5m...W:...+....m...5.[A...\.z.]..W^-';.....t......B..)]....{...5.z....L..Z..s.....9.../.].7.WNK......

Chrome Cache Entry: 294

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	57652
Entropy (8bit):	7.964391188227326
Encrypted:	false
SSDEEP:	1536:KKhziuz0MtJIeahVKz4q+XhBXKstHTdPTvfdj:9uTMt+PhVKU/RB6stHTRT9j
MD5:	797ABB2FC14C31278DA40FB9A653799B
SHA1:	CCF73636603A3151084F28A7F69166B467CA1E0D
SHA-256:	8CB70E95C6A6914716EDAA23CB99CFC9A52F76860A76636197FDD570103D2463
SHA-512:	9C0F1AC70FF6E0145AC1C58A0828CDCE0B4189C5BC9CE222EE985D4483CB57F2BBC06C52B8E854DA5F8B2F7BD4339365147847AEF6FA9EBCA673FBC8B0DC7A0A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-2.47e8b6d6.png
Preview:	.PNG........IHDR................u....PLTE..............nnn............................................................r...........o..............u.........................................O.{B.w.......s............F.{..........t;.v...'.w..xW.z..u..........I.w....ye.....y4.u......}j'.s0.z.XU..............y......._...........;.{....T...........'.}...L...]........_.y.....y.............H.o.......j.x0.....S.ri..x.w........0.l...$.k..n.............r.nj.[...........}..;.m=.....z....]~\........lg.h....Q............{.............^........{.]....7....^.........{h...ge].....w......g.G......F.......G&.........t............h.............d....{.K.f..u.......X......tq=..T...[X..q.........Z..........e.~...Q.+............u.....x.:....}...})0.......tRNS.....2R...wo..s..$....IDATx...n.0.E. ..8A(..d..+...A.Q-. _.M.^{.?...\._..T.G...(FZt..K..~ .. .. ._f......3..7i.G...!....b...3..Z......}.>o.....y...w..o.`....b....a.....

Chrome Cache Entry: 295

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 288 x 288, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	18401
Entropy (8bit):	7.960134833929269
Encrypted:	false
SSDEEP:	384:ZufF1T9WbHXHy29g5WD4JOM2GIwhzaJyoQOhumKdkR2w9v9jYhRr7:kx9WzS2WkidwwxuQ2q+m7
MD5:	5BF2F25D9DD6FFA0ABE78303A7376A3C
SHA1:	B0EBA0DA234C54435967C75C9DBFF35B2F058135
SHA-256:	A6EE012B26448225E4B34EF4797AAA2D9955042679FEDF2D9910B198F38838A2
SHA-512:	086910A2BE67EFE15B7019FBB23E4B165E3E446E9A9A44DA98EB78C3866EBDEA5AD8FF81A039347DB87387E26BE51B694C1DB7ECAEE22D197E40A6CD6799D1C5
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-2.3e3799e7.png
Preview:	.PNG........IHDR... ... .....#]^.....PLTE.................b..........................................%...L.........................O..........D..].P.A.P.......O...M.=.t2.jF..............................Q..W..d.....].....K..o..j%.]........uJy...D.....I..\|..........................J18..C..Q..C.....B.....B....B.B..M...........d..D.71.b.A..B......4.O.E..W.._..I....t..[...A.l9.g..V..o....;....K.....p..I.q~....K.<....W.............t.......}..gk.....L{..RO}.Q.w.O.7R....N.....................x....w..=.....d.....B...~..\.~u...Y_..V.......pZ..j..K......a..m..s..g.........^.......................c............c..C...[....s.IlRA............B.....Z.Q.P...W..........g.9r.d..:....qI......f.......O....U.....{...\|........~...{....5tRNS..........` .(../.>F$....vOo7O.Vi..-.....j.kJ..{.......DaIDATx....@.@.(Q\|..'...m..N.;.(...I.."~._].KK....M.=.m..p.Q......n.[..j.\...z<..z..}.t.3X-.n.k.7..6.i8.=].oo.dgeO'

Chrome Cache Entry: 296

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	53552
Entropy (8bit):	7.957624598794933
Encrypted:	false
SSDEEP:	768:pOhnzpYr0Vl0+0oe2wWkshEJarHNjpB/TvoYgUHhzwp2G7cZWd8MixCRpKYFjAcj:UhnzCa9PF2o5ProcHK2YcZVCbKYBAcJt
MD5:	2BA7372C1CC901630FCECA0F23915FFC
SHA1:	F317EBB8E6D879F668357AB8240579028A67CD59
SHA-256:	8C69F057FB44E6A4E9F51B9E6DB35CCFE7FA089FFFBE266CEBB3A502379959C6
SHA-512:	AFA9724E6258ACB6295E15B16A03197BD4AD3CADAF764E1A3587A7E67A1A138E4A16C71C54495063610D5737C834DB0B2B2C8862419BD8BE11300946ECC8EA6F
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-4.cf504f86.png
Preview:	.PNG........IHDR.............F..?....PLTE),J.....5-'87R.00F...Lg....E[._s.:Gsz....=v../<tfv.,@j.....Oh. 2.. 2+;".......)"#77.>../("2-&6..).....1....9(%8..##&=;2C,)=0-C..2.."..8...$F..@&*D....0KA6H#4`..X-;c$-M.'PC;N+5VKl.........65N...d..Pq.J@SFc....Wt.7:XPDW..;\....3Gu-?l............K..<S.X}...`..C^.+<w...<?^...k..7M.......5Q.%7lSJ_{..Pa.8Dk-C........aPbr..?k.8O.8O{u^m.....~....jXi7?..........6Z.......CLr...H.?........y..BV..q~......j.......~hvs..BX.EHi.................p..U..I..../H..~.CR~m.........y.....Ti....FZ.f..Pc.m..w...........Bx.DAb6!/...l..E_.at....S\.`x....W7IZ...^HW...`q.....g\|.Y..?f.Xj.Kd.>F.SQkY..ap.oN`^..MTz......v..S..n...z..[g....h..om.H.....i.....h..Y..Fi....N..{w..s.[Ztx..j..{..Yo...tz.Jx.UX....fc.......h;Q8..Di....Z.....+g.<X.MM.....F_.........k.(..=....tRNS$$...`.`..```.````O.T.3....IDATx..[L.e......!]qa.omiK.rQd.5.....`.....%.C......Qc..p.P.S..7...EC.).q.6.1$:...y....!...mYYh.y.....?.[.....n.....5..W7.~...z....L7...o.o..

Chrome Cache Entry: 297

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	40692
Entropy (8bit):	7.9933925282665985
Encrypted:	true
SSDEEP:	768:xAsCfydVtG1MmhJwT9T2R1FeFHmEqQhqV88lLC54PxoxYN4TXHkhEEbbjzn9Ahtb:WoVk3DwV2R1F1whqVRdB8aUXEhzrjGhd
MD5:	2B17D75B6D85869E08D91FA63AD3A8C2
SHA1:	617D92A3E95A5716CC29B763629144B24F75A157
SHA-256:	3B4CE80D4FCA4E3CBD53508F037E623F43C1BBE823EDEA2EFBCE052BFAB8F4EB
SHA-512:	27DA2CE5E613CB8C53148E7CB898E7EDE8FB4955EF3D84716A1F99CF6F0A86D22045ACB195BAF6DEEC7EB1CF0538D0900D1518D69FAC463012EAE709453E4A0C
Malicious:	false
URL:	https://cdn-go.cn/qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp
Preview:	RIFF...WEBPVP8X..............ALPH[.....0...BA.F...........dI.................................................................N..VP8 j....,.......>m2.I$%....I....gns.:......m.->>9.4.t.7...M.n......O.\|.;.\|o....>....pt}.....O..........z.%..P.......\|/R....Py..@.%.?...../z. +.~.=.....\|......}..?.^.......b......e......lZ.......@....@.Q\|.......;)h........N.Z..../y..<.N...=...~2....8...g]......8e....3..>0<6"..Y...q.?.&..........DpB.n..`'eX.P.#$...Wa..`D..mK.i..6#.p.........!.w.~4.3....!..G6./..'\.&.....[.T~..>.%...\|.0.d..[Q.K.$.....CF..RF".wW.:....K(..$/...CU.oG:.....Y..\|..........?.2.....Km..F...B...0.1.{..<.......t;I.....6..9Wq.H..+r.b..Rt...!wk...E5....*/....d..Xd.f....C.......T.[.B...+...W.p.n..U.$.?.l.....wbM..b.".\5.7Y.[k..@s./..}......fY.B.W.......r....f....C ..,8.F#.e...:u.\|a........-x.P.@...6c!..D.#.p........ .?..]../...g.o...k....6Ce>i2f..I}Ab..Zl.;.. ....?.(...9C..d.r.r.q<.?.R.w.[B...W... B....\|^>1..X....R....pd......?..f..s....z.._.}YM.

Chrome Cache Entry: 298

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 162 x 162, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10030
Entropy (8bit):	7.969577421383059
Encrypted:	false
SSDEEP:	192:h08XUPI2MP7s4plUGogmWwG8Rjzqk/sC2EPSRdP0CVLeEuF0o4LnHx8v:hDAuP7gKwG8VzJUr8SoqpumnLRa
MD5:	1B8B3CD8AF61B7F074E1C8373A382ED3
SHA1:	342B8CB70410BF48042C7CD65BF61BC8F72BF07F
SHA-256:	C96B0F69D6FF5DF29E5E17A02F0947EA4D2181E98DB8BA2C9E878D5000BD5997
SHA-512:	3BA3108036616702136875F20453AEE43995C2E936CEE6BFE53DCACFF2C2F223172FF4CB9114AC45A0359CB829464871FAC6181113E2E89B9AE5001BF2664E6C
Malicious:	false
Preview:	.PNG........IHDR.....................pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..%oIDATx..]..]Uy....@..A.#.Z....bkm.}O...9......}.m.....v...jG.T..9.J..[u..GP....Z....<s..<.=.....Z{.s.....g}w..{...~~....6PPPPPPPPPPPPPPPPPPPPPPPPPPPPPP0......u.&.\at..PJ.@..(Dl."..m%.5T......Ce....L.1;((....r).'..........K@...b....1.,.......A[..@...D.KirI.m...w...S...4.s.P.,.>{..Y..S....#W..1........T..>"..f-....E....csP....H..=...<,{.L.-((Dd..oE...).C..R.mL.M#B....%SME.Y.j.S....=...z....a..K.o".....]C@C.@:W<.j...#.E....$`.X.......i":/vC^.v"..N...N%.#(..S"..:...W...y.....Q9.-D..0.haD.<.uy.;.D.s.qds%.j...H..TLPf...ep=.....{h...=........cd%".

Chrome Cache Entry: 299

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 113 x 111, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	15596
Entropy (8bit):	7.9763092156654105
Encrypted:	false
SSDEEP:	384:VmgxeuEZVy3nfBsKu4dgFIvUaMUUaLEI1uUKG:VjoVyJAmgW8IEWunG
MD5:	405EFA58AADC182793EE0EFEC2D849C7
SHA1:	B4EC2780644B2C5498FADC39126CE2FB5306DE89
SHA-256:	91264AEC36D0386073531F5D5F4A135FFB4AC2BEC2FE45E2DFD0A495A0B08DBC
SHA-512:	102A3C3218A80994700EFBACEDAFB7F636CFAC6E5035AFD5DA3B16CA8DC16BE8A0F30805F8D001D4ECB34B2C24EDFC14F23CBF2F0F5C8AC34CA35D056D18E5EA
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-5.8836fb89.png
Preview:	.PNG........IHDR...q...o....../;....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..;-IDATx..}..]Uy..p.;..n..@..$(..AQ..E.Z).....>K..}}m.......hm.___...S.$P@...0.&!sr.........^g..f..?Y......}.^.........u....&..V.\8...W,..i.....{[oo.K7.t....$...v.../... ...R....e...<..o.sxx..x............}_J9 ..\.p/.0\.@~w.5..F...."..8..R).M../.8.s..$F..J./..-n'.ND....;.....AC....<A"....x```\|.......a.y......`..#..x.$F.=..$@...B...o...Dd..#......L.".x$J.kI....t+..wx... ....kH..k.....B0.$b.b5l..K/...~....".....l..Kf..".c:.E*.I...4r~.~..q.....]..H..H&...u......I.#..l<. "..D0Z.<.z...].....k.g~......,JI.RC.Ll.M..n..D..WmkT..C=.....JvI...g..9..

Chrome Cache Entry: 300

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	52214
Entropy (8bit):	7.963521995118885
Encrypted:	false
SSDEEP:	1536:xSUQwGp/aTECMyhE3H8qlJcGlHA6rNMLwSaS:xSf3gXu3H8qliWgVLQS
MD5:	F1FAB1492D70D6799DD575E5ABB3CA90
SHA1:	8EF7A9C5CDFBEB5FE208E8E5201C499344347CDB
SHA-256:	60982CCB8E7BF5D7D20E13F57ECA9ABDCA3063BAEDEF07E432CB91865F2A284B
SHA-512:	5A8F378E7E9FFF01C2A9264484575AACD62C30F98ABF9EDC02603FF49D27E0FF37284DDE78C47630CC62BE376280ADA8F18AD01D9DFD8076B51E55764AB4D9E5
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-13.5bb4e455.png
Preview:	.PNG........IHDR................u....PLTE..............zzz.........QQQ.................................................................ZF?VC<......Q......^IA...R.T-...V.W/.\0...a...X2..l.......e.d7\|Sk.T+.h:...Z/.X._3.a5.Z2.V).]6.[4..j.U..X1rmy.q\|...R,cJ@....a9.b2.S'b....i...kgr.iu.in.d4.d<...._0rMe...iNA....W-.l=.......^....R@9UD@.....p.].S5......O).............e..h7.[8.\|...............u~..rw.hA.^<.ot..................y'e...y.....`MG{......l......wpQB.y}.....e...............a=....N)...nI.....G...............h.....k.~.........\o.wH6...]ha.w.S.l=._.M..E}r}..wQ..iC4.x{fqh.eH@x..R:.vQiVO.zH..t.p..j}ib...._.b.qB.~d.......s.ar^Y....sn.......]H.;..g7e...x..^..hZ:..B.oZ...f>4!.....=...t..s\|uKn...~PM-{...4.b\|......]tcD..FMN[&P.K_w.J/.G.jJ...d....tRNS.....8.Tp).................IDATx..An.@...jH....]`..RV.ue.....@.bq..,.@".@]v.[.$..a.....L&M...H..;Q.Q>..y3..d2.L&...U...{QC_F..Hh...0..A........6y4......l~..}n6.....-Q...

Chrome Cache Entry: 301

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11002
Entropy (8bit):	7.9776073354641674
Encrypted:	false
SSDEEP:	192:A42SVjLW30Z//kSr0tG8GaehbHCPSRRl/e5/PHeVxoHAiZIRb6jdQzaVtzc8Ybxt:A4ZVj12ShazR5XeroHmRb6jdoX8YbxMw
MD5:	D70DED7A0C0898BF1430ECF1D45620DE
SHA1:	550289501C2DF637C0278092CE126793C57B83B8
SHA-256:	2B8442D43FE84FBC1DCC64A970CF92C65E6DDB5D52159A7972BB427247C99D67
SHA-512:	B3E07E5739CBF7D158BCA701591AA3CC1D49636705F1E5A4BBCE3B6629362727CEA6DA4F22382110496B7478F2E75F20E30D3046DB962580FF51D5E348C85019
Malicious:	false
Preview:	.PNG........IHDR...l...l......fW.....pHYs................eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..);IDATx..}.t...w..{zz.,.[6f.d..c..$.B.6Y.YM'..!8. 9=..}&'Iwf..d&.=.0'.....s&.4Y.$!../.....l.X.....i{{...K.'..l...P...r.~...{....I..I..I..I..I..I..I..I9....c$..2a...3D....CyY..=.@.0).&.j..R...B..4:.eV......(... .....\|..6.%...)....(T0T..!....X...I.M..!~.p..YS.(U...5.......5.Y....c.d.a. ...V.W.{_...[..o.b..2.T.r.94...m.....,k..G!..M.\|..m..T..8\.pa.'(..LfqSs.rS...Bc......1N.T.G)_...].J.I.....r.A.x.W.2.^748...A..VP(.......x..)....\|.ar.rE."Q...U.U+=.~....O.........Q......l..h)......f........[ ..E..U.TQ...........V\|.{.p..O..A.,f....t.

Chrome Cache Entry: 302

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 311 x 311, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	17747
Entropy (8bit):	7.963201877508795
Encrypted:	false
SSDEEP:	384:+kEaThRCFQnjM54cjUXc8o7QwTVGuZSxrwtJMghDtE46+c:5CFsEjUI/YuZSxkM2Dd6+c
MD5:	38E67B8BA9A7863DAA3E6433D86F629B
SHA1:	D2D2C240927406F54D76806CAF92E36A229F48B5
SHA-256:	2404B986239DF15C16E2E3CE72F671370FB145B5491BBB608A1613D8CB7B82B1
SHA-512:	FA095CD3230A27410A32A7B0C202378126F7DA6935C1DAFEA2BC2E3FE448586F9C10766B32C7FCDFCE19BC8135A7855C0AFFBA7F1A9FE73B122D9BCD66BD9B0A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-10.4f6a1e0d.png
Preview:	.PNG........IHDR...7...7.............PLTE....yz.......hj..1.~".."...........%..)..'...................~ ..............%.....$........$.................W.................$........T........U.......} ..U...........S............~.p........S../................{\|..........}~............................wx................yz.......................................................jk.......rs....qq......................gh..........st.mn..Y.tv....bc.uw.....V.....U..S.......lm.....S.pp.....R........W....oo..P.de..P.ij.ef.....O..........^_..Z.....Y..M..................._a....aa..N.\^..\.....I.....K..(........@..C.....:..Z..,..T..]..W..<..2../..G..\..4..E.....7..%..Y.}!..[..K.."..D..'..P.z......+..4..U..G.....R..N..K..0.[\..U..>..B..;..8..K..#.WX..J..T..m.QS.x.IK>.[...d.^0.X..{..r..nW.]v.K.....b...1.HX.I..Bc......FtRNS... ... ^.@...~@0..@..`.o.._0..P! ...oP..~...0..o...m..........O.K..A.IDATx...1..0....$..E.^..t...#..![...@..~.^.f...;.;}...................G....O~W....B\|)...m)..%&+z.R.+

Chrome Cache Entry: 303

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 615 x 346, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	24909
Entropy (8bit):	7.905624713859312
Encrypted:	false
SSDEEP:	384:uxBkI6ipAh3IEkI591T1pj4/Yu4iS2M5yumjZZe1XmGYHt7Pla:8BkI6iUT31hSBSrsuOZZKXmnU
MD5:	D99F5228D03D33BF82EA3829DF19433F
SHA1:	85168A4474C057B743BBA0B1790F6F8964494AF3
SHA-256:	552A1C45AB3EBA97C44BD109956E365111A7D39F8F6CCE17573C14F1F6A753F9
SHA-512:	5870EB3DACF81A377B5F76DB831D9537D0D145B14649281905BB0189BCEBB095A2CCC75E0442A812C304551073F6BC4210912A6B83ECB01ED609E316700D3A12
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-5-1.cae9b87a.png
Preview:	.PNG........IHDR...g...Z.....[.......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6.._.IDATx....\U..i...%@(.@H..I..........R.Q..P.#...T..D. .........?.'.0...3{g.......aw.......+'......fB.!.....o6.?...M.!..Bt7..M.!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $.

Chrome Cache Entry: 304

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	181293
Entropy (8bit):	7.987444042817545
Encrypted:	false
SSDEEP:	3072:a2aab2VmV5SPsWvwafEk8sdTn7KM/8mYol/UaWEXSUM0gRRnuZfETo4A+Mzq2qz0:aFa6V+Wvbckd7sR2ZLXSagPnuOMzq23/
MD5:	06E40876E3D85A102B955A1BCE327E7F
SHA1:	EC09F1F5612C2B09C6C6AD37EDCF7D1CDFAF220F
SHA-256:	2534CE591FC99AEFDCD189315B494C9BE4D464AEAB2B957E03A092B7F6FCD82F
SHA-512:	3D0911C85AEDFE54EE3FF0447EBA8959393A146C11C29DEC443F27F98083C2E5EB2F680C3BA978604625ABC3D403FEB296C63EC496B91E0246054191CDA1036A
Malicious:	false
Preview:	.PNG........IHDR.......8........C....pHYs................eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6...nIDATx...v.8.n..z.3xS..l.V`@.....m..2..X......&.a.`...`mn..D.j.......(..mH.....x..V...x...#.k.Wh.?n....-.V....X....K.....V...m...l...(..-........r....@.....Q.=B>..X..fL;.Xa\|gF.......!........`n..m.g.C...3..3.m.r....3......`.....yff...`..@....(?...y.`-......<....Y.m.....c<h.-T.z.?.B}...0.. ....&..ZA....]p>.7.C..H....w;#......Y...b..1OiW..C..X....z@...Q.G...`...\|.x.sv..A].6...\H.V........B0@.l{.@.....`-.V..s1.u.dy....C..@^.....D`.=.~.@.......a.=...Fy..s.uD........A...........a...V ....8f..:.........Y.....GDh......v ....0.....k....^0.....7...p.B>.

Chrome Cache Entry: 305

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 311 x 311, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	17747
Entropy (8bit):	7.963201877508795
Encrypted:	false
SSDEEP:	384:+kEaThRCFQnjM54cjUXc8o7QwTVGuZSxrwtJMghDtE46+c:5CFsEjUI/YuZSxkM2Dd6+c
MD5:	38E67B8BA9A7863DAA3E6433D86F629B
SHA1:	D2D2C240927406F54D76806CAF92E36A229F48B5
SHA-256:	2404B986239DF15C16E2E3CE72F671370FB145B5491BBB608A1613D8CB7B82B1
SHA-512:	FA095CD3230A27410A32A7B0C202378126F7DA6935C1DAFEA2BC2E3FE448586F9C10766B32C7FCDFCE19BC8135A7855C0AFFBA7F1A9FE73B122D9BCD66BD9B0A
Malicious:	false
Preview:	.PNG........IHDR...7...7.............PLTE....yz.......hj..1.~".."...........%..)..'...................~ ..............%.....$........$.................W.................$........T........U.......} ..U...........S............~.p........S../................{\|..........}~............................wx................yz.......................................................jk.......rs....qq......................gh..........st.mn..Y.tv....bc.uw.....V.....U..S.......lm.....S.pp.....R........W....oo..P.de..P.ij.ef.....O..........^_..Z.....Y..M..................._a....aa..N.\^..\.....I.....K..(........@..C.....:..Z..,..T..]..W..<..2../..G..\..4..E.....7..%..Y.}!..[..K.."..D..'..P.z......+..4..U..G.....R..N..K..0.[\..U..>..B..;..8..K..#.WX..J..T..m.QS.x.IK>.[...d.^0.X..{..r..nW.]v.K.....b...1.HX.I..Bc......FtRNS... ... ^.@...~@0..@..`.o.._0..P! ...oP..~...0..o...m..........O.K..A.IDATx...1..0....$..E.^..t...#..![...@..~.^.f...;.;}...................G....O~W....B\|)...m)..%&+z.R.+

Chrome Cache Entry: 306

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	34850
Entropy (8bit):	7.97508088854308
Encrypted:	false
SSDEEP:	768:08UOOsZBoSdrXgf/mz+KOGesdq3xNeBG5GUEB4r:iO7oSC/mCbI+HoINCy
MD5:	39E35891E9266850A457CB7B868C3760
SHA1:	562C2FAA7DD1DF7D34DF09146E2058A5F8CFED6B
SHA-256:	3768E6BCAD89790FD98B0E234AB256DFDA9654646060D672A8686207494DF7B2
SHA-512:	6C0640E08525989DD15F07282474002A806C8AFACBFE7888E40FB876C7179CD6025D90B9781DD966CCACDE16FB1774E1F1A99652BADAAF68C2F69C996E6F1548
Malicious:	false
Preview:	.PNG........IHDR...x...x.....iC......PLTE...5/0DNm1,/..802#..##)=E_..n.xt....i..",.BJd...hD#...BJf.r?Q8$..O...S.so.sL&..A....m0uP(....yw.zr..C.~=.j..`.(& .#$#'*//-1..................315958....,.74)&...#%/9/+...;:>......,$#......%.#..s...).....B>A.~"..24= ......mQ8#..)+0>=,".x.g...HCFA4...nK,...aG1!2$..qK9,..y...`CeI/2..;%.[>%.h3 )sP/iE%..nV?/..FNHK....ejM8C46.].H.h2.Z.@R0....\9.F+.._...[1WKN.n:.Y.v\SV.a5....uT9f?.16I.U.P.{@.R.K.d7.wC=&0rF...D.Z,\|S/..]..L.S%.j............[wM%.P..O.Z=.q9...]A;......O8>z[3..B:>P.....k@.7...dA...t6.`-.:i_].d......ukj.....\|O.....{2..L._%.z..V!.i+...WR.c\.nk.sgtKL.l..tL...x~.o.KH..a.up._..r&.4..._`.7:.~............qo.}Q.]Y...............^y.........t...........\.....vMe.XT..j.WT........i.-.......'....)tRNS...0.S.i..%.........L.L.t....l.......A......IDATx...n.0.......%/a.W.~"K.\|..........w~..M;m.Fn...)$...ccg.....g.y(I.........R..=....yT.......w..}...O.JR*....\|=...&.2.>

Chrome Cache Entry: 307

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1622)
Category:	downloaded
Size (bytes):	4374
Entropy (8bit):	5.862769546472437
Encrypted:	false
SSDEEP:	96:pTR7xXwuxqq8FerrG608XpacdiPCNjIzJl:yU2OXpacdiPCFg
MD5:	159EFD50C6444C06CD7CC55B8333584A
SHA1:	BDF008BC0EB2460D8A2B6A95B129AD02E065C43E
SHA-256:	559AE36F1FE4629EADEF82215658CB2ED3258993363B143543E91F4303187D3A
SHA-512:	FD3379A051DA9D4E1DBD16EB9994CE96744C109FC8EF32BD0E6B3D23683B142DD289CA63C79E26A2BA346199323B29B30BB708C5B8E31DB740D76DE314C4AB91
Malicious:	false
URL:	https://im.qq.com/index/
Preview:	<!doctype html><html lang=""><head><meta charset="utf-8"/><meta name="Copyright" content="Tencent"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><meta name="keywords" content="QQ2023..,QQ2023....,QQ24..,QQ9..,..QQ........,QQ.....,QQ.....,QQ......,QQ....,QQ....,QQ...,QQ, ..QQ, MACQQ, QQ2013, QQ2023, QQ2022, QQ..., ..QQ, iPhoneQQ, ..QQ, androidQQ, WPQQ, ..QQ, ..., MacQQ, .., .., .., .., ., .., tencent"/><meta name="description" itemprop="description" content="..QQ.....QQ9.... QQ9..............................QQ........"/><meta itemprop="name" content="I'm QQ - ........"/><meta name="description" itemprop="description" content="....QQ.......QQ...QQ......im.qq.com"/><link rel="shortcut ic

Chrome Cache Entry: 308

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	8656
Entropy (8bit):	7.92130568188592
Encrypted:	false
SSDEEP:	192:ttiyvyaJZmXxqcioeYjWxzXZYl8u5b3Xz0BuRt6YdFrXyPceZtZa:tt+moh6YazpYl8u57zr/dFrXyJDZa
MD5:	3D7CAD41880113413785CEB9C6F43B13
SHA1:	EE01723D87F3FAE441A9B2D9F85603D2FEE1EC05
SHA-256:	1C3C44EEC0F0D1D19FBDDBA0917A23A9EDE4E4D6D53B039D616BFF46A6709581
SHA-512:	10B6041AD99B457CFA99D67CC4074E52FBA5E26EFABF7BB45BDF2A12D724854D4EA184354A1ED0CC7A23E10802C83CD5DB4CE50FA1B5910CA20BA6D3C9B25731
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-28.cf48975b.png
Preview:	.PNG........IHDR.............e..5....PLTE...E..C...~a.qA..C......\|.mB..C~.C\|.C~..{.sA...O}.A~..v.~B~.D..C..O{.B..N..B..E......qM...B~.G\|...B...D\|....C...C}....~.v..B~.B......C}.B}.C\|..C..B}.@\|..B......C..B..Bz.@}......oJ..lJA{..lI.~.~....x.Kn...vX.}[.oL.hG.qRM{.fj..mI.h.nK.....n.FU...qP\j..rPF_.ol...]^.Zl..gVj..nlo.v.mk..m.p..u.......}........P.....a....._..W..N..^.....]..L..S..V..[..Z..J..U........H.........................K...........P.........................................{..........wG..............I...............................~F.....I..........\|.....v^...`y....[..]...i..k.d.{.k.~]D..\..[w.dv.iv..xT....pU..\..y.z..qpv...q.\|c]..yx.z.Po..vT...~.o]n...vqm......f.....zWy...w...M....G2...wtRNS........)...tI...L..!4...).......R..... ..>.n>...5...c.~k...W...[.^......wf...~...B4.........hXU......RNI.j...P..[....IDATx....k.P..p...b..:....S....^..0.......'D.%..0...m.:..

Chrome Cache Entry: 309

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 537, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	64395
Entropy (8bit):	7.92416127965162
Encrypted:	false
SSDEEP:	1536:H5RsqmiSid4QcHs+FOSdnqLn2a4DxUN87SPpNe4zWkB8Kbu:H5Rs53QcM6OqqLnl87SxB8Kq
MD5:	8A0723E83C73C374E0533F2D7FD5095F
SHA1:	C77826D9C0B50011F1348E5F5898536597C8A39D
SHA-256:	C27E828138D0259A2D08F53A6133272ED0FCC75586F8A471C10B5CB31615EFFE
SHA-512:	0C19B333A4BBD9DA75432B5C90C29A2BF0099525F735EA8533699BEEE4AC6A91D7CD11ED915E1E7B6BAA175347D045B9729C9EBA8DEB19D03B9E496BDDAC4FCD
Malicious:	false
Preview:	.PNG........IHDR..............%.....PLTE...............pppRRR..........................................................................................................................................................................................................................................SR....................................................................................rj......................................................................................................................][..........................l......~{......nk......{s.....z..gb.\|............Q.......VM.Z....yq.vpc.u....tRNS...T.8(9..n........(IDATx...K.Ka..p.....=...H&..6...Yt..D.....@...N.YX..6..!.X....C.\|..O..^.w.<....._..s....$.H$..D".H$...f.%./..FTP..hN.t...v..u.c..}......Nq....uW

Chrome Cache Entry: 310

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 330 x 330, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	15463
Entropy (8bit):	7.960717688850482
Encrypted:	false
SSDEEP:	384:IVvwNlQ7OjzqKWBQzfRYJaS3n+GiP4IEJ8J7:Ipk2qX3z+JaYn5iP7Ee
MD5:	05A71DBBA3D4953A14985CA4F13FC508
SHA1:	8335DD71FD30EF3DB08D1B2AEE9EAAB0DE35DDCA
SHA-256:	614584147BBAA7503AA7C73A769E5BC00119555104C0571236666458AD49C348
SHA-512:	6A77578704609DAA537B6FBA071A6B92B025E1731322A4288D528978C091540159E7E804DFA2B6F5D858E1A08D478D174EDB710EAEFDB98EDB3F97FB9D45FF00
Malicious:	false
Preview:	.PNG........IHDR...J...J.....L..7....PLTE...j..,..0...........0..1..1...../..1..1.....7........q..0........3.....s.....3../..n.....1.....1..m..}..m.....1.......E1..^q$.....G.............................G........E........B..>..C..F..E..A..E..D..E..C.....D.....@q....By....A...{.......D...........A..Cn.......?..D..D..B..?..@.....E..D..D...v....Bt....Dk....C..?..E..B..?..A..E..A..@}....B..B..B..?..>..D..B..@.?..@..A.?..?..A..@..?h....A..?.....D..B..B.?.?.@.?..@.@.?..?..BMp(..@.@..>..C..A..?..?..AK....D..B.@Tp&...[q$...Xq%..B.@..A.....B.A:.......?..E..B..?3n-Eo).@..?.....A.@..@..s.A>o+..B.@t\|(\...@A...A..E..C..CU.... c....;p-..b.....0......iv%....n..6....O.....6.:.....9..3....g.<....[..Q..Q..w..U..D..J~.*..<..V..<.7Lz1..O.._..3..i..9..@..zu.7e.4Y.3.....<.;g.5W......&tRNS.. . `;`...@...0.o.p..P...... ....P.R.&..8.IDATx.....0.F..I.... ...........z.m.i....8........................O...;.P1.ri....!~=.c..!.....V..9.O...u...sP...q.b..d5.?^../.q. ....^..\.>

Chrome Cache Entry: 311

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999702516842735
Encrypted:	true
SSDEEP:	24576:/2st8lHp4hilSrg1v+kxnFpY68QM540NHD08ONc+px:/VMpoilgDkxnFpYTND08wpx
MD5:	45EC7D0BB2AFE5777546AA6114292406
SHA1:	7B9E2B3538C8786D8F5B52B7CE2E724FB5368271
SHA-256:	40BDE28ACB0EAA6CE1654F419AABEE35EAC422AFFD65FB1550346AED209875E8
SHA-512:	1765844E4512F29F46CB9C4076643E9047DAF3CDBB64253FEECBD8C09ECB38AAF37AB26E2BA1D38C8F32E4A83595D9443A7F041C0724CE5588FD4984A6A13B94
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:5
Preview:	..a...~.....l.[....8.$q.(.M....<...x\.&..Z..o6.b.i..O.J:.Tb2.}.T...Tz..9c6T.Z..&a...Pe.)...mo9.Zv.......q.!Ay...(..........f.....Q;....].".@QBZ=.<.....Z..tF=..`.._....V....d.......q.U...B._.h...F..M....1s.....i~..2............P..zk..k.A..m..tTJ..w2u.{.5....WP3.....+.....`,k...1..7n....m..a.f. ..-.....W6t....b.=...Tl.ah;]"m..{N..i..........=eL.B.......4.H..X%#.=.@.x...Z.k..Z.>z.#....M}.m.#./.(.i'./.~R.w.......fF...o...a..}......:.0}.{....NpO...<..F9"....i......T+vH.{[..V.......s.Rj.Gz@.......... ........LQ....@js.{cWK.8......~........%..2.S.s8..W\.c)....#.G.x...I.)^/.UG..GQ......7.....>FA......Z...R.......Z....xG.....u..N..'.~'..e.......]-...m.F.....g....!.?K.s[.;.Hi..L.Zd.PwMN...~:........E..$...iV_.(+..F.F(...$f....}k%9... .h.W.4t.?...PV..z...,Q.[.>0....nR..G.q.....u8...0J.`..U..P.W...M`.=....=u.aP.rh..Z.u\..K..u.]Q..u5..._=@.L....5..a......!v3.I#.LI5~,..la#.I{....~....=..ZU..."vW......:......... ..Z...E.P.=B.6..t.7.&....

Chrome Cache Entry: 312

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (62182), with no line terminators
Category:	dropped
Size (bytes):	62182
Entropy (8bit):	5.844734866685896
Encrypted:	false
SSDEEP:	1536:8T5RlK3pUVZoVMiKMdi9BpNu3drIuVMr2PlohbWOO:8DaMdsa2X
MD5:	A78D5E12CD76046B313D2F5406A67169
SHA1:	51BCE781670569147262826C01137CA0DE2232D5
SHA-256:	A2F8D007C0CC2A236A7E49E1B09A9DD6F528C0E5204C9B0F26030A63404DAB99
SHA-512:	70F73BF9B3DFBD358C9CE6DE8798DE4787C053B369CE89090FBF1421A19C1F794A13A16F80B3AF326112313F3CE13EDA752D1B0729A5BE72B7E1D58996D6A3A4
Malicious:	false
Preview:	!function(){"use strict";var e,n={3334:function(e,n,a){a(6992),a(8674),a(7727);var i,o,t,s=a(5010),c=(a(1539),a(4747),a(3396)),l=a(6623),r=(a(4916),a(5082)),d=(a(5306),a(5322)),u=a(5678);!function(e){e.PGIN="dt_pgin",e.PGOUT="dt_pgout",e.IMP="dt_imp",e.IMPEND="dt_imp_end",e.CLCK="dt_clck"}(o\|\|(o={}));var v=function e(n){i?i.reportEvent(n):setTimeout((function(){e(n)}),500)},m=(a(9653),a(7139)),_=a(4870),g=function(){var e={hour:-999,ignoreDangerousSet:!0,path:"/"};[{name:"uin",domain:"qq.com"},{name:"skey",domain:"qq.com"},{name:"uin",domain:"im.qq.com"},{name:"p_uin",domain:"qq.com"},{name:"p_uin",domain:"im.qq.com"},{name:"p_uin",domain:".im.qq.com"},{name:"p_skey",domain:"im.qq.com"}].forEach((function(n){var a=n.name,i=n.domain;u.cookie.set(a,"",(0,r.Z)({domain:i},e))}))},p=JSON.parse('[{"name":"\u9996\u9875","path":"/","link":"https://im.qq.com/index","pgv":"im.news.homepage","datongReportValue":1},{"name":"\u4e0b\u8f7d","path":"download","link":"#downloadAnchor","pgv":"im.news.do

Chrome Cache Entry: 313

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 440 x 440, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	24188
Entropy (8bit):	7.976622668059946
Encrypted:	false
SSDEEP:	384:z+9wdZT9dTyyF8kKVF4zzF+IUmBsR6dBAkB5pxOaef2M8tnTdnazJBKCo25t2cJt:CIxTyyGkKVFXKB5pxpefaTNabKg2ctJ
MD5:	8AC21D3B0464EF6435B6897F3C56110A
SHA1:	D8BF9AB2782283D7D5A49D60C27034772C44300E
SHA-256:	D5DB59EAFD61028EAB3EAF619D952D8E5CA65C65219DA68F7EF448C353AE754A
SHA-512:	3DE5AD967D60E87035C4BDCF1824645D93FC4F397D35535C8C66D6CFEE70C759E560B4980C27912E385BFD53DFE2D7A9ABD8C50C62B33E212230632BDF98410A
Malicious:	false
Preview:	.PNG........IHDR.....................PLTELiqU..I..`..U..f........@..U..Z..U..].....U..[..Z..U..P..]..U..Y..N........Y..^..`..U..b..Y..L..L.....f..\..@..\..a..Q..P..F.....U..U..3..P.....m..^..[..`..c..2..K..U..Q..c..P..`.....I..N..]..\..[.....P....f..I.....\.....P..a.....m..L.................f..N..I..\.................@.....m..j........9....................f..L...........a............................G.............................U......tRNS.........................................................................5..n....&.4......}.........Q.&~C`......\|QR`..R...n.CQCQ.9..}.....pHYs............... .IDATx...{[W.-z...s...... F1.Q.D>.$e[V.-Yj...oz..../.k.>...p%[..ko....i.H..Z..0..K&O...i8SN.3..;.o....v.knwm..r.......\.j...6..Z..n.....h..$,.\|>.H$...ll6...{<...gi)0.f..B....B..wkky..H..w:..n......;7....g..\|..._...^.....>\|x...>.........o.....x.o..{C...B..hv....t.....dggc....D"..j....OO.o..v..j...a.......{....=....p...R.)..^.8M.........I..?.~6...t...>..k.....{Y..VX........r......I/..

Chrome Cache Entry: 314

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:y:y
MD5:	81051BCC2CF1BEDF378224B0A93E2877
SHA1:	BA8AB5A0280B953AA97435FF8946CBCBB2755A27
SHA-256:	7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
SHA-512:	1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
Malicious:	false
Preview:	..

Chrome Cache Entry: 315

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65462), with no line terminators
Category:	dropped
Size (bytes):	70935
Entropy (8bit):	5.430529487250691
Encrypted:	false
SSDEEP:	768:hMbVPfhLTXrJk2RbKaUgEKCDY3P3bgAkn8:hMRf5bi2NJhy8
MD5:	11524DF85EBD860F62B9FCF12E871306
SHA1:	00726F7883F50D46E8448C8672A8E925DEF26A20
SHA-256:	DDB778C06C7567906A7A2A8F60132EF81EB97C93BC939A83DC5B273485A4476F
SHA-512:	67344BF5F821BFC5D0DD47045E323879763F833473A6C09AD1BCF8E4C25A9A76176B3C1ACE8BFFDA1E2462E3D3BB2ACD035A2ABE977696A5B5F7581E559A5368
Malicious:	false
Preview:	!function(a,b,c){var d=b(this[a]=this[a]\|\|{});"function"==typeof define&&(define.amd\|\|define.cmd)?define(d):"object"==typeof module&&(module.exports=d)}("mqq",function(a,b){"use strict";function c(a,b,c){var d;for(d in b)(b.hasOwnProperty(d)&&!(d in a)\|\|c)&&(a[d]=b[d]);return a}function d(a,b){var c,d,e,f;for(a=String(a).split("."),b=String(b).split("."),c=0,f=Math.max(a.length,b.length);c<f;c++){if(d=isFinite(a[c])&&Number(a[c])\|\|0,e=isFinite(b[c])&&Number(b[c])\|\|0,d<e)return-1;if(d>e)return 1}return 0}function e(b){var c=window.MQQfirebug;if(a.debuging&&c&&c.log&&"pbReport"!==b.method)try{c.log(b)}catch(a){}}function f(b,c,d,e,f){if(b&&c&&d){var g,h,i,j,k=b+"://"+c+"/"+d;if(e=e\|\|[],!f\|\|!Q[f]&&!window[f])for(f=null,h=0,i=e.length;h<i;h++)if(g=e[h],a.isObject(g)&&(g=g.callbackName\|\|g.callback),g&&(Q[g]\|\|window[g])){f=g;break}f&&(R[f]={from:"reportAPI",ns:c,method:d,uri:k,startTime:Date.now()},(j=String(f).match(/__MQQ_CALLBACK_(\d+)/))&&(R[j[1]]=R[f])),C.send(k,V)}}function g(a){var b=

Chrome Cache Entry: 316

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 62 x 62, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1710
Entropy (8bit):	7.815359096255759
Encrypted:	false
SSDEEP:	48:+d3c0ynwMD6Oc1CRXcyDRboT1orXBLfkn:+ds0ewMuOc1eNDRgIf6
MD5:	3FAE94D642A719D2BC650BA73ED01A9A
SHA1:	E13584E4C35B7E97D2586694E6DDDAAD2D635D82
SHA-256:	1E7E5864219DC3E7B393709A5689456EB54B4EF7467AA8F87BB7BEFFE41C6611
SHA-512:	8CEB7DC97E0985514302D7EDC2F78982444D3397AB95D6478628D25FBD4DBA2BC776ECCE091D80C743F21E463E9DAE5714AF1BC08BE7E625BB8B5183AD0F0FEE
Malicious:	false
Preview:	.PNG........IHDR...>...>.....D.Xv....PLTE............................ .... .......................... .........$$$............MMM..4E1.8'. ....................zzxxx.ssYYY.........oooTTT<<<.....% .............r...............jjjbbbWWWCCC666...............}}sss..l..PFFF.DD..).."..................x...........v..............................hhh111'''........................................}t.ee.cc.~`..Q..D.:.*..................&........U..H.....D........8.............."...`..Z.wS.kK.bE.......................................nn.^^.ZZ.,,.".<...bIDATH..w[.P..s....XF..,AhE.b."Z,.uk..uv...{..!{orM..&..?$...$..^..(..b...F.L:VT.K.X7....L.....d.b..a.V/.>R.Y8.#.FAV....(Z..}..:.N...A.-&^.l).x..D._OU.0....3L...zU.. ...l...M..A\5..W.......6...#.....72.E0.B...#.Jx..r.. .I.T+@...... .aZ.c.f.1;. .........W.w...(....j.jv.@...K..0.k...[.-X.....$.X.E..Y.m...dS...u..D...........$.<..I7.}@S.....:\|K.C.#........B.......zK^.,.....m...F.....2xt;.#....l.......u.twF..

Chrome Cache Entry: 317

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:	dropped
Size (bytes):	108197
Entropy (8bit):	7.965925240016335
Encrypted:	false
SSDEEP:	1536:ajIplz8CNI/Oe+AxiRgR5kxrGJt/ElI3bo6i1PsrjzDipWOSkO3FaRTRpa7gx:aWlo/OeTL5kqJEqusrLipWOSxoPMcx
MD5:	E7CE14171EBAD4B5EB07FB8A70E65F09
SHA1:	13A0EF7C70413B97BE94C5537F8704123BC2EE28
SHA-256:	0BA0B3D297B7A2AB57110F1E18728CD18100B6A6E7F8EB3784D8BD44F3A5ECDE
SHA-512:	8BD03D0388E8860E85D7B9FCCFCA0D6C41AEC3EE85BB06BAABABE271A8CA03122023F76EFF8FE12F5E15F275F2EA2E2173733D56436E6C38DF4115DD6266F3C3
Malicious:	false
Preview:	......Exif..II*.................Ducky.......(.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 23.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:A0B87D03944A11EE8656EFD4C33CE12A" xmpMM:DocumentID="xmp.did:A0B87D04944A11EE8656EFD4C33CE12A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A0B87D01944A11EE8656EFD4C33CE12A" stRef:documentID="xmp.did:A0B87D02944A11EE8656EFD4C33CE12A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................................$$''$$53335;;;;;;;;;;.............................%......% #...# ((%%(

Chrome Cache Entry: 318

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	35683
Entropy (8bit):	7.955053490136009
Encrypted:	false
SSDEEP:	768:YSktyF96W/Ed5UVnIYyDM6Hdy3EUNMwb+Xte/V8W3rO:BJF96/iI3DrDNwqXEbO
MD5:	583975B4342FD718871603AA4D228980
SHA1:	7E43257C86651A17D4EBDE6527B730B676196B39
SHA-256:	876A311EEF77C10933A7E93DA9007811A824DF220BDABDD3F7AB451455F3C2B3
SHA-512:	3CB04559444EFECCECB45CBCBF5BA8F2F2B4851A570501F1E1D74CBA9D7C427382A56FFE2C6C23E3A5949059850473035238E3EFD89E92F5B7ED35F96E18A0B4
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-sd.a5b9101b.png
Preview:	.PNG........IHDR...x...x.....iC......PLTE..........j..... ..'..U......>E....-...@..F.......g.P.v!S.=..4.....i..k}4:.7>._p.....l...59......]r.Xm..v..R^"B..x.H..^..................................................Zv......~.lFV.n.................gx...................[l....w..o..2L.Qp......ySc....h..`z...Wf..bs...kW9J.K..................o~pO_....v............V.....x~.....S..b..r.;.....[..z........AY........K......E../..........x..NOs.C..........qr...................Gh.np.{}i.=.HH.PU6...\|u.E....xKZ.....\a..].6..+...:\.gj.1G...C/<....>...E..F.&.,p.;c.V\.._.pj......!U....Q./.......DX..E]^.YL........x..Z.`q.`j....Woths.0..<... .R1..v:CQ$/...A.+.Bk......&8.c..n.a.;......[S`#.. .tG#YL5.../yyZ..q..n....I+..R...sm.).E.X.$...n.J$o.G.iA...:.g.p\|.....{.s.kw.......*tRNS........2....J;rT...x...tX..e....y....<]t.....IDATx......P..p.M...K$D.D.N..KDl..h.....%H.CfD"6....8.6./`.........J.....}.9.j>w.......zz.....eff..E.V.\.UV.\.........wy.o

Chrome Cache Entry: 319

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 537, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	81200
Entropy (8bit):	7.967787281945485
Encrypted:	false
SSDEEP:	1536:ymecUzyL/bOg1mo75pToXnb4Iaks5WEQrOL2OP9oUgTs46o4:ymecUzGSg0oIIJQmP9ATs469
MD5:	09E326456A0BE10523FF5DE020282745
SHA1:	58CA5B81684C13BCCE4CF9FCCE40F5DF7993EF64
SHA-256:	11B17AB71623BAD8C73AC2D714F09A517DA83A57C47D7AD1CA191814D17C8FE1
SHA-512:	CB4F28659B515D6C7DF3596CE4E5AAB518B24F9445DAC89A9381515955D6764DF6B52DE4D5DB53BFD63AF947EC2547CDABB50E8BA85BAC08517B973A235F16EE
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-6.7bfb07b7.png
Preview:	.PNG........IHDR..............%.....PLTE..............z{{..........................n.g8..rh...s7o...h9.d7.j>....o>.m?.rD.p3.r@...J...y:.j;P.....L.m=b....w...x6.m2....d6.l9.\|<.xI.......uC.w>.\|A.W....pDP~.....`5..QI{...>.z..uK..]5...s.Y.t4._Qp.u6.T-v..Dz..{R...~.....a.}O.........F..........d.i.m..i....:....y4..{=KE`.sL.}H..X^B7.[1.P.kZ..r...X.^....eZy..b..`.b<.v...r.q-{...L.hTq.T....\|...II..}Doo.D,...^.\|.kEL{u..kl8*s.zT3+h......\|Y...S.z{..@v..A.F87.W3.........p`{.7%.[W.t......>+.M.........B.<:j.p..WLg...[.j..r2_..\|.ma.yJ9....w.b?..pBbd..3Pyc.VIc..Sg^.FG.d-..\|....Z....1.y....7($~j....m."..w..fnz^..Mt.:..\|..r............zj..p......d.}...M.rM.....b...kh~]Ud[F.....k.^D.......ra......N.tf.V.....Y.m<`.)...PRt....=o...qh......u...7...tb....f+w{....tRNS....U9.w..o...@../..9.IDATx...j"g....nI.....Z!a"..l.0B.h...Q.("1......x.......W.3o.x'..>...d&....MR.g......\|..o....................Z...T..Z..\|.4...@2...O^......:T...O.&

Chrome Cache Entry: 320

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 663 x 1237, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	73028
Entropy (8bit):	7.977889333364363
Encrypted:	false
SSDEEP:	1536:urT1EhPQCfcTCHKzzh8zsdqWnRRizKWu0+uOYW7fHmr35Egyqavi:g1EhZ3m2SqWnzizKW76fHvvi
MD5:	88B8AA084221F79DA657FB97BD7758EF
SHA1:	4EACB6530EBEED12AB7F76958994F0F7B08AC6EB
SHA-256:	306B64A2751FB08944FB822DA042062175033D218C675011DAAE22293DE9ED95
SHA-512:	3BC9B1C9E6A0E8671E9F598B09925158E1859FBCE1CB1545EA8440AE30249D19A3259932A3DC99DDF0C5EA8758D80B7AB27BEF464E58E4075A2432539015F66E
Malicious:	false
Preview:	.PNG........IHDR.....................PLTE....................................................................................................6....003............#$&.........669.....*-.......................==@.......................UUXjln..FGJNNQ.............[]_......qrt...bdf...BBD..........xy~>..........................u....................'...........8...........{L._.R:.................s.....H+)o:......i...4..w..X'......n...O............hS\@;w...o....L..;..V#....RRw...................\|\|:=_.....R.....r...AJkzW[.k<.....9.n....v;?.{r02Q.P.._o...NS..`d...v..`,.gj....kJ..C.ic....3"............o#(..].z@...^...]....zW@....GS.68.......k..\|...v&h.....h...........ma{%(B.t..L....Z..L..[b.}..i......:o...=..sX.h.@.......2.....g.Do{....Ow....q.g..".....tRNS....Ihf.+....R....R<.......IDATx...A.. ..P..F+.../.?F.Yt.(....n...&.....................'M'..1...0}.Z.#.7e....)m\oO9..{...TqlC~.k ....}.l.%o.(.q.9.4e...F...b.M...`.dJe7.J.l..$.....F_...\|

Chrome Cache Entry: 321

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	11002
Entropy (8bit):	7.9776073354641674
Encrypted:	false
SSDEEP:	192:A42SVjLW30Z//kSr0tG8GaehbHCPSRRl/e5/PHeVxoHAiZIRb6jdQzaVtzc8Ybxt:A4ZVj12ShazR5XeroHmRb6jdoX8YbxMw
MD5:	D70DED7A0C0898BF1430ECF1D45620DE
SHA1:	550289501C2DF637C0278092CE126793C57B83B8
SHA-256:	2B8442D43FE84FBC1DCC64A970CF92C65E6DDB5D52159A7972BB427247C99D67
SHA-512:	B3E07E5739CBF7D158BCA701591AA3CC1D49636705F1E5A4BBCE3B6629362727CEA6DA4F22382110496B7478F2E75F20E30D3046DB962580FF51D5E348C85019
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-22.77473c1b.png
Preview:	.PNG........IHDR...l...l......fW.....pHYs................eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..);IDATx..}.t...w..{zz.,.[6f.d..c..$.B.6Y.YM'..!8. 9=..}&'Iwf..d&.=.0'.....s&.4Y.$!../.....l.X.....i{{...K.'..l...P...r.~...{....I..I..I..I..I..I..I..I9....c$..2a...3D....CyY..=.@.0).&.j..R...B..4:.eV......(... .....\|..6.%...)....(T0T..!....X...I.M..!~.p..YS.(U...5.......5.Y....c.d.a. ...V.W.{_...[..o.b..2.T.r.94...m.....,k..G!..M.\|..m..T..8\.pa.'(..LfqSs.rS...Bc......1N.T.G)_...].J.I.....r.A.x.W.2.^748...A..VP(.......x..)....\|.ar.rE."Q...U.U+=.~....O.........Q......l..h)......f........[ ..E..U.TQ...........V\|.{.p..O..A.,f....t.

Chrome Cache Entry: 322

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	37338
Entropy (8bit):	7.968698839749081
Encrypted:	false
SSDEEP:	768://YuAvxMeH7kBGYX4go3Z/MGuRIlviolxzxU8QgxjZgHHaHIDaifSoD://YuAZZHAnneZ/1lvio1vZyHaHIGifSU
MD5:	74C4ACB3BA4360C7D5D1FE123693F5B3
SHA1:	6D017B693A7A076ABFA1CE9C223244A0DF4B57AE
SHA-256:	B8D19B198222BBD3585F56E8392DAA397253388CC284495DD1C5AFF4B9901D85
SHA-512:	9757AFBC70F2B2C0EEE233805D1FC54571DA2AA23B2A0FD332491DCE8ED64EB2182F84523E459D773EF4495D2AF9120DE68C36F5104A76EA9F06E64DB6220456
Malicious:	false
Preview:	.PNG........IHDR...x...x.....iC......PLTE...406.......+1,/...}....&"&.........%."SJQjep&!$...baq5,1nepODQ...i..ZOZ\MWXJSUFPN@IRCMj\eJ<E...n_khWc@6>9.642dR__O[E:Cvhr....jZj..zlw...rco.w~...F6?..~q{`T\"...dX`......;2:/&-...#.$......@1;........'.............. ..........utu...x...........~........dTf..p..........w.................ofl...............6.&......lp....xz........^a.....................idg...tz...WVW...u.RNQ...y............e..j.........nnoLIK......tex...M..=<...go...EBE.RT.g..JGF/8...m^v.....___.22>'0....i.....{V....dk.\......w}.pw.:O.s.^..RV...n..dc._.cN...uW....Zd....n..@G.EE....\|D.vU[....J.\9A.T.H!&gFM....NWt=....tj.\|H.....t-3...}..t..}..'8....bv..~.uw..Bb.Mt.....[.0Td.e.....BP.1<...>m.fL.;n.i...#q.X8.UN#tCq.9....tRNS..../J..Ud.......s......r.I...pIDATx...k.`..[..u...'o..0..hJ...zk..1..X."....R.P...AX..\..e.../z.C.x.....yZ..mU./.t.......<K.. ...b.H8......-.f.W...>..........\."...\|.

Chrome Cache Entry: 323

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	64325
Entropy (8bit):	7.967705821097859
Encrypted:	false
SSDEEP:	1536:zCw6Rco5a8qKG9WzlHCpyKfl301dtsb7/y:zMRL5HqNkCpFd5K
MD5:	83D60FE0C5E9BD5838C3A173FA42E93F
SHA1:	8828F2A8234DCEBFD7437D1534FF418519FA5B7D
SHA-256:	320783C41ED98540738C723B56B4A048D0D33B7D7DA37C03CE9833D81E898801
SHA-512:	DF601DEF87E690E8F64E21874D7E9F83D238AE51FCC8C0ACD8A75D971C6F98B6EEAC65564977758DA158FD9B3ABE6EF23C4546F29403BA3C107C632238FEA91E
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-4.4a2b7aa6.png
Preview:	.PNG........IHDR................u....PLTE..............ooo.......................\|...w.MJV...bW...q..]R\|....ZT`.....n.k.aK!fZQLWJIU_V`....dU....WR].hN.cL...^L.cNVPZ.y@......]+...ROY..b.P...\|7.........iX..i+dN.hN.<.aR.L.p0.G..2.\|B..njK...j.1.........'...{:eeH.@.ZO..v.P"..`.....\T[.t:..{d[d......O. ...g-..VVMU..Z.,..D...5.Q......8.e...u...ub{=@.l......q.@Wr8.f".<..juP.+....^.d/.H@eP......@.n3}@.eX].z,..^..x..X_..Z.wR\|jH.q8..vvT......Y..~@..z.Y6..C.f.......v..M.9.]-..a.,..}n`b...}.v(..n.V..F....sI.M......m9.\|$..{&z]d.a....wL4s[.o?NjS..J_rQ..R..J.SF}j...B.\|.eG.7ac0$XK8[L...\|\...N$w....R...Z....gw...w.....bPaGV.T........`u.Y\........K,...Jv^e.}..s.t...m..moe4r................wijX.qC...d1^NS.q.f.m......G..mSO..Z.e....I.\|TC....^......tRNS....3rT.....k....IDATx..=o.A...PB...8.Hq. #].....Km.O....K7.DOA...(.."..E*..OP3..3.6..`.y.........:wL&..d2.L&.....L..6..q./D07......u.@..Q]w..[..'k.....w7...-\|m...z

Chrome Cache Entry: 324

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 716 x 110, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9809
Entropy (8bit):	7.954559967359701
Encrypted:	false
SSDEEP:	192:XRrl09geCFh4JwyxrwThpjMARIE9ZNIXF/Qe/jrj:B0C/TbhpjLRxWdR/jrj
MD5:	5AF07979C5CDF3FB896B467640D3ABA0
SHA1:	64EB66EFBBC890C5D8AC6FC43325624AC73E576A
SHA-256:	0F1692A7F73D039DCB6703ED915D094E5C6E88EB1E01770AD1927C0B5F21CE52
SHA-512:	DCDC5E65035AE596508800DFA53D256EC2C087694B2F5E9258C61BB40DE741039B062359E7C1952A38FC31C61F608CC01F80F1CDDBB26AE3B1FB6168B63F86C5
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/brand-text.561ce6a3.png
Preview:	.PNG........IHDR.......n.....3.E.....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..$.IDATx.._r.....x....`D.*..V...`...X.a....YA..F...v...b.7.....{>..k.m.i.l.....C"..N...w~.@.,......?....?...a0...?.>.B"s..C.c.}.....c...p8.x...w}\|===..........':n.......8=..^.-ONN...w.....c}.x...+.S..8.5<}....Y..'=..G.]\\..ey&.. .....>m.#..._....NT....ITt,a.e..........C=.&..~..r._.l.@G.....w.....e.....8.w.w...^...4.or}..!..g<....K.8...z........z.09.L..5.W.g.i}..`z2Qb0MH5....d......<.d.L..f~3..fuo>.=zs{._>.`y.....K^...^8.z5.........I2@....,p.....O s...\| ..3I.'+~6...b...f'i.$O..97l;9I.....t...Gz...J..<6......N.Q.1..N.V$...'d.3I4..H.......L.U.B.

Chrome Cache Entry: 325

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1272 x 967, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	200887
Entropy (8bit):	7.978433783839488
Encrypted:	false
SSDEEP:	6144:xvm/YA+XXWKJqC4E33iTG/RVDoqjKuH02eF2:o/WXWTEHiTG/RVDFjKu9e8
MD5:	EDBAB82D8BA30C28D104494FC12827F7
SHA1:	2BAA1832A50962487FA6A974ED034367E0A655A3
SHA-256:	73B55664C9A77FD8495A153D5801CAE0791708E2506345E792A776E81685936F
SHA-512:	643419F0D12469272EB4EAB76A539127F7FEB63F5D75B2D04E3D624885AE7A3701559E8CAA7A0CD0CC835D6E9BB4E8F0C252A52BC3E444344D77B0C88F842E38
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.5a6a85fe.png
Preview:	.PNG........IHDR................^....PLTE..........................z..........[.......~.................FGG....................................................................................~~....... !$.....A@A97=222...................QQQ........omo..A..........#Lvuw```........+)...9j............(+;......$/]..............III...........[l.........4......ffiXX[.....c....%,Qw..x..8..Rd....r.....BT.Me....~..at...........pv.s..L].Nn.5I....o..Vz.g.....il.=LtV..{..5;Q}..=Fbs...l}.Vt.e..JSh?Y.ADRHNZS]r\e}N..........1Dt......\........,>>f.......B_.`..bv.l....yZ\...-x...O..:.....'Q..b...%]...........}sQ..C....ngNR......dXi....lg}........mi......:.Byh.VAG.-.....^C....a4!.......G...7c...@B...I(M..wE.p..u.......`m2z.N;.O' ....m.c......-..F..OO.......k....M....tRNS....................h..8........QIDATx...1.. ..@...N.%.@....................................L.8..g...Y:z....V...y.n...(.Z.&._~.....gFK..0.%...2.nOw:.E%.X.IC.)*..BTm..D,.:.u..LR.\..

Chrome Cache Entry: 326

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	62227
Entropy (8bit):	7.985539475072989
Encrypted:	false
SSDEEP:	768:mhm4eCgiAhaEqHlzLnx5X6Hz/byL3nS+eA/UMZ+kIdoup5YcyxEdgn6qPoDa:mh3jNRLDS+++e9IQp5cEdCQm
MD5:	2C24916FCB318129CC24AF2A9ACA8D3D
SHA1:	F7814B79D0EDF290A36B9C3BB12EFE5E972191B1
SHA-256:	3375D3627D1022D14AED431ACC3495F376AA40F2C71A2FEB0AD1B5524615666B
SHA-512:	C7967C2BCDC955D524DCE80FBB9A1D547694B5A6085B8DB5D297EC3410DB97DA37C300ED284F73FC45127FD8079FCAF515A02D540C086A599A72F3682070C6A6
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-5.fe6684a7.png
Preview:	.PNG........IHDR.............F..?....PLTE...epw....#%......(.1MV[AIM29=... $&..........................................(.0....%(#,.!$&+-.. .."!')."$/3+15........ ',/.!"9@D-4829=/6;$).#';CF6>B<EI...?GL (,!%$4<@$,0...P[`DMRBKQISYKU['/3GQW078MW]AINR]cEOUU`f...#'&NY_((...\ir.44..... ...Wbj!!.....z_mvYen6<<q}.OWY,-+my.$...~t..apz/1/alqx..dt}\|........KSW^gm..qju\|......V[[;><597...HQS...m..i........d=B@`L>.....vBGE.._x..fw.'%"s..U_a......o..[dh552n..j{.+!.FLKmqp}.......u....X1' ...82'.........bed@81...gki...QTSvywT>5iNC\C9.....7#]`^..zTK:.....MNN.........oSH......=IPM91@/(vXKHA0......HC=G4...................`SI....pa\|.........w...\|]QziI...aTMKD'29.~ewn`....i[.........m.wVb\Rj]C.xj.~WXYSTRH...........p.....cmcX.pO.th.......q=P^...2AM*9C..{J]j+=/..z...D &......Z&-..Pj~...{2=.L].h.5p.a....tRNS0.OO........A.....IDATx...k+e..z....!P[1...%.S2.8.\$...H<C...L80......8...F.....Z7n.`)B.)..!.{........%Z...o..i{...y......s........p......S...,F.?W./....]........A.......

Chrome Cache Entry: 327

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65458)
Category:	downloaded
Size (bytes):	164836
Entropy (8bit):	5.4141536255986855
Encrypted:	false
SSDEEP:	3072:lypM2Ag2xOO2NPrUE8Pbq6FXj4dlkCGfdJ6dK1m8wqTY:lypM2AHOO6r6FXj4dlkCGfzTY
MD5:	0F0C9E1EDDAEE7BB222D26EF9F59951A
SHA1:	11F609C9B805C356F0BC18A30FFA812BF1DD1902
SHA-256:	E0C78AA993AF098837267BA6E735B477702467F3F372D63257F04FEE70C0B347
SHA-512:	60EAA254A94A40530B2BFC19476057E2755CE670380C8D652CC1CD2977095F98E7825CC6E39F7CE337CA6922785A05D94A58A57B114DE23C64D923788F780829
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/other-chunk.ddf042d1.js
Preview:	/! For license information please see other-chunk.ddf042d1.js.LICENSE.txt /.(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[256],{7268:function(){},402:function(t,e,n){"use strict";n.d(e,{p:function(){return r}});var r="q"},3936:function(t,e,n){"use strict";n.d(e,{s:function(){return c}});n(1249);var r=n(3396),i=n(7139),o=n(7261),a=n(402),s=n(2482),l="".concat(a.p,"-dialog"),c=(0,r.aZ)({name:l,components:{QPopup:o.Z},props:{modelValue:Boolean,visible:Boolean,title:String,content:String,dangerouslyUseHTMLString:{type:Boolean,default:!1},dialogClass:String,showConfirmBtn:{type:Boolean,default:!0},confirmBtnText:String,confirmBtnTextColor:String,showCancelBtn:{type:Boolean,default:!0},cancelBtnText:String,cancelBtnTextColor:String,buttons:Array,lockScroll:{type:Boolean,default:!0},beforeClose:Function,callback:Function},emits:["click","close","cancel","confirm","update:modelValue"],setup:function(t,e){var n=(0,r.Fl)((function(){var e,n=(null===(e=t.content)\|\|v

Chrome Cache Entry: 328

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.702819531114783
Encrypted:	false
SSDEEP:	3:YA/JHaLWAiI+7n:YABHAWAiLn
MD5:	07AF6F1DDC7312D27CB0B3EC3C6A5F11
SHA1:	E14461D6C670B627DD5F6ECFDF493BD9B28A39B1
SHA-256:	851404A868D79418E64C0C164C587EB92B651B44DD5B0DB6544E7E797246ED7F
SHA-512:	BA3CF0F7367C2CE4D1E44353A72FB6B479926B9142B8A895FC9569EC1EC3FA0EBB844038873E76B90D93BB4FC60F65566A8E21F1CADAFB08B311B6A98822E285
Malicious:	false
Preview:	{"error-type": "unsupport-type"}

Chrome Cache Entry: 329

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 287 x 287, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11943
Entropy (8bit):	7.921713463674599
Encrypted:	false
SSDEEP:	192:4t5RVBMRoRG5ectnEGZUXMrE97R2DV1qBWMO/a1K8JMVkQd6gfL0SuruPFQGCraZ:4jRfctnfCEK7R+0IMAuK8J4kQdFfL0Sx
MD5:	11C7371BF2336B5292AEDF41CAF163D7
SHA1:	9778B47F333A85B086A9A698241670CBB984A50B
SHA-256:	42259CEA0D1FC6BB23FB76D840A68E856B255C01AC3E6A12DB4DEB889F973AA3
SHA-512:	4A48ADE9DF5B2B5C0A43C57877318FF3AB3B145E299BBFAA032372D62C2B3D3F2F7D91088A96FB18D5284C20739A1C6F4F10E38D529659B96FDE88D91410A59E
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-7.17756db7.png
Preview:	.PNG........IHDR.............O.2.....PLTE.......O..c..U....X..T..Y..`........X..X......+....Z...'......................Q..?.2e..O..L..O.......5`.....!..R....4a.....R..6.6`..I..7..R.....S..$.....[..?.....T.....O........<.......7`..3....7`..2.5`....5a..........<......f..........................$.....)..-.....1.....:.....B.....=..O..I..E........@..K.....!..8.....3....8..5...6.;..>..0.....-..)..2a....A...s.....v.$.....E...............k.3...n.....S..z..9..g..a.'...]..Y........R.....O.!...E..&..!....5a.....=..4..+.-b........A..U........}.}.../.....F.....H..........(c....$d........d..1.d.z...L.................K..C..f..e.......2..:......f.N..6..7..n..`...f.).......C..x....P..Yo..f.dz..j.....P...i..)...Cz.4x..L.tt.{h.ec..n..`.jR.W..No.yY.wB..;..:.z...g..I....h...y..g5...$t..!.LN....<2.....V....GtRNS........ ...'. .@10..a.... @ .`.p._.N...oP .....o)..`..C..o......W...+.IDATx.....@@....@r%AMB..1..n...o...^........FU.y.i....mK?..q..\|I)...]..o...N.P..y.a....q.!..11fb..0...L

Chrome Cache Entry: 330

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 146 x 170, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	10726
Entropy (8bit):	7.9699290675293275
Encrypted:	false
SSDEEP:	192:2taETf9lbSgB72SKFonFcYeGsgUn/+6XIl3YEXx4vy4NjtEe:2takf9x7ASUAcYgn/+6X6o04vy4XX
MD5:	E705F1CEC1E66F61882A8BA92CA59FFB
SHA1:	0B78ACD5F83187847147AEC5D31290998206A85C
SHA-256:	9D68152864EF6CC0D918B972CBFC76A1265E4775C129C3CF5528D5FC09DC28D8
SHA-512:	BAE4F1D6451861A7D5A88761D776EB35CA6BC62B2F6751FDFF2126B6185332BBD84CDE3A952D3C55E2A500C1D25C92F3DE81C6A1F7A0D8F2CBE94291DB97E6FC
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-5.587b1e5e.png
Preview:	.PNG........IHDR.............q..\|....PLTE...wxofd\.~uKKF..fg`AB;TUO...\]U...YYRYYTZZTooh]]V^^X...ttl^_X...KLF]]WPQK...^^X_^Y...^^Xde^\|\|t......dd]ee^kkd.....tskTTN....}..z...hibwxpyzr...wzs..}.....y.........mnf...............................MPJ......`aY^_X## &&#\^WZ[T[\V01-23/ab[$$"./,()%%&!XZR,.XYT)'. ."".((#+,(UWP562 !.,-(TUN#&#&(%8:6350>@:RTL;=:DE>CD@OQINOK...WXQEFB@B<HMJMOG784+%...@DABC=JKDFHD12+LMJ7;8iplNTPLMF<>7:;8./(bie\`WQWT:<5251UXS892ch_...PRK>B>;?<HIB385mtn]bXRVOFJHHJE'+)Z_VBGE.2.FG@^eaTZW)/,t{uY_\\|.~W]YLQLX]TKQNIMFek`ag\fli\b_.D./41...pwsx.z>2&jph"('...............wwsI0.r......67/..\|...ssp...yzwQRN.........\|{yhkd....X..C...._c[.G....Q$.\|.....Y/..N..N......qxn`a]\&.e......d....?+....+33.9....H%..1.4..m1..C..9..,../.i&..;..?\7 .?.G:/3) +"....l<..}I.l..L.....c=I@7.j3w>.i?(.R<..Q....GtRNS...c.G.....'.I)..>E.......a2....9..r.e5Y...M.......nD&.....\...~....X....&QIDATx.....@...la ..X...B.p......w..J..4&..L.Bp...@EF.b...e..."XH.{.\|...B..n.k.....7...1..0..0..0..0..

Chrome Cache Entry: 331

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	271
Entropy (8bit):	5.077273104025034
Encrypted:	false
SSDEEP:	6:h4QW3z6Ie/KYkUbU7AqJmOs43Le4mYn1K+Mch0MwWXfGb:hPgzG/A2UEqJmDujP1K+MCL1Gb
MD5:	033D4A8324DBCD62BE77466E5C21EA02
SHA1:	F618C5B81A86E0BEDD2D240D987923066CA21A75
SHA-256:	4A7662449EDCBEDBADB613E882544D8FE4B1E5DA5649744B4833707711589DB6
SHA-512:	69418A83BE25CCECE9DA50C0CC1CC9D4A63F7845FC670CCFFD2EB92A6D1167F265A60A9AEA528109147DFDF954689B899A560EB75EF0EF035DD254A3D375455B
Malicious:	false
URL:	https://im.qq.com/
Preview:	<!DOCTYPE html>..<html>..<head lang="en">.. <meta charset="UTF-8">.. <title></title>.. <script type="text/javascript">... //BJ_REPORT.tryJs().spyAll();.. window.location.href="https://im.qq.com/index".. </script>..</head>..<body>....</body>..</html>

Chrome Cache Entry: 332

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.9996684872680035
Encrypted:	true
SSDEEP:	24576:gcSDqjGRAeLiAHX78zZQu85n1wFc6B/Tv+VTXqwJ+UQbgyWfQ:jSRRdkCPSc6BbCTXjJ+UQcyWfQ
MD5:	7EBC5B8C98D5513033F97F2164ED2AB8
SHA1:	58E00A75CAA64F3D6318EB5B33D5F37AA20D2850
SHA-256:	D5032B86723E8711DE9B312A5F4B9BBE2738E3A3C2FD13769C2D48B6DC41EF25
SHA-512:	2FBEFD5D5AF44ED3124C7364366B5A0058EDCEDC29CC39D324093AB97013BE5753809D876DA8B04D6C574E34DDCA23F29227F9AC1B8FBDDDF1DF71DA89C04AB8
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:15
Preview:	.d.../.._O.....nW...3d..(..u.}$c.....P.%. ..4[......,.F..RW.C.u.1.[!.~].).Qs.v........R....~...~.C.hZ.G.4.BQeU:..n...C{..MA.......e.N.....O..:....[V..O.?#=.........4.........q.Y..;\|3...Z`.X..b.J.r...L..<....]..>....M.%Q5..M.dJ.....<-a.j..(..r...:.Mb.R..."'..H...2[.o:i4.yJ.......}...I..a....t.........n.m.@.W.""..o.M3.B...V.....L...q.O.b.....(.(..Jr...8..M.W....'.,.......w..$.w..}B.r...... ..y.X......rg^....t!.........k..S..u...!..N.....F`.7...Z+..zxH..6.....M..$.].h...z./.k.c...7w..W.kq.a....\..W.\|GA..Ue.......(..a.+:..F;O..xX......P.;%.\|R.pO.8=...GSJ_..w.}q..5..V.>8....o..i..oA.42......f.f...b0..VYF.R.w..g~.9.e......3..\.......-.W. .k.v.X..Bu..g..[.>.#...Rh......Z.fus5....Hv...../.<..=q~.."9.oL.O.O.... .h.gZ....#..&W...6Ix.&...Q{G...f.t...l...DV.}.PC..."X....G.1".(....k.J...O2#.z..RzJ...t.[c....k.F...U...o."....Am3.Z..VR....eEQA..].q...ke3..._.@w..(v.,....*B<$?G..u.fPE......'..g..4.7........Uh.b..Ed........$`p;.]A.-d=.J.Z..c..r..I..h.\

Chrome Cache Entry: 333

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999771159297996
Encrypted:	true
SSDEEP:	24576:9UX/ytgcmN4ZeOZ4XaQk41DaCAuK190rbndlDj7OaLnv:9a/ythmSZGVk48CAV1yrbnzj7OG
MD5:	D3CA6C436622EEC40B5BCC7B59B3DDD5
SHA1:	FB1BCA4AE93245DF3CB88A784FD112F4038F955D
SHA-256:	F6A96B6234B1D4A2A250CD5BC270EA25D18E7E3184B3DE5F398727293D6E5980
SHA-512:	596E856FA5CE1846671AA0782CBFB27E0A717DA64EC9CDCCB72BA895878599469057BDA19EFB534C4D54305F48077000EA5E1C75760E14449AE1685A26BA7AEB
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:10
Preview:	.i..c..c.1%..h........L.hxoS.[......8\|.F.A`y.....`.1\|.@.X...^D.8/.....np.m..."..7%...s[ ..\.....j).'...~.b..tI...8%.M:..T..N!..\|qK......E:1Va....,\.^... .$...4...._........x.-..3.@s...0.dZ.Jl...aA.5U]..c%.l6.\N.>/.u..n&c..TU...V..B%...e.~.....H.. ...;...v.X.............`.X..V..aI..c.Qp..0..GF...P;..H+...$.@....&0.J.a,..Y..In.,..........;...'k....;.\|?..&H...DE.....% ..........X.t.G..~...!-X....!.bP,..4.4...;.......&g})W.. ...h5..C.K.>.{............Z;9~...CmlS.....l.'O.=o.Of....X.....z.........4.!..X..'.p../[V.O..q...4^.......J.......&..e..$6..'(.h;2.(..oX..-..4oS..n.".....P.9...........A/.k.+.........\|....+.;......_$..I..^.gH.8g..%.o.....$.C(.,.;..........$.6..m.... <.7k.....p`...?..v..X.N.@.5..f.....F(.......T..k.s4.V.N.Cc`.u...P.+....L..j8.1.)S.N.v.?..Ib{5..E..z.:..w.....~...4..o.....(Z........E)...u.S^t4.W.......J......)....pv92.....E..l.f.W...##....K+..p.@..q.Mbk..lp...iW...F....+ .....9?.\!...`..hAf,@.8...V..5..~ .c......b.....lfS}.

Chrome Cache Entry: 334

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 208 x 208, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	8337
Entropy (8bit):	7.922684154713854
Encrypted:	false
SSDEEP:	192:5ADPa0oXZ6jkudR2KsmA+FHbzfqCTrvvaY+E9tcPxsr2VMn:52azpUj2Km+KCTrvvaPE9tESn
MD5:	FBE6B924EAB40D73B0E3F142E6601562
SHA1:	1582C7A664D5A0CB42A8C767C21617C4482AF40C
SHA-256:	FCBBC36CE022D677E4BFC53A6E1CB0CCF287154A4727D77F5F27EF4C6A820A9D
SHA-512:	2BA1C9AD6FC30C5A844119B6FC682D9FB94A240F095F480D8706DB35453B84E73FC5E0B3B5B788F7F6A29E3FE6775882BB04F6E4A0C7CEE283AEF6B4792B6F25
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-9.39b61a69.png
Preview:	.PNG........IHDR.............Az.F....PLTE....R..Q..K.u......)........%z....,..4........z.......-...}..........".........y.......5w..........(..&..0........&.............7.....i.................i....-..!}.............................................\........./..4..)..9.."....6.....:.C......%.D.............s....4.....:..1...........$....."...........'.................2..-........................x.....l....#......w.._...C.e.......-...........=...u................,.........x...........\|.....~.......... ...o.....v.....z.........................................G........M..\|..........o.....U..N..h.....j.....X.....z..q..S..a...........p..b..[........Z....:.H.y!.N...Pi.......c.6..JC........6..N....=........{889....Z....211..,....4.(..W.4.i ...?AE,,,.{........<...]cmt..LOU...kq}.;.....KtRNS.......3':.N..P....d.F o.vb..W..~..m.....!......e...B....z...............IDATx...1..0..qHc..7...p.Hi.2R.=...di.(9.{.)r....a.....yK .m....'&.O..(...B.P(...B.P(....]".....ISk.

Chrome Cache Entry: 335

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	139706
Entropy (8bit):	5.394870829759392
Encrypted:	false
SSDEEP:	1536:wHaVo+oo+NC9aNO4pqGqK3Sdl3hpMRgV1a8HxiWcRIZRvi9It8ixrwfRgK4HZqv1:Joo+EeZUK3Ip/4Ib4b991
MD5:	4F1A32738E3BA3090BA80EF6787116F4
SHA1:	11246335D790170AC9AC27B6597FEF01D8208B4F
SHA-256:	C2632F43A3EDF5ACA12FBCD5B2358E505D4E378C6BB13D0EBE6536214187ADB9
SHA-512:	FCC3C1AD61E431976CEF5932E7522E0AA26816E59AD43D525207D6B684CE1C88D7F54F1E6D8CAB7CFDD8854AD14443B2EB5B7FE991E184C4C25348657C4C978B
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/vue-chunk.bc9c2585.js
Preview:	(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[277],{9662:function(t,r,e){var n=e(614),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a function")}},9483:function(t,r,e){var n=e(4411),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a constructor")}},6077:function(t,r,e){var n=e(614),o=String,i=TypeError;t.exports=function(t){if("object"==typeof t\|\|n(t))return t;throw i("Can't set "+o(t)+" as a prototype")}},1223:function(t,r,e){var n=e(5112),o=e(30),i=e(3070).f,u=n("unscopables"),a=Array.prototype;null==a[u]&&i(a,u,{configurable:!0,value:o(null)}),t.exports=function(t){a[u][t]=!0}},1530:function(t,r,e){"use strict";var n=e(8710).charAt;t.exports=function(t,r,e){return r+(e?n(t,r).length:1)}},5787:function(t,r,e){var n=e(7976),o=TypeError;t.exports=function(t,r){if(n(r,t))return t;throw o("Incorrect invocation")}},9670:function(t,r,e){var n=e(111),o=String,i=TypeError;t.exports=function(t)

Chrome Cache Entry: 336

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	35833
Entropy (8bit):	7.968432364063312
Encrypted:	false
SSDEEP:	768:uRzyOy/ma+XXWqSA86MlBjK3ybYd1okZiwF:um/VEhMlB2ibYdBMwF
MD5:	B3B6BF49A0DAC771E6231C8ED7B50B7D
SHA1:	7D08C613473985C3DAAF49EC38066202D823565B
SHA-256:	70D372944A2862902B182B09E2E6EAD81242FED2BB7E9C01448735C63A230F20
SHA-512:	093EA5D747DFB9822A52A969982789A03DE9311DB21E7E4AB1DC70A87EC35A2C87148F1121552C8006CC40FBD74567C2280BE9125AE5DF8D5CFD7B6E4CA5F073
Malicious:	false
Preview:	.PNG........IHDR...x...x.....iC......PLTE..........tv..............tu.....vx..................t{t.df......h....Od....q...........................................................................0!3......(.).........................d`...................{.?=.....fi........x......oe.................wo.....:%;.....u...\|}...x.Y...qp....ZU..CB.IE.....d....~...yy..b[n...TT.KG...{...UQ.......o..PO..........oeivTG.sx\|np... .!.qe...^^........gG=V92.n.U.y.]v...L<N....c^B)$...............lfG.n}Jh....h...r.=?.uj.^O.....h........s..h..........=p].f..A?.....}.>M8....It95>....p..{J_O.i..U.u.nq3'1\IeA\........]RYV+ Qvd.~..C+...^......S....deZ....\|...............0/..@...........S..8_..)^..]Xq...........Zp........U....]...VK~.i....tRNS...!? .U.E}.lq...............Nkd....IDATx..k.Q..S.Kbb..F#.D[....5.R)I'.B(M@.+......%4C......s...8\...(.$.....%./..~........}.^........^..B.P(...B.P(...B..w.B.h4..(.&..v.4.B

Chrome Cache Entry: 337

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 121 x 121, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8572
Entropy (8bit):	7.961319566836723
Encrypted:	false
SSDEEP:	192:5tLPUKXcqURgyabfPPh17y7zef/UUQ/62yphvwKNayVVrkkXqeX+w:nIKqRgpb3Ph17y7z/P/ypmKNa4ZkkXqM
MD5:	7941843909C59494F533B7D9A78E36F7
SHA1:	A325976F99A1EE4EAE8070E8BD6619B5B7961076
SHA-256:	C91EF947A92830BBC926507D00486B5A45122F87796FE5E3D2849E77FBDBAA09
SHA-512:	BFBD0EAE0CFFC5F5F656E976BD1E376C633E720903DF20DEA1D25767053E8AB3CE30C60A04F86C2667DF454F907CCC2FD9DC9C4059D0E9F37544347F731F8723
Malicious:	false
Preview:	.PNG........IHDR...y...y.....$~{....PLTE......alow........`opHSYGQV@IOKUWHRV...MX]DOTFOU............GQV........................qzxHRX.........y................................ZegLW]S]_.........Xce.........T_bFQS......]hjOZ]......VacP[`...itvITV...............GRXJTZ^ilx.....oz\|mwz..!...~...........cmo`kn......r~.......KVY...juz...............u.......$frtalsr}.doru..CMP......R]b~...........z..wsr.........""&..!...\|.....zvuDGJrnoDNU......&%)\|xxNWZCIRKLP......mx~.\|}dnu6:?..%.........p{.gqxpkk.25.........{.....x..upp&)-...+/......kgh:=G=<=..".........ORU..........}{nrv!&*LHI97:...~zz>?C16:546...\`dFBC/.1......inr?CG."'.........z..c__......QV`.........13>...x\|~ehl!. ty\|vtx--7(.1. +........gcd............VUV......\|..TPP"&/......lkmW[c...qpt]Z[.......................tv.......\`n........z....&tRNS.@@@$@..v. B@...z._.....e..0........p.....IDATh..]hRa....E.M.].:..:...h0.n0i..n..5..j...P...,..O.9.fD..3.&...6[l..+.5.$.....R.._.9?...y..uU....4........f#...$.......64h..bTck.V.I.s

Chrome Cache Entry: 338

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999706247486256
Encrypted:	true
SSDEEP:	24576:9JDKhCn2xSbZ9UmyaZkSBTSL9ZCBwMUKn7XB/nPwjOrq9v9LWkhe:HDKRQjZhTShq5V7dOgOLWkhe
MD5:	3C53E76AE85503DA6914D27F5F8D24E2
SHA1:	26B17D9CB66D85237084737523225DE9A58DC6CF
SHA-256:	0A157933008AAD3605ACB42FD6D241365C6D907990EB32FAFD81E8789886B654
SHA-512:	1D57985CF666017F8D2D4EDA71DCFCE2F0948411DF5F49216AA9AF97A1B48CC611D42A1D91014D46F3F1109F88EB70FB2D0E78E79BB5499FCA21D795EC1595BB
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:e
Preview:	..Y.rI.T...d...F.p...<.+.j.J...N.=.T..k...M.R........\.....7^.L.#..~.'._t..t....a[..\|!...!..M.6u..~.N..RH..~b.o.....M..J.2...?gY.1li..53[.8...&...#..u...,.s.rY.m...].5...uKA.&.:.......3..v...[.a..n.O.q...h."..#.H...J.?3..,..Yn.~#.dj..Ra@fxh......M.#...5...H..../..t.....S..w.#...S5,.=..Dw.g4....gYw..S....7.....Lx\|.'r....?.@J.#) .....%... ..Q../l.?..... `....>..U'kA..(.6.z....E..C...s...A.Dj .X,..euT.38..kc../.$.....3..X.oasOh1....m..J.)..%.s....X.+......^......F......[...Q..n..Pc0..1M...1.a.'..U+>.....m.H5]....@].c}......KQ...Q}y.G....T...0..7.....4L..w5A.&..........H< .bl.....^..I.S.l.EVd../...+.N...^..@\;A..D ..(..G.a<.E...DK.._...g>...y6.L^.h.\......2......./.2..e..w.....9..%G...8....r...t.....;...+.......;..j.7.;.\|.....;1....R.3..89v}hMJ.l...c..>f.:o.a...>F......j../.e.~F.t..B.j.N......&..2V.qb.x...o.iF....t..h7...eI..4......Af...[{.{......}.%..........\.DW.SZ.....V...a.58.m..0.....<.Y.+...Ig....F.U;

Chrome Cache Entry: 339

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 121 x 121, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	8572
Entropy (8bit):	7.961319566836723
Encrypted:	false
SSDEEP:	192:5tLPUKXcqURgyabfPPh17y7zef/UUQ/62yphvwKNayVVrkkXqeX+w:nIKqRgpb3Ph17y7z/P/ypmKNa4ZkkXqM
MD5:	7941843909C59494F533B7D9A78E36F7
SHA1:	A325976F99A1EE4EAE8070E8BD6619B5B7961076
SHA-256:	C91EF947A92830BBC926507D00486B5A45122F87796FE5E3D2849E77FBDBAA09
SHA-512:	BFBD0EAE0CFFC5F5F656E976BD1E376C633E720903DF20DEA1D25767053E8AB3CE30C60A04F86C2667DF454F907CCC2FD9DC9C4059D0E9F37544347F731F8723
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-11.b87d994b.png
Preview:	.PNG........IHDR...y...y.....$~{....PLTE......alow........`opHSYGQV@IOKUWHRV...MX]DOTFOU............GQV........................qzxHRX.........y................................ZegLW]S]_.........Xce.........T_bFQS......]hjOZ]......VacP[`...itvITV...............GRXJTZ^ilx.....oz\|mwz..!...~...........cmo`kn......r~.......KVY...juz...............u.......$frtalsr}.doru..CMP......R]b~...........z..wsr.........""&..!...\|.....zvuDGJrnoDNU......&%)\|xxNWZCIRKLP......mx~.\|}dnu6:?..%.........p{.gqxpkk.25.........{.....x..upp&)-...+/......kgh:=G=<=..".........ORU..........}{nrv!&*LHI97:...~zz>?C16:546...\`dFBC/.1......inr?CG."'.........z..c__......QV`.........13>...x\|~ehl!. ty\|vtx--7(.1. +........gcd............VUV......\|..TPP"&/......lkmW[c...qpt]Z[.......................tv.......\`n........z....&tRNS.@@@$@..v. B@...z._.....e..0........p.....IDATh..]hRa....E.M.].:..:...h0.n0i..n..5..j...P...,..O.9.fD..3.&...6[l..+.5.$.....R.._.9?...y..uU....4........f#...$.......64h..bTck.V.I.s

Chrome Cache Entry: 340

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 146 x 146, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	14148
Entropy (8bit):	7.978254582428027
Encrypted:	false
SSDEEP:	384:q1GHKV3Zd0HakeHlNl6EbGLXIHWZUhwsXg+:OGHKVD8ZX1Z92
MD5:	479DB0F10762671239DAED3178E75A46
SHA1:	D83E281B5609D98ACA781976C00B8E17A0920038
SHA-256:	3E206D38432A886D92CA15AB44C1B94CDE12D819C668B8ACA8D88D9701EB00AB
SHA-512:	CC0B4CEFB63520C9DFF4B02518A25E00F0F7EC4BB29DB229C4E0EC0D9E87E66044E2D51C4F60F7ED92459B436ED93DE37E0DD6AC0EDB5FBB83ACB15020CACD18
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-9.32e87ba4.png
Preview:	.PNG........IHDR..............{......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..5.IDATx..}..eG..W..{.[._/v.._.7...m&..qw.L`...AVl)...F...%...)..h.h..0..@..D3..%.#...V.l..K...K/..~.vO...._u.........S..s.;..._U..}.K_..J....l.RN..i!.4..*Q..W.......,?Q.......F_~.E.....Q.~.:.....eyM......w....!...q.w....u....\.@/..m.....^.9..X~.r....9.].....S.jK@k+j..Q[......~R..({j.5.6...~\..~....Y.H.$."y..g...tV.5.hj.(.....^..u..N(p-...9........n`...~Hg...e.{O..uQ...roPy.......FI.H..l....b..s_.f..]s..R.A..........w.j_.6.wW...z=p.......8;.\|.!."....e..6..n..~3..$6.L} U..;@TLq.O.;......;6.........BA........\|..}.._...H.</....P...........`.....

Chrome Cache Entry: 341

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1076, components 3
Category:	downloaded
Size (bytes):	81925
Entropy (8bit):	7.712420480647295
Encrypted:	false
SSDEEP:	1536:GmWQQjVmtXMAQ2cs/Q4q5/6swII60eNUAarYphHkreGJBN1mwmo:QQrtXc2MrYIIdmRjptkr9BNowR
MD5:	7B0ABE7BED4DC357226C2C4BDABCEC2D
SHA1:	53463626DA4CCCCAE2962274619A022B4563A1CF
SHA-256:	1A3C2CE9B513F5074C412351839D0D1A0ED84DDCE04BA30AA21A1DCF4DB4D523
SHA-512:	9EEC358DF3828E5F3FF549359495F7F7F70FA378A8921ED73C7C1118725A21FC4B1C59121047578457AEE16E6EA486BCB0FEC34D17C7B51942F5ECF48D00DE2A
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9_introduction_poster.jpg
Preview:	......Exif..II*.................Ducky.......D......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmpMM:InstanceID="xmp.iid:84972B9E904411EEA99AE0B90F894467" xmpMM:DocumentID="xmp.did:84972B9F904411EEA99AE0B90F894467"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7C573D7F901111EEA99AE0B90F894467" stRef:documentID="xmp.did:7C573D80901111EEA99AE0B90F894467"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................................................................................................

Chrome Cache Entry: 342

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	52214
Entropy (8bit):	7.963521995118885
Encrypted:	false
SSDEEP:	1536:xSUQwGp/aTECMyhE3H8qlJcGlHA6rNMLwSaS:xSf3gXu3H8qliWgVLQS
MD5:	F1FAB1492D70D6799DD575E5ABB3CA90
SHA1:	8EF7A9C5CDFBEB5FE208E8E5201C499344347CDB
SHA-256:	60982CCB8E7BF5D7D20E13F57ECA9ABDCA3063BAEDEF07E432CB91865F2A284B
SHA-512:	5A8F378E7E9FFF01C2A9264484575AACD62C30F98ABF9EDC02603FF49D27E0FF37284DDE78C47630CC62BE376280ADA8F18AD01D9DFD8076B51E55764AB4D9E5
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE..............zzz.........QQQ.................................................................ZF?VC<......Q......^IA...R.T-...V.W/.\0...a...X2..l.......e.d7\|Sk.T+.h:...Z/.X._3.a5.Z2.V).]6.[4..j.U..X1rmy.q\|...R,cJ@....a9.b2.S'b....i...kgr.iu.in.d4.d<...._0rMe...iNA....W-.l=.......^....R@9UD@.....p.].S5......O).............e..h7.[8.\|...............u~..rw.hA.^<.ot..................y'e...y.....`MG{......l......wpQB.y}.....e...............a=....N)...nI.....G...............h.....k.~.........\o.wH6...]ha.w.S.l=._.M..E}r}..wQ..iC4.x{fqh.eH@x..R:.vQiVO.zH..t.p..j}ib...._.b.qB.~d.......s.ar^Y....sn.......]H.;..g7e...x..^..hZ:..B.oZ...f>4!.....=...t..s\|uKn...~PM-{...4.b\|......]tcD..FMN[&P.K_w.J/.G.jJ...d....tRNS.....8.Tp).................IDATx..An.@...jH....]`..RV.ue.....@.bq..,.@".@]v.[.$..a.....L&M...H..;Q.Q>..y3..d2.L&...U...{QC_F..Hh...0..A........6y4......l~..}n6.....-Q...

Chrome Cache Entry: 343

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 795 x 1537, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	542510
Entropy (8bit):	7.982870793616109
Encrypted:	false
SSDEEP:	12288:ghWGsIHttizdlq40Q1XUVAAo0B+EmJK6HOiQN8PtJOx6GFiEe:g5tqXyG0B+LI4ntUFch
MD5:	01F2EF8C6EAD93573EF6B0F02174B65A
SHA1:	D96ABFC9DAE3353B67C1F442865577B14C950B4C
SHA-256:	52E9890D61E298CE3E7A68E22A7A22719AD34CDB590B60EAD170281CD9D39948
SHA-512:	5351C8BDD1F46636C49A2A08A08720C33B878B233E7C7328EB8F9BC038B3280D3E58A4A65BBD740DA06F6707DFFD91E0D6D59BF297367BA148D63ADED37C4C6E
Malicious:	false
Preview:	.PNG........IHDR....................pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..EoIDATx..}..].Y..V......X.ZdY1..{.C.MC .[.mC...W.YB.i!.B....Y....-m.....M...4...IH!lR.w..1...,...V.wmiO......3..d[...Iw.9s...s.....".......................................................................................................................................................TUU.......b...b.....\|.M.m....O..k..i...)}.~\.o.......!..k......Y.Z{<..O.=.=w!.mxo..........j./.?...^^..q.y..~.<.32.........\|...dK` ..e#.a...").....W%E....u.qz^......F..k..A.-j..G...;....weW..M}DC.^.+.....$.2.7...\czZ.!.....k./.e.hWZv./EC...L...r.......}...G.]q'$........6m

Chrome Cache Entry: 344

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1076, components 3
Category:	dropped
Size (bytes):	81925
Entropy (8bit):	7.712420480647295
Encrypted:	false
SSDEEP:	1536:GmWQQjVmtXMAQ2cs/Q4q5/6swII60eNUAarYphHkreGJBN1mwmo:QQrtXc2MrYIIdmRjptkr9BNowR
MD5:	7B0ABE7BED4DC357226C2C4BDABCEC2D
SHA1:	53463626DA4CCCCAE2962274619A022B4563A1CF
SHA-256:	1A3C2CE9B513F5074C412351839D0D1A0ED84DDCE04BA30AA21A1DCF4DB4D523
SHA-512:	9EEC358DF3828E5F3FF549359495F7F7F70FA378A8921ED73C7C1118725A21FC4B1C59121047578457AEE16E6EA486BCB0FEC34D17C7B51942F5ECF48D00DE2A
Malicious:	false
Preview:	......Exif..II*.................Ducky.......D......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmpMM:InstanceID="xmp.iid:84972B9E904411EEA99AE0B90F894467" xmpMM:DocumentID="xmp.did:84972B9F904411EEA99AE0B90F894467"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7C573D7F901111EEA99AE0B90F894467" stRef:documentID="xmp.did:7C573D80901111EEA99AE0B90F894467"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................................................................................................

Chrome Cache Entry: 345

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999612613283304
Encrypted:	true
SSDEEP:	24576:jfmYkmtd3Af+UtTpeVTlMFF/pAgDDoS08R7o+QB:6k2+UtTp0+FfdL+xB
MD5:	3CCBBFFE2160C5EB2647D36B5AACE943
SHA1:	88AC25BF4A3650FE7F781117EDCC69E4DC12FF7B
SHA-256:	B97CA158A2017568E54F29B88FE6A86759F15377144107BC5AA79DFA8C962EE6
SHA-512:	2E7460EDC54FD19687CEAA5C5D36D0EF4736230740A39153EAB7590A563EC2509CF6942EE315569136504383E76378CA4AEE45DBB18F139B22A6FD9B24A7C5D8
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:d
Preview:	...'....{.#....q.;......b....S.7....~..>..m=..s....u\M.R...:,Y.Es.4\|.zA.....V....3....k.?.%._.]......igY.;....}......2n''...rJA..t]U.....4...A....."/......n...N.C...O..W.'.-D\.^.....s5..6.<g...{-oV....2-}(.Vm...t...t...x......tNg...a.D($;.~.......D...fN(.k8.J...M.P.....j.B..s\|c~..3v./..P.r$....p."..sA{.b......'.".M.A.z<.......(...3m......xb..c=..\...~4...M.....d.w.....9x...tq^7I...'.M-..V...~]$4.B...U....a.\|..r.......Zy.B.zT G..L...z_.Za.,=...a....m.}....mQ..~.;.8.0...;%.>.n..~]..%......b...."/v..O..Uf./J5.y.......saw..k.0......F.......].M-.-..T.*.&!p.x.....G..Z.G..Y.......g.)...IQ...?.68.X(..p......o.#/....S.e....Q.S..\...B......\|....."....(.7#.z4...h..#4../MS._....=...s...n;.....LXFu\....+IK..U.....,.F{..#%.^Ym...i...c._3...-...D..w..i{.....M.. 3Qt.a......w&{.cM.......o.8..tq.',....l.....4.X?O.8..Q.EP.....e.......K5.C....+...;.z.......'...f.]I.b......S^.w.fe.._.<...z(.....}....a.....h7...R(%G.LU\(s9...{.1.r...j.>..2._3.~!.1

Chrome Cache Entry: 346

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 688 x 934, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	94725
Entropy (8bit):	7.9541927351780926
Encrypted:	false
SSDEEP:	1536:qR2+4tfZ8/+N1VYRiY26fwtwdnljQatc0xvwPYld3/JEqMpDg3CiThcY/:62JtfZ8i8EJ67IMc0xvBld3/uqMpU3C6
MD5:	95A95007010FA30BA35C88F23C05F5BB
SHA1:	AAFA96CCDEA967AC0B01BC6AE05386ADBF7C6CA7
SHA-256:	9053033D37404F80449CF72C06F0FF9DC7ABF1CC7678749E0D645306EADA664C
SHA-512:	4E6EE304A378F8898DF811B6FA5611ADC22ACB10C7D9F3F96F001B0165A2E4E6E98B02DFF4FDE9CAE4D878F9493389D6883E2B7C665AF020AADE71C7E7D923EB
Malicious:	false
Preview:	.PNG........IHDR.............$bV.....PLTE......^`....V\}...FJl...........................P8Dag....CBa......VUwej...................<>cN...42P........................................................................................~...............................WVx............jj."Dj..................x.....qp.......77X?>a.......ed.^]~PNq.....z\|..............4..................V..vw.//N...W........xq....&&E................pj...KHg.........SX......~x.Q.....IO\|...................C..'Oy5...t...BGp.3Y!.9......../\.q...........E..]b.hau......nx....]..9i...............J..hp.`.......T....._k...A........\|..>..Fw..4{.....l......px.`Xj...U.'4..{l.zti.....la(..Q..ZT<..n/.....:<.IG.kd......e......q.i.....ZT...sv....n{...~^d.cb.;>.7R7......$tRNS..';JgktL...d\|......................n.IDATx..=r.1...qck$Wn.q.E.^...]\0...7.yr..Ke..V...!..o0....;..x~9.....o....\|~zzz\|x8L&..]....Y...%........iZ;./xx:...wS.RJ-Rk.k....

Chrome Cache Entry: 347

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 288 x 288, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	20188
Entropy (8bit):	7.96819634126776
Encrypted:	false
SSDEEP:	384:IToO30LgfBM/XFvwdIOnPI828bN8iXF8GRlCjhjUX056yZaxdd:Ij30MZMF0nPYiFi1UX0IyZs
MD5:	8E76F959C9AECA3A6E98925F144534C7
SHA1:	32AFA8E3D4AE23A247F4C4050A78DAD8CD94EAF3
SHA-256:	BE75A2541B9C61B869386FAD474A462EEBD8B735771B5F79B768BC09D9DE8897
SHA-512:	A62295B6307C15486E5BC88389E14B51B7AAE52503C74C652AC6B2E7B3CD4299908BAFDC2E1D08DA5CFBA1DC3C290FD840A8796A4AD401E4942A0D2B54F339D1
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-1.b1b04c2f.png
Preview:	.PNG........IHDR... ... .....#]^.....PLTE..........................................................................................................................................n.@..................r.>...........@..?......x.?...z.=v.={.@....C..@..F..C..E...t.=^.7w.Dq.A...t.C...m.?...{.F...........J}.H.......N.........k.=..P.......L....R..T..".............K.............6........F........i.<...Y......1.....Qi.:...a.7c.4.......?e.;..w..Z....Q..4...c.5........]..(.....u..hd.9..-.........p.2..+..(..............g..C............;....-.............V.....h.:^./S.$.....F~.9..$...........\|.0.........B..1.......'...c.8i.3~..........T............v..e..6................\.!.....cc.".....!.....sr.......h..P..%................sr.8...............................*i....z.. ......-tRNS...........N".)..V..wn.^@.e/.4G;8..........g..KaIDATx....p....R.\Z(........;.. ...I..c.P...BDM..>V"..w0q..w....1...Ll.......M...I..sN...g.O<.$....O#L...?...=.0V...W....5.

Chrome Cache Entry: 348

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 537, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	53918
Entropy (8bit):	7.967764757896754
Encrypted:	false
SSDEEP:	1536:J0sY0OWIXy1iBm14ZDl453WtXIFchYgIoZkmiHS:nriA4Zu53WtXI8bkVHS
MD5:	8A85AF6CFFF1363A4E9929184FCF95BA
SHA1:	AB3AFA199DA9B52067B4EF608AE3392BAB51FD69
SHA-256:	5A45C326B7F38945F2DA4CE282C29DC36C995EF27AEA10C057F051EB1F54021B
SHA-512:	63EFFAA3BD0E8EC916A289ED73D520414D4AF5E1E942D54CEAAA4501499060B3D04C51B56F2736251C064CBFAC9A51825041F4FA99934CF64F9A413E1FF7CADE
Malicious:	false
Preview:	.PNG........IHDR..............%.....PLTE...............nno....................................................}.............{..}...................................................................................................................................{...........................................................{.....................w...................................................................................~........................................................................u...............}.............r....q...............}.................y.................p...g.........w............h.............................\|.[...j..}..R....T.U.qL.jB.so.W?..Ky....tRNS....T2....v.n...%...>IDATx...n.@...ibE...AH.^u.&..KT.bW.T..]@y.n`.H..X..#..[.9....3.q.m.6..7..g....q.D..A..A...C...X .=..x0"....}.(.Z.:..)#V...e...N.i....5.....r4.[.R..Vj....

Chrome Cache Entry: 349

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (31721)
Category:	downloaded
Size (bytes):	31768
Entropy (8bit):	5.224788353742077
Encrypted:	false
SSDEEP:	384:+Sl3u9OjQjQxDBjb2F7IyUouK3wBZ8lGz+tHWSOGoDAfilZuluh+zZXQ1KbpQPUr:1ZjQjQ36uoX2pvYmsUwr7dEAZf
MD5:	78CE85CF25B73A3E634DCBF283F5C4BD
SHA1:	8970A0B36D915D86652A8E760016E41DB37CEED3
SHA-256:	1D3877307B44C0898E5EB8E51F862249958FE6411EE86F36640387F622C104AC
SHA-512:	35744F5B856DB405C875CE05DDD4BCC9253306231566D26866E0594E1C2B02D2DC6A84F75CFF0FBBCE02FD133D369A31B1DD9533A3A4E97FDA4933AFDAD8229C
Malicious:	false
URL:	https://beacon.cdn.qq.com/sdk/4.5.16/beacon_web.min.js
Preview:	!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define("BeaconAction",e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).BeaconAction=e()}(this,(function(){"use strict";var t=function(e,n){return t=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n])},t(e,n)};var e=function(){return e=Object.assign\|\|function(t){for(var e,n=1,r=arguments.length;n<r;n++)for(var o in e=arguments[n])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},e.apply(this,arguments)};function n(t,e,n,r){return new(n\|\|(n=Promise))((function(o,i){function s(t){try{u(r.next(t))}catch(t){i(t)}}function a(t){try{u(r.throw(t))}catch(t){i(t)}}function u(t){var e;t.done?o(t.value):(e=t.value,e instanceof n?e:new n((function(t){t(e)}))).then(s,a)}u((r=r.apply(t,e\|\|[])).next())}))}function r(t,e){var n,r,o,i,s={label

Chrome Cache Entry: 350

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	57652
Entropy (8bit):	7.964391188227326
Encrypted:	false
SSDEEP:	1536:KKhziuz0MtJIeahVKz4q+XhBXKstHTdPTvfdj:9uTMt+PhVKU/RB6stHTRT9j
MD5:	797ABB2FC14C31278DA40FB9A653799B
SHA1:	CCF73636603A3151084F28A7F69166B467CA1E0D
SHA-256:	8CB70E95C6A6914716EDAA23CB99CFC9A52F76860A76636197FDD570103D2463
SHA-512:	9C0F1AC70FF6E0145AC1C58A0828CDCE0B4189C5BC9CE222EE985D4483CB57F2BBC06C52B8E854DA5F8B2F7BD4339365147847AEF6FA9EBCA673FBC8B0DC7A0A
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE..............nnn............................................................r...........o..............u.........................................O.{B.w.......s............F.{..........t;.v...'.w..xW.z..u..........I.w....ye.....y4.u......}j'.s0.z.XU..............y......._...........;.{....T...........'.}...L...]........_.y.....y.............H.o.......j.x0.....S.ri..x.w........0.l...$.k..n.............r.nj.[...........}..;.m=.....z....]~\........lg.h....Q............{.............^........{.]....7....^.........{h...ge].....w......g.G......F.......G&.........t............h.............d....{.K.f..u.......X......tq=..T...[X..q.........Z..........e.~...Q.+............u.....x.:....}...})0.......tRNS.....2R...wo..s..$....IDATx...n.0.E. ..8A(..d..+...A.Q-. _.M.^{.?...\._..T.G...(FZt..K..~ .. .. ._f......3..7i.G...!....b...3..Z......}.>o.....y...w..o.`....b....a.....

Chrome Cache Entry: 351

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 323 x 108, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	14758
Entropy (8bit):	7.977532405504438
Encrypted:	false
SSDEEP:	192:gnEPGtlyJPY1ujvePNBsUyBBsLmd3IPr4WVfK0zR4lgG/8b9dQ24Sd/A450tyCdS:gnSGtwWQSVqemdQq094lKptCjQ
MD5:	1C27C52714AF312A8698B26AC8615E25
SHA1:	762F8ED472CCB3C7BDDEEC0BB61A29D262F33CC4
SHA-256:	3B12CF3572945F32D7CFF79A0DCE732A78F0527BFC1B86AF34ADA79F34CC72F8
SHA-512:	E317213952FA7FD49BF71E1BF7B79357FDC519E2EECA89ABF4AC8D9AF7074613BFAD617F8FBF38604FD67994B9C91C7E8B58E2B78019FE5514AA827D7800D1D1
Malicious:	false
Preview:	.PNG........IHDR...C...l.......P....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..7.IDATx..}.s%.u.........nY."'..U...S&P....KK...b..\..wm.&.........y.6yp....DI..@.2SNd..$L..^&y..X.....=.=.O..\\|\...?.{gzzfz...s...`.)..b.0p...6.....a......6.....E..h...7.....C.0X.`v`...........\9....pVi.)[S..m.(..3...8-...8.....{0O.n.eU.....C].;.....R.=......!CK\|.CX...(.[.2u.2.O....>....\{....]....f..{..l...........S.5O..P..r..c.../+;... ..jd;....lkx....y.d..y.._......T..Vm..Vv.../....6.o..]6.p..h2\.K\.V..........{2sO...G...&?mCjz.MR......Lq. .\ ..(...k4...XY.F.X....c.....2...2.a...w{../M..a....e.... .$.......S.k..-~r\|.q......'(a.DHs!

Chrome Cache Entry: 352

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46455), with no line terminators
Category:	downloaded
Size (bytes):	46455
Entropy (8bit):	5.9299458295873135
Encrypted:	false
SSDEEP:	768:iBL0qIOc1YFobig3h2/HoOAwrQa9TC9Xcu+X36YsSzpdEyc90UbVEyRIKsW/78Bn:gez0HRSa9TC9XcZ7TEyc90CVEyRIKpO
MD5:	C61BB0DC32449268750E84924646CB78
SHA1:	1FB8F8EFAB22D6C5A32CF2E787AAFDD012D7A3FA
SHA-256:	ABE43BEBEE4A0185AD6707674C089D0E5AAAADA2A3938DD514A47B707C1754E9
SHA-512:	EFE02FB842EEE3C8141927B67466A06D17FB75637871F8F6303651A6125B04008CC1D6CED78F1222C3ADEACCBA2F5C48E46AE675798A8F5DC66F7827EC87E66F
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/mobile.b9db3e97.js
Preview:	!function(){"use strict";var e,i={2029:function(e,i,n){n(6992),n(8674),n(7727);var t,a,s,o=n(5010),r=(n(4916),n(5306),n(4765),n(9653),n(3396)),l=n(6623),c=n(4870),d=n(5678),u=(n(2222),n(7139)),v=n(5082),p=(n(1539),JSON.parse('[{"name":"\u6ce8\u518c","link":"http://zc.qq.com/phone/index.html","pvg":"immobile.menuzuce","datongReportValue":6},{"name":"\u5b89\u5168\u4e2d\u5fc3","link":"http://aq.qq.com/","pvg":"immobile.menusafe","datongReportValue":4},{"name":"QQ\u4f1a\u5458","link":"http://vip.qq.com/","pvg":"immobile.menuhuiyuan","datongReportValue":3},{"name":"\u5e38\u7528\u5e2e\u52a9","link":"http://url.cn/OLVsaa","pvg":"immobile.menuhelp","datongReportValue":7},{"name":"\u63d0\u4ea4\u53cd\u9988","link":"http://mma.qq.com/feedback/index.html","pvg":"immobile.menufeedback","datongReportValue":8}]')),g=JSON.parse('[{"name":"iOS","link":"https://itunes.apple.com/cn/app/qq-2011/id444934666?mt=8","version":"v9.0.75","icon":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGYAAAB+CAMAAADhhJSm

Chrome Cache Entry: 353

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 440 x 440, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	24188
Entropy (8bit):	7.976622668059946
Encrypted:	false
SSDEEP:	384:z+9wdZT9dTyyF8kKVF4zzF+IUmBsR6dBAkB5pxOaef2M8tnTdnazJBKCo25t2cJt:CIxTyyGkKVFXKB5pxpefaTNabKg2ctJ
MD5:	8AC21D3B0464EF6435B6897F3C56110A
SHA1:	D8BF9AB2782283D7D5A49D60C27034772C44300E
SHA-256:	D5DB59EAFD61028EAB3EAF619D952D8E5CA65C65219DA68F7EF448C353AE754A
SHA-512:	3DE5AD967D60E87035C4BDCF1824645D93FC4F397D35535C8C66D6CFEE70C759E560B4980C27912E385BFD53DFE2D7A9ABD8C50C62B33E212230632BDF98410A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ellipse-1.b22a7a9f.png
Preview:	.PNG........IHDR.....................PLTELiqU..I..`..U..f........@..U..Z..U..].....U..[..Z..U..P..]..U..Y..N........Y..^..`..U..b..Y..L..L.....f..\..@..\..a..Q..P..F.....U..U..3..P.....m..^..[..`..c..2..K..U..Q..c..P..`.....I..N..]..\..[.....P....f..I.....\.....P..a.....m..L.................f..N..I..\.................@.....m..j........9....................f..L...........a............................G.............................U......tRNS.........................................................................5..n....&.4......}.........Q.&~C`......\|QR`..R...n.CQCQ.9..}.....pHYs............... .IDATx...{[W.-z...s...... F1.Q.D>.$e[V.-Yj...oz..../.k.>...p%[..ko....i.H..Z..0..K&O...i8SN.3..;.o....v.knwm..r.......\.j...6..Z..n.....h..$,.\|>.H$...ll6...{<...gi)0.f..B....B..wkky..H..w:..n......;7....g..\|..._...^.....>\|x...>.........o.....x.o..{C...B..hv....t.....dggc....D"..j....OO.o..v..j...a.......{....=....p...R.)..^.8M.........I..?.~6...t...>..k.....{Y..VX........r......I/..

Chrome Cache Entry: 354

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 243 x 243, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8670
Entropy (8bit):	7.87551147076075
Encrypted:	false
SSDEEP:	192:SmFo2tPjYj5vYPrkZPqz3V9VE1iFYVKx85EyKnqS5EvQjs+:SKombYjW4A77RFYVKxEU2vQn
MD5:	045BAD5526851F2D14DF3BDC67946623
SHA1:	40106348D7139EEC4C91C9C25645883F18648080
SHA-256:	D6BEFCD61EBA657E81A623A45EF30695B9F436847D13ECF9362AFD522B93A006
SHA-512:	3ADF77F149D974172435756797D0BB3E313141FC850EF6AE4D6E40FCB4993B22DB4376E881DB13B4FC1A822956AADB82A25DAAA4571FCE8F2FF199DB78815822
Malicious:	false
Preview:	.PNG........IHDR.............d(......PLTE...............................................................................................................................................................................................................................................................................................................................<......................................................................................b..`..............................................................E...................................{..u...................N............o..N.........._....b...............N...........h....?...O.7................W..M.......%..P..x..\|...........v..v.......l....... .....&.....J..G..A..].Q..W..n.....v..v..a..K.5......$.r...atRNS......@@@. . ....@..._.._......` ...0 .....p..........po`P0...o```/...pP....!.....oP!y......AIDATx...... ..0...~.X0X$...G$.A.........f).Q.....=...S....l^..(>.".....B.Z.+.-....p...(m7%.1

Chrome Cache Entry: 355

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 248, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	57081
Entropy (8bit):	7.985896019418537
Encrypted:	false
SSDEEP:	1536:edxFhMvVUhpos+XmSr05cvlHrezI+CIlhnZUDh:dVUhuj/0uycKNZmh
MD5:	1E7C5EADB5E51E5F94DAF988419923DD
SHA1:	A4C0FB87B0AA1B1C9D7944C2B5855BCD3ACE5F8C
SHA-256:	25839FB3D654A4D8ECE9223531E4B8BF9DB30A125038E3D5F0F737D9CA3D0E3B
SHA-512:	9CE5E57AAAFDEA324575A96D4FE8BBCF5A935F0CD2721374A814FB345033FFCF87CAD8FE698D59ACDC97E3FE0661B49962E54953BD47D7B98B7C2EE737F33AE9
Malicious:	false
Preview:	.PNG........IHDR...............3.....PLTE...Lv.Eex+..C&.R/.......G]g<( \gnaG5<".px}...".....)..a..Z2....Q,.V/....K).....$!\.....R}._4.d8 F&.u..Ly.:.......e=%2".@".......8'.5+'......V.....]9#...z.....jA)...i..l="". ...........vA&2.....b.....A-#...Gt.......<1+......qE-}H+.............n..Xy.>72......MC<G;3...g.....^..d..........G4...........)(YF<...S=2...Rs..........PIE......B=<Bn...).....YOG...R5...p.....cTKEfu....Z:Lm{w~.sYJ302......\|..@^kP4$_t}.....uH7p..~dS...n..bLA..}un...paWc}....}..\|O;..............uojg\R...ilr_@0...Vlv.}v..\|xw{.ma...78=.wkky.^YV...lgb.hAoqxVRQwh_gE8..plN@.J...{CCG.YDf`[9Vc.dM...oZKdo..^^ccfl.wa.(....xP...k,......mT.Z..x....w.!..bC[...<...GJLR.._.~4.S0.~.a).a.D ...\r.....o...qSV^.S'.8".\|e..1.uF...=..hG.G.\|K.o..l......[./....I...}...5.o%..Z..DR.R.....tRNS. .........s.....IDATx..?..Q...J..NB..k-....v@.....k3..} ..I!X.H.....X..`!.!...5<..{..fF...<....Lf3...y.#..O.XOG[:..:.7...z?~..)....~.j..5....9...G...h...Y.\|.....i....

Chrome Cache Entry: 356

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 183 x 183, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8642
Entropy (8bit):	7.952672161123514
Encrypted:	false
SSDEEP:	192:OrERR6bZLvG4vapsqAXnvOOq3I1kTxXS9q3eBJV:MERR6bxfip/AXnvDl1kFXS9quBv
MD5:	2084BBD39F76B48EE1F28B841151E2FA
SHA1:	F669FD2C8219FF8A9D1035CA9B89524AF3FB55AC
SHA-256:	ECD9602F5FE036A031A7FAC1C9D862B3873F9EA20A7D8E93234BBDCE7835CFAA
SHA-512:	1A9DE8A43A438D08FB9B907DA8985B14C83D7A9AD9BBA606E10B6641ED65C349D34A99E4CF11E3506ED33B68EE5AC0428B8A83FBEE7D5B1EF2D8EA3B84909309
Malicious:	false
Preview:	.PNG........IHDR.............g.?.....PLTE....m.o.v.t.p.x.w.n..}.u.x.\|..~.r.u....x...v.v.y...{.x.t.....}.{.z.{.u..}....v.......t.u.k.s....v.v..\|.z.w....t.y.v..t.\|......}..}.m.t.s.r.h..\|.q.k.w.n.l.u.x.k.h.j.f.{.p.o.n.z.u.y.o.i.p.q....v.l....w....f....j....p.............n.......{.r..}.......z.q.u..........................~.r.y.t.x.q...z.t....~.l.x.p........r.....m.....{..}.\|...........x....e...............................t............x..........o.z.x.....9tRNS...... ....@0o.`?...............^@...o....^...P....O.PQ......(IDATx...k.p..........."..S..$-.M....i...R....... ..A...>..............y...Zk...Zk....s.......-Z......'{7w.T.....m'.F.V.j..N..I.Zt...\S...~.,.V}.f.Q.^..N..\\|}.w..w^...y>..,.<=..c{b....t.-.._...l.y.a.Y.;....9..E....=..V.n...?.F...O.,r..h.LM....t..z.m.......u..&..3@..fj..4M....0`..y.}l.........k.)....^...zf.....#-....^..0.$.Z.=.r.o.

Chrome Cache Entry: 357

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 174, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8768
Entropy (8bit):	7.922964844859828
Encrypted:	false
SSDEEP:	192:QAhB8Ztl/3eu6Ot83RG1xtCwpcovaxOJwZKh6zEtFtc9KrQE:QiqZ7T6Ot83RiZnvuEw0pE9Kr1
MD5:	80E85FEBC3E5B7494B1FC825B13ED505
SHA1:	4B1CE6AE606721284C1A9C28FFA96F0731B4A5CD
SHA-256:	98E2DF484E9DA9002CED06EC0C5EC5FA2B97BDA21E7390D75C543EBD45A70666
SHA-512:	509B3513131768FE0A5BCB08F942D00FF2C2AE3B2EB840906D66E067D727E8F0F28F8494F7EDD38510C83CE75C09B435800F9C963F7B281B0ECDE802412B8B76
Malicious:	false
Preview:	.PNG........IHDR.............D+......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................V.............[....S..........A.......O...................L..?................'...^.........H..........b......................E................g.............................t.}....K...........y._l.......C.......Y...1....ym..X.............Y.E..#........;..A..z.......n..R..7...[.......$.h......5..........U..i.;..4.Z,..x....M........*tRNS. @.`p..........P.0.`P.......0...`.1..x(....IDATx....N.Q...)R./.."...(e:u.4]@C,......XG.P.a.O..'..\.i...."q.K..sn.L{;Nq.~P....9.........$..1.../m\.w(..;[........tr..........5

Chrome Cache Entry: 358

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 3840 x 1722, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	793290
Entropy (8bit):	7.982958424724078
Encrypted:	false
SSDEEP:	12288:Ex7datotWDMRHG4+/YRXyS2ncQHQn6VVk4qQa1DThebvS4FNIVTRm+jlG:ltvo15kmx2crn6VO4W1BeDS4FN61hxG
MD5:	B8AB281997D9CA30FB94A17328CB869C
SHA1:	50D8B9C62D0C632736BBB69E694062F53BFC2841
SHA-256:	9912AAFDEF380FEF9C21E785433A45A5847C8D478922DA1358133089477497F8
SHA-512:	90DCBCBAFEACA49347E308D86CEA02AF6FA2F1AC4A07AA59E6F58B74B6A4881711A998771BB244B83BEBD85E5C1CE1943B40B91D96FB07559384C6991DDD8145
Malicious:	false
Preview:	.PNG........IHDR.............G,}.....PLTE..................557......TUW......klo...}~.........................................klo.........................................................%..........................ONP,.1DCE..............._TNi^W....."...bdh...lnq68>......................uwz.v....XZ]............C90...tj`.....1(....TH?....xj..............\|~.....<....T[n.....]cx.....u...jc..C....~qz~.IRe..a..or..........yo...gj..~4.pfy....vw........\|f.............n..{....[........j........\......q.tc.v.........x_Y.....7.....so.J......~...\|..8CY.........p....d................$........`n.\|K=..`.n.....W,j...N7..^*1D...dQ.pP.k.I......zF..J.qlb...Z7.......O~..W...~@..p..z..RP.......O...t..p............Dz....~...A..r.K...GK.x..J.Q...[q...}u..O.p..`....>`....!..M..........tRNS.Q.H;+b..n..y.../.....S..v...Y\DZ.....IDATx...=n.0....N.....iP.Lv...Z C.\.G(.C...r........IQ.u.?.K.2...WR.......^K...v.......&..M~c..5.R.y....................2.z.0F.;..4...I..

Chrome Cache Entry: 359

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 324 x 301, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	9900
Entropy (8bit):	7.934188853857167
Encrypted:	false
SSDEEP:	192:iXQaYKgrIxLoLg80C12RERhu8lRtLJbl+XdopI09PpztnWQfXUBf/ILSJfflE0X5:Et8rS80RR0u8jpHLtnbvxLIa0j9
MD5:	1DFE40576C21EC613CC401CE31DF6F8B
SHA1:	9C5A65C4BAB90F6B4D70F419B3462AC6945B85E3
SHA-256:	C2E7A0CBFF662D0692901ED08AA7EAD12D8E8F8556831A32E9EF42038ECEFFE8
SHA-512:	32D9D4328FCAC3097FE0EFA2D81BCA932E2677DF3F220785FA8F695838B2C436E9C4EFC52F72FD60ED21FE754845607F9361B71A0261A682187CC4CA62AABEC9
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-12.963691a2.png
Preview:	.PNG........IHDR...D...-.....G..f...VPLTE..................................................................................I..............L.......................U........O..[.....y..q.....{....._.....v..t..d..X..Q.....q.....z..m..i..}..f.....k..m.....s.....k..d..i..f..a..............R.....`....................................................................\..............................tRNS.. .._@.p.0......O@P.....\...$.IDATx....j.0..PY..`......JZp....\|.,a.I.f..V....oV.pr6~q.}Gry....R.b....).....M..j],..r......}.......[.n.J.R.A...V.c....C.w..B...~...v....X..k.a...,....fE7..a.d9.X..H.N..n^..Pc.T...X.E.G..............~.F......Q..I.)R+..Xd..k.om2.....\B]J......7.....}9G.._sE#.P........{..}v.u$.....].Q_a.O..a.H.....+.........=.C".....uf..*..a<.=e=tp.....H......$.+A.....Wg!f_..[c.t......g.ZO...V"8x_X7b......n...+9.[..u.......i+.....).O......C.'cs...........x.a..'.....e... ......u.Bt}U.#...H..N\|.5}u...........f..?..].....#.ljBYvE.../a...w..}.2iN..B%.&..D.0..+.

Chrome Cache Entry: 360

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1076, components 3
Category:	dropped
Size (bytes):	81925
Entropy (8bit):	7.712420480647295
Encrypted:	false
SSDEEP:	1536:GmWQQjVmtXMAQ2cs/Q4q5/6swII60eNUAarYphHkreGJBN1mwmo:QQrtXc2MrYIIdmRjptkr9BNowR
MD5:	7B0ABE7BED4DC357226C2C4BDABCEC2D
SHA1:	53463626DA4CCCCAE2962274619A022B4563A1CF
SHA-256:	1A3C2CE9B513F5074C412351839D0D1A0ED84DDCE04BA30AA21A1DCF4DB4D523
SHA-512:	9EEC358DF3828E5F3FF549359495F7F7F70FA378A8921ED73C7C1118725A21FC4B1C59121047578457AEE16E6EA486BCB0FEC34D17C7B51942F5ECF48D00DE2A
Malicious:	false
Preview:	......Exif..II*.................Ducky.......D......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmpMM:InstanceID="xmp.iid:84972B9E904411EEA99AE0B90F894467" xmpMM:DocumentID="xmp.did:84972B9F904411EEA99AE0B90F894467"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7C573D7F901111EEA99AE0B90F894467" stRef:documentID="xmp.did:7C573D80901111EEA99AE0B90F894467"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................................................................................................

Chrome Cache Entry: 361

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 858 x 1641, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	117721
Entropy (8bit):	7.965154745681065
Encrypted:	false
SSDEEP:	3072:J6m6P6H3gOrkFaZheof0M7kDEwhGspPmHF6DCedis:J6tIMYsg0swEw0sm6DHn
MD5:	6BC4F626D92473A6F5821D1AEFFC47FA
SHA1:	1DB17B733C8A4214D7576B2320C6CC8203D67F90
SHA-256:	9CA684547941EC1CE7A6BEDD9A704D000731B467B7C0C0B814A0DFCB469BB21E
SHA-512:	8FEA481F8292D279C05AA5DC8049C4423C2B2E4904C330B612E92F4F7CCF789E5A5411A36CE3E352B3C17F10C4EA8E647678744CB10A010548831D33564D637C
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.e3569743.png
Preview:	.PNG........IHDR...Z...i.....w.......PLTE....@u./k.4z.4y.?x.?~.9{.:z.;\|.:y.<..=..=................................................................................MMM..........................................................(...................................bbb.................................FFF'''...<<<{{{...]]]......ttt...777TTT......oooPPP...u.................333.........AAA..R......XXX.........lll.....Z.....................q........M.....{....D...eee.....................i.............Q".............ggg........................;.............K{..].......iiis...._.........'..........................Y............X...D...............f.....r.....,3...............7........x........y...............o..g............K..D.......c.....Hw.-^m..]T.......o...........y...+..k^s.....tRNS................9R8...n......]V...,...oIDATx............................................f.\.#.a(\....y.$.$.\|..[G.\B.P.r..........#.u...jv..Q..t.<.?....o&....D.+D!.R?....eF.Z..j~l.

Chrome Cache Entry: 362

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 615 x 346, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24909
Entropy (8bit):	7.905624713859312
Encrypted:	false
SSDEEP:	384:uxBkI6ipAh3IEkI591T1pj4/Yu4iS2M5yumjZZe1XmGYHt7Pla:8BkI6iUT31hSBSrsuOZZKXmnU
MD5:	D99F5228D03D33BF82EA3829DF19433F
SHA1:	85168A4474C057B743BBA0B1790F6F8964494AF3
SHA-256:	552A1C45AB3EBA97C44BD109956E365111A7D39F8F6CCE17573C14F1F6A753F9
SHA-512:	5870EB3DACF81A377B5F76DB831D9537D0D145B14649281905BB0189BCEBB095A2CCC75E0442A812C304551073F6BC4210912A6B83ECB01ED609E316700D3A12
Malicious:	false
Preview:	.PNG........IHDR...g...Z.....[.......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6.._.IDATx....\U..i...%@(.@H..I..........R.Q..P.#...T..D. .........?.'.0...3{g.......aw.......+'......fB.!.....o6.?...M.!..Bt7..M.!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $.

Chrome Cache Entry: 363

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 663 x 1237, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	73028
Entropy (8bit):	7.977889333364363
Encrypted:	false
SSDEEP:	1536:urT1EhPQCfcTCHKzzh8zsdqWnRRizKWu0+uOYW7fHmr35Egyqavi:g1EhZ3m2SqWnzizKW76fHvvi
MD5:	88B8AA084221F79DA657FB97BD7758EF
SHA1:	4EACB6530EBEED12AB7F76958994F0F7B08AC6EB
SHA-256:	306B64A2751FB08944FB822DA042062175033D218C675011DAAE22293DE9ED95
SHA-512:	3BC9B1C9E6A0E8671E9F598B09925158E1859FBCE1CB1545EA8440AE30249D19A3259932A3DC99DDF0C5EA8758D80B7AB27BEF464E58E4075A2432539015F66E
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-2.5d02382f.png
Preview:	.PNG........IHDR.....................PLTE....................................................................................................6....003............#$&.........669.....*-.......................==@.......................UUXjln..FGJNNQ.............[]_......qrt...bdf...BBD..........xy~>..........................u....................'...........8...........{L._.R:.................s.....H+)o:......i...4..w..X'......n...O............hS\@;w...o....L..;..V#....RRw...................\|\|:=_.....R.....r...AJkzW[.k<.....9.n....v;?.{r02Q.P.._o...NS..`d...v..`,.gj....kJ..C.ic....3"............o#(..].z@...^...]....zW@....GS.68.......k..\|...v&h.....h...........ma{%(B.t..L....Z..L..[b.}..i......:o...=..sX.h.@.......2.....g.Do{....Ow....q.g..".....tRNS....Ihf.+....R....R<.......IDATx...A.. ..P..F+.../.?F.Yt.(....n...&.....................'M'..1...0}.Z.#.7e....)m\oO9..{...TqlC~.k ....}.l.%o.(.q.9.4e...F...b.M...`.dJe7.J.l..$.....F_...\|

Chrome Cache Entry: 364

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 537, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	64395
Entropy (8bit):	7.92416127965162
Encrypted:	false
SSDEEP:	1536:H5RsqmiSid4QcHs+FOSdnqLn2a4DxUN87SPpNe4zWkB8Kbu:H5Rs53QcM6OqqLnl87SxB8Kq
MD5:	8A0723E83C73C374E0533F2D7FD5095F
SHA1:	C77826D9C0B50011F1348E5F5898536597C8A39D
SHA-256:	C27E828138D0259A2D08F53A6133272ED0FCC75586F8A471C10B5CB31615EFFE
SHA-512:	0C19B333A4BBD9DA75432B5C90C29A2BF0099525F735EA8533699BEEE4AC6A91D7CD11ED915E1E7B6BAA175347D045B9729C9EBA8DEB19D03B9E496BDDAC4FCD
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-7.814d1434.png
Preview:	.PNG........IHDR..............%.....PLTE...............pppRRR..........................................................................................................................................................................................................................................SR....................................................................................rj......................................................................................................................][..........................l......~{......nk......{s.....z..gb.\|............Q.......VM.Z....yq.vpc.u....tRNS...T.8(9..n........(IDATx...K.Ka..p.....=...H&..6...Yt..D.....@...N.YX..6..!.X....C.\|..O..^.w.<....._..s....$.H$..D".H$...f.%./..FTP..hN.t...v..u.c..}......Nq....uW

Chrome Cache Entry: 365

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	78041
Entropy (8bit):	7.994232648382918
Encrypted:	true
SSDEEP:	1536:IKiW1ekBKCgKIxaAgkCgeCZwrDe4f+XwyISuI5ofFDRUI5K3dos:IceCgKGlgkMPrDe4fNkofFDRUj3P
MD5:	517898A28FDC274A85B7D9CAC871418C
SHA1:	DC4515A9663955E842D8BD4083B5CB1095779BED
SHA-256:	5AA735F3747384609123A6FA0E7372D79A66D62EDFCB15991DDA844F146D5802
SHA-512:	6EC89AAE3FA1C9C1D44B4A0EA20D6E6A82AADD93B03B8C0CEF0C1C6C668F3AA12E29CA3C24606F96607D3C7F7C8DE1545D38384B052B3B57A5096DD6519B90D2
Malicious:	false
Preview:	.PNG........IHDR.............F..?....PLTER`l................bu...............................................*37...0?F..........;B..................+7=?NX5AE...6EL2BJ\s.=KT...3>BBVcBR\GU^1:=...:HQ...du.<R_w...........Vo..../58.........^v.Ss.KYbT`i;EF...ky....n..G[h.........Nfv...'/2XfqOi\|O\e..._nzG^nx..epy...^js......t}.......8MZ...^\|.........Vw.......Obp...o.....i.....Ow....On.lv~..........................{.....s..L^k.....g.....m.....YdkV}.>HK...........VjxKq.f{.BYh......GQU...y.....................Gcu...`.....~..`..a.._..4GRs..T..u.........k..ELN.............V..NVZj..U.....9?@......Fm.................Kz.z........x.....x.....Eg~x..>\o......{..:Vg................l........ttu........V\^gkm...i....cbbF........i...]...#&..y.......vib...TQO6b..tl...F....`XV...5o...........tRNS0./.0..O.OOOOO.OOm.W...-zIDATx..1..D...Q.B.d.0L.d.).l.\|.{.o{A..F...b+r....ie%.......mD.._a.....W.$.L&.Iv.y...^9...._f.^.7..Z.T._r<..0...^a....6.4...fe....z%..^....F.%f..N..

Chrome Cache Entry: 366

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	53795
Entropy (8bit):	7.974223305065804
Encrypted:	false
SSDEEP:	1536:WCCly8m2oGlDoCk89ALyWWN6/d2Ru3t1c:WLly8m7CbmyWZgRkt1c
MD5:	E45A512CAF1BFECF4C9BB018BF791B58
SHA1:	7D56230FF5E552C828CEFCB4D1ECF8BDF0062548
SHA-256:	4DC833994645A107E10E6C346D5C5E72E792E16080BB5831559B1F83A32F0C92
SHA-512:	DE95613C44D4AF54106BBA642639744D5BD5D25107478F5E540103391DC8F7589F050DB706D9F915AE67F937D06FE89846BB63E0FFF2C2F6BFE5F2D2DDEAFC65
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-12.a1354ef0.png
Preview:	.PNG........IHDR................u....PLTE...............yyyRRR..........................................................lQFhNCD.nSI...rTI......kOC[F;eLA...XC8dJ>..................iPF...uXN...pRFqVN...G0,]I?mTNhL@>/-......8+(B20aH<........F53N95V?4......aHDA,';-+...x\U...U96Y=:...J30eMHXD@...XHGNAB..N# .f_\|aZP51R>9...qZTsUS^B?QDG.le.tX...un......lOL[LL.qj........gRMH<?.....}....zt...5&$..x.....<($..............................\|`.........?6;^QS..........L.)..........E!.............kd.....(...\|x.ut.tq........^sa^.eR...SIUc@8............\|ki."....J.qW.....r_Xa.....}.YG.n[...l.....................z...........kv=$.....lWt./D.".bu...y5U.B6....\|!.A].T#.h.....UX.i0...us....Z..?.T:.U{.>...^.......?>....~\......JC.......~...z....Uy....j].....)..{..h.&..8R\|.~.;...-....tRNS....7)T...t..qqcFW......IDATx..=..0....`........j...r.4.....+.O..e.].EY......>6.......L...a..a...jx.O...6.&.U@..d.\_..8O0.c'.%3..R..<jH..]L..'....h.].T.!4.z6!.....F..

Chrome Cache Entry: 367

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	58
Entropy (8bit):	4.178945167795604
Encrypted:	false
SSDEEP:	3:YXCA/7DgHfe3nLTQaWJDgLcYYn:YyA/7s/AFWJDgLc1n
MD5:	7C80C87F763075D7C8C369A48FB112FA
SHA1:	32AF99D18AD24800CA024C00674B6947CCED5B5E
SHA-256:	BB221A7E60F804731D8965873F7826F750F4DEF4ABBE5B3BF132A9CE4B5E636E
SHA-512:	ACAF77790AFACBF1CC42C806E6850E3E75EAEA5884446DCE2734E91E6CA68169ED08B9F83C189AF7660C01DFF7895152E9186AF187F4A12244C2ED653846F835
Malicious:	false
URL:	https://aegis.qq.com/collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=
Preview:	{"retcode":0,"result":{"is_in_white_list":false,"rate":1}}

Chrome Cache Entry: 368

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 407 x 934, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	78538
Entropy (8bit):	7.964424423912686
Encrypted:	false
SSDEEP:	1536:rA1yRNxe26Z8Z/A+rjLPBKzl0xiSvmefztDB9Diq2/Be+VM:qyM26ZH+f+l0xVXfzP9Oq2ZM
MD5:	C6065B94DEC27A8E1D605F66A8918E4C
SHA1:	9C1FD60BC378097091280F9B1F3D00AEB84DFB7A
SHA-256:	12CB698C715DC67F6FF9C487524DE81FBA578F0F31B6BA1B7914945707789018
SHA-512:	33BAB3EC2D3A38F099DC4397357EFE30A33101D13B564CEC590DCC0BA0A55C0EAC2EC33DE7BD5115C36235A7D2BD9303D08BF96ED7A43E6C756CD334C947F73C
Malicious:	false
Preview:	.PNG........IHDR...............(.....PLTE.........[XZc...rq........................<dw...........pgd..........`...je.....eX...[SX5/,..@..jE..-+#............................................................2+,......^..+.-.........}....................................:.....1.......B..U.....$#='>.........{u...TV....&...v5.......tnL..!}........jd1.....c`......IY....^c.....\|...p..XU...................k...........qH...o..`..'..#..jdp.h@....JF.np..........Ve87:..........L.....=<.........`..z...u.......S...T..tXM.A=.>KK;K.~y.xK....u..ilR2).\|.cf...u.......LI.dy....tgE:.^Wwo..ay....pe...X.qM.zvng...wz=RA.h..n..WSI\|j..U.....g.gc...\6.n.\|Lk....2....].xT.....X7~....ID1Q_q.......Ju.tc@[Qy...>iW.....%.c.h......{r.o.k/..td.V......7{..%f....Rt.....%tRNS..7..7.[....Y\|...\|.[........o.u....?...../TIDATx..k.a..s).B...Q.\..I...K..`.K.!:$uP.;d.....@.......o..K...Qp8,"..@A..f....y...7g.....>.{....r....^\|.,.hl";...<........T..

Chrome Cache Entry: 369

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1716)
Category:	downloaded
Size (bytes):	4387
Entropy (8bit):	5.875200208883424
Encrypted:	false
SSDEEP:	96:pTR7xXwyxn83rrG60PZXuacdi1Z7ZauNjIzJl:ywNZXuacdi11ZjFg
MD5:	ADC966CA2DEB9A8A2F723908842CB34F
SHA1:	8E8B2ABC3E29710F91F1ED0A402DE422B0A8C857
SHA-256:	CF9B00182F3B109D37CA8B13508B347E43E1065C4C4C4CB4C2C6C4F6BC827100
SHA-512:	D24C6D8A7BAD6FA10AC7C40413F173F9EB7548656A82A212C8F8D677BEDC84C58C50A67EC909E103373036D17F01E08365F4D5D30446227C0D76075D84B1920B
Malicious:	false
URL:	https://im.qq.com/mobileqq/
Preview:	<!doctype html><html lang=""><head><meta charset="utf-8"/><meta name="Copyright" content="Tencent"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><meta name="keywords" content="QQ2023..,QQ2023....,QQ24..,QQ9..,..QQ........,QQ.....,QQ.....,QQ......,QQ....,QQ....,QQ...,QQ, ..QQ, MACQQ, QQ2013, QQ2023, QQ2022, QQ..., ..QQ, iPhoneQQ, ..QQ, androidQQ, WPQQ, ..QQ, ..., MacQQ, .., .., .., .., ., .., tencent"/><meta name="description" itemprop="description" content="..QQ.....QQ9.... QQ9..............................QQ........"/><meta itemprop="name" content="I'm QQ - ........"/><meta name="description" itemprop="description" content="....QQ.......QQ...QQ......im.qq.com"/><link rel="shortcut ic

Chrome Cache Entry: 370

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 152 x 152, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	19176
Entropy (8bit):	7.983338413624944
Encrypted:	false
SSDEEP:	384:GOlPWT70FVi7oViVO9eJaFIntcJrlbNoldw9OBh/esTTrVz:GOlPQ7e87W9eJaKtA5mldf//1TTrh
MD5:	B8B3AC9B2ED87863B567118CC18BBD15
SHA1:	AE314CBB019CE1710D39EA0FC4EA23D60D177A70
SHA-256:	15DC12C46BAAC97C8665C5D40A3323BF7242F266FCF511E14C15EC138ADE546D
SHA-512:	0A78C53541DD77E0BF14E5799F01CD75E39C9ED2A8A51A71FB9DF9F24A3C3D2C105BC6C7BF133855F5328B4F16F073BEB7F5530C29A4BFB8BD22DDDBA6D6643B
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-6.1922815c.png
Preview:	.PNG........IHDR............... !....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..I)IDATx..}..]Gu.9..&u.-Y..q..../.2I.c......Y.&.....M.Y2I...2..pB...[.\|...1X2db......"c.V...$.[R/.....^kK..JT..w.u.....N...d:.N...d:.N...d....(...5.>{..p2.L..).+\|n.2m..a8.N.cM.@].u.,.uQ...t\|.4.td...h]:.b.O..N....f.D........[.nm.Z.s4..].>....W..4{I..+....{.._M.......o..aW..Jtx...8....E...h.@2::.....\..)....!,P\x.+^N...o....p.S.(..}.S...;v...?..~...=.....0.y...[..\|.}....>..`..m .J..;..........6..X{.8$b.#..U.}_............;...x...w..e~...iN.L.$.k.o_}.g..6.'d.d+..>z..y..O...^.........`.?......x .>.;v..\|.Oa....W.r...,.Y.u...Q.....nZ.Mk

Chrome Cache Entry: 371

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65456)
Category:	dropped
Size (bytes):	1023552
Entropy (8bit):	5.572929986497309
Encrypted:	false
SSDEEP:	24576:o2vhEaBBJBaFhijEWhT6DB4knPaGq5fyleoMFwm:vvhEa/JBaXijEWhT6DB4knPaGzeokz
MD5:	E0E514C85C4187923718073DEEA44C15
SHA1:	C0D613CAD82DBD446FA91513DEEA18687255CDF1
SHA-256:	F0E1EFE4D82894FC57AA53DA7C3A08CB9412DBF6E2BAB67CA156E214CB7EE8DB
SHA-512:	22BD310A31DEC1B28002EB6F866657C9DA5076D3CCFD3366ED577C42DE4D85DC32946BC4C524FDB18326C5286EA59CF3025AA7D4A8BBC3B02DB75A85B1CCAF9B
Malicious:	false
Preview:	/! For license information please see chunk-vendors.952b5fa2.js.LICENSE.txt /.(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[998],{7434:function(e,t,n){"use strict";n.d(t,{CQ:function(){return y},IV:function(){return C},LJ:function(){return i},Nv:function(){return _},V_:function(){return x},cn:function(){return b},e6:function(){return S},en:function(){return A},jn:function(){return E},n4:function(){return k},ns:function(){return T},oV:function(){return w},pv:function(){return I},uT:function(){return P},vD:function(){return F},vc:function(){return l},ve:function(){return m}});var r=n(3336),o=(n(8862),n(4916),n(5306),n(7658),n(3210),n(1703),n(4603),n(8450),n(541),n(9601),n(1539),n(7042),n(4747),n(2772),n(9714),n(7941),n(6699),n(8674),n(561),n(9653),n(1058),n(1249),n(7327),n(4723),function(){return(o=Object.assign\|\|function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e})

Chrome Cache Entry: 372

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (33087), with no line terminators
Category:	downloaded
Size (bytes):	33189
Entropy (8bit):	5.294048937945278
Encrypted:	false
SSDEEP:	768:TJ2o1doIibiwtqAbxpPbb9iAIiWDO0qrhGM:Too1do5ewtbDbpiAVhhX
MD5:	CF488FED3EEDB865252FA36593AF5C10
SHA1:	9FE86329F3F7C19EEB7916761039421E7281EC17
SHA-256:	1EA86C2BCBBB479EEFA27B9D1235AB3CCE546F503E9DEF968C994B24F2B3324B
SHA-512:	033DA8181C2AA2ACE7E601EC61890FA89FD96B592F07D09DE4B5BE520EE710FAB811C540E90D01C4974DCB9BAE0569739467E44C8C92E4C13CF803A8F7B57EB8
Malicious:	false
URL:	https://v.qq.com/thumbplayer-offline-log.html?max_age=3600
Preview:	<!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1"/><title>Thumbplayer ....</title><style>.none{display:none}.report-area{margin:10px auto;border-radius:3px}button{padding:10px;border:none;border-radius:3px;background-color:#409eff;color:#fff;cursor:pointer;transition:opacity,background-color .3s}button:hover{opacity:.8}button:active{opacity:1.3}.progress-area{display:flex;align-items:center;width:100%;height:30px}.progress-bg{width:100%;height:6px;overflow:hidden;background-color:#ececec;border-radius:10px}.progress{width:0;height:100%;transition:all .3s;background-color:#409eff}.progress-text{font-size:15px;margin-left:10px}.message{height:20px;line-height:20px;font-size:12px;color:#474747;margin:5px 0}.report-btn{display:block}.report-btn.reporting{cursor:auto;background-color:#82bcf7}.report-btn.reporting:hover{opacity:1}.report-message{display:b

Chrome Cache Entry: 373

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	37338
Entropy (8bit):	7.968698839749081
Encrypted:	false
SSDEEP:	768://YuAvxMeH7kBGYX4go3Z/MGuRIlviolxzxU8QgxjZgHHaHIDaifSoD://YuAZZHAnneZ/1lvio1vZyHaHIGifSU
MD5:	74C4ACB3BA4360C7D5D1FE123693F5B3
SHA1:	6D017B693A7A076ABFA1CE9C223244A0DF4B57AE
SHA-256:	B8D19B198222BBD3585F56E8392DAA397253388CC284495DD1C5AFF4B9901D85
SHA-512:	9757AFBC70F2B2C0EEE233805D1FC54571DA2AA23B2A0FD332491DCE8ED64EB2182F84523E459D773EF4495D2AF9120DE68C36F5104A76EA9F06E64DB6220456
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-gm.6afa3939.png
Preview:	.PNG........IHDR...x...x.....iC......PLTE...406.......+1,/...}....&"&.........%."SJQjep&!$...baq5,1nepODQ...i..ZOZ\MWXJSUFPN@IRCMj\eJ<E...n_khWc@6>9.642dR__O[E:Cvhr....jZj..zlw...rco.w~...F6?..~q{`T\"...dX`......;2:/&-...#.$......@1;........'.............. ..........utu...x...........~........dTf..p..........w.................ofl...............6.&......lp....xz........^a.....................idg...tz...WVW...u.RNQ...y............e..j.........nnoLIK......tex...M..=<...go...EBE.RT.g..JGF/8...m^v.....___.22>'0....i.....{V....dk.\......w}.pw.:O.s.^..RV...n..dc._.cN...uW....Zd....n..@G.EE....\|D.vU[....J.\9A.T.H!&gFM....NWt=....tj.\|H.....t-3...}..t..}..'8....bv..~.uw..Bb.Mt.....[.0Td.e.....BP.1<...>m.fL.;n.i...#q.X8.UN#tCq.9....tRNS..../J..Ud.......s......r.I...pIDATx...k.`..[..u...'o..0..hJ...zk..1..X."....R.P...AX..\..e.../z.C.x.....yZ..mU./.t.......<K.. ...b.H8......-.f.W...>..........\."...\|.

Chrome Cache Entry: 374

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1570 x 1235, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	180224
Entropy (8bit):	7.942644166049811
Encrypted:	false
SSDEEP:	3072:4CthhIhWl9r9cvgKicJH4ptsidifbavD1WZSycptum71/RkZxs:zthPRBk2TEf2L1Hyutjixs
MD5:	357CD37A08EE79C438C8B218190ABEB6
SHA1:	6080632DE5F4AF8C5B0CC12263CA39C9543387B7
SHA-256:	4871FF4C29D7E7A91C891B4B477C8F77DF9720ED3091563666EA19453B56C511
SHA-512:	ADECB6CD060601425704A23FD79CA23415BF7B2374396D225FA22758F4CC012EB1DDA4853B287E37F91B924BC10C40B64D8120B90AB86C24797ACE0AA6054F66
Malicious:	false
Preview:	.PNG........IHDR..."................PLTE...........)...........................................................................................................................................................................................................................................................................................................................................................................................................................................................74-...)%....JC4.....vOLH....n....ygwpa.........ogY...YY[...[UFihkf_Q?>@...vvy-..........~....................X..............{....................?%.....zF...y.......wo..q.......`....\[q#......L.w~uD=.......V..I$X.......db..>Fg.q\......v....xx..k.W...."[.q........U...E....1..*...."tRNS................_.ierya.......1..a......IDATx............................................f........._.AUUUUUUUUUUUUUU.=8$......../L..........1c...(.n.>..B..J.,....kK...o.0 J.f...

Chrome Cache Entry: 375

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:y:y
MD5:	81051BCC2CF1BEDF378224B0A93E2877
SHA1:	BA8AB5A0280B953AA97435FF8946CBCBB2755A27
SHA-256:	7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
SHA-512:	1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
Malicious:	false
URL:	https://h.trace.qq.com/kv?attaid=05700050920&token=3619167286&topUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&pageUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&domain=im.qq.com&channel=0&from=2&version=1.15.2&platform=&kernel=origin&_dc=0.606426968780398
Preview:	..

Chrome Cache Entry: 376

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	50879
Entropy (8bit):	7.967083991413486
Encrypted:	false
SSDEEP:	768:oR7CA1cJ1DCqnNBIrdBIYEMBLtUwpl5N+DHhMAgrL4XWQ6iHYoi2ex5d:oAbTOqN6v5EQfl5iHyrLGpHwF
MD5:	8A759A3A1692424032E47211CB421A5C
SHA1:	85D3835506AEBBC06731C140E211BF287DF67E7E
SHA-256:	77E97533A708391B5ED096E28BA09837B4203FF78FE08BCB02943E89CC5960C2
SHA-512:	75AEAC44D2F3125C263DA6A51C47224C09498800AE0DEAC536C4C18750255FC7F4DC0CC58708C0FF39CEA2BA2EE4E10AE6EFF30727C1C5FFDA9322C250F3D82F
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE...............nnn.........................................................................................................................................................................................................................................................................................................................................................................................................Y............................vn...e...z.Q............l.........r.........e.P.I.....y.._....b.P.....Z.....................z.L.....k...M...~f.K....O.J..K..Y......w...s.W......y...............rW.ZxS....r............ts.i{.........x......x.#.....tRNS....T2..n..t......-.t...YIDATx..r.0..&.....r.m..........i...VOz.>bI..@...^.Z-.$.[6./.>...A.R.T.J...>T...L.R.'. "O....@~..o..E.#K.:q9v@..v....no=V..t%..._...qv.U' .

Chrome Cache Entry: 377

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	64092
Entropy (8bit):	7.992531468178547
Encrypted:	true
SSDEEP:	768:w6rLtcso3GkXCmVetR7ZqN1wKLNoYzHVZswwOZdHT1XiNU2K8SkAwUhpkX+U58NW:w6ra72kXCMXfNHsw/ZdHTE68SkTMEeJ4
MD5:	B3F8BAC78A4FBF8CA55EA0759B0D7ADD
SHA1:	3BB60C748E6F6D31E2E98D65F2ACCC2CDC27D5FF
SHA-256:	D105E7F68E5ADC11E3A7CB7C93355FAB28BCFB9AFDEB7FC3B730684633AC9701
SHA-512:	7E1FC67B286F47931DEAD8170071A6AEDAB531D05F802F189339845A1911280EBFBB6A44E4AF85EDB577A110BB9E68D2260D73E71994A37B85B0F482EA1DE11B
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-11.dabd0e54.png
Preview:	.PNG........IHDR.............F..?....PLTE.;)4/.9..TS:W]Alt`WaG#..YV>....~:H>2PJBP6=D..24.!..".....#..... .."".............& .%&....%#....!,....#.......%0.......%%.(+....(.!(....+$.........,:&f8.+3!.'. "..(.NXDOX;$>.hs_(6YnV...+<2cmX/8,S]=./.....$/%VV@.0!FC&67.+C53+.];.51.Y7.35$....7r^u\...@? .4f5&.S=. 7)6PH<..11.;K@5?4...$6#3?,>7.QQ>=D)WX8l5.bug3..Y_@...DJ)qud...QU3`mNV\I\ePPbCj{g6="..../YMM7^fY...irT"=.-K=`m`t:.YP9%C:Vl`MH-. %K9.iz\<:(hgQ...e?.nl[2C=b}pUve7I6(..\|..nzoy5..<}18.TK3H\JYfF_5.FU=a~dCE5~..+MG`W@zxf<WOEO4vwX:<..+LPmY...ScZDPGQgMp.t)5}s.dYB..#0cbF-C,.%>/TQ......(A.q-_GA.q@.F`VGmd\|.q,(.<..I;#}1m...D5.i/y... 75p\|.x..y..e.\|Rzs.\|eb..x251P.......<c....i..\|.m......s..7`]f...5Pj,K...\|...[~.TP....vw.B]....bg.6R..GxXs...kIg.Nr......~l.....~oY...........u.........P$!G(Xc..5#6............tRNS$....``...`._...{.}.....IDATx..Mh#e......i.&...r.,Y. .N......a...!....c..He...`..CRbh6..f.!.[v..E.."......_......X.((.?3..v.l..7..#{.Cg......T..{.^......j.W..\|.A..N..[..

Chrome Cache Entry: 378

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 537, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	53918
Entropy (8bit):	7.967764757896754
Encrypted:	false
SSDEEP:	1536:J0sY0OWIXy1iBm14ZDl453WtXIFchYgIoZkmiHS:nriA4Zu53WtXI8bkVHS
MD5:	8A85AF6CFFF1363A4E9929184FCF95BA
SHA1:	AB3AFA199DA9B52067B4EF608AE3392BAB51FD69
SHA-256:	5A45C326B7F38945F2DA4CE282C29DC36C995EF27AEA10C057F051EB1F54021B
SHA-512:	63EFFAA3BD0E8EC916A289ED73D520414D4AF5E1E942D54CEAAA4501499060B3D04C51B56F2736251C064CBFAC9A51825041F4FA99934CF64F9A413E1FF7CADE
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-5.497658cf.png
Preview:	.PNG........IHDR..............%.....PLTE...............nno....................................................}.............{..}...................................................................................................................................{...........................................................{.....................w...................................................................................~........................................................................u...............}.............r....q...............}.................y.................p...g.........w............h.............................\|.[...j..}..R....T.U.qL.jB.so.W?..Ky....tRNS....T2....v.n...%...>IDATx...n.@...ibE...AH.^u.&..KT.bW.T..]@y.n`.H..X..#..[.9....3.q.m.6..7..g....q.D..A..A...C...X .=..x0"....}.(.Z.:..)#V...e...N.i....5.....r4.[.R..Vj....

Chrome Cache Entry: 379

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 313 x 313, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	10656
Entropy (8bit):	7.932010847910039
Encrypted:	false
SSDEEP:	192:dqYYJPT4gghFpEJj2dJQ2wcT1hSqnURRJBvsSUv0p1:k3PT4EJin3wcT1hSqnUbnve0p1
MD5:	F561E3801404CE76F185066FB255EAD6
SHA1:	6AD3FA571900696715A1CC1D684E2050793F2BDF
SHA-256:	EEA0D44FCA098300A7D54F9454C936FCC494DFBD6490F2D3F9CAD56A772C6FD7
SHA-512:	847229EE9A5E7F7BA478775A2D495F5906DB8E4999851924C66B84572D6EAF4C57F9706E9BBFB7214853651E1F57F4B7588D89FD1397144FFBA5681C1890E290
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-23.132fbdba.png
Preview:	.PNG........IHDR...9...9......?......PLTE...........................................................................................................v..vs...........w..w..w..y..wE\|......w..wV...xr.........x..w..x........x.....x..w...g.........v..x.....v..x............@{........w..w.........t....<z.m.....p...x...........`.........x...........x..v..........x...n.8z.............o.......w...~.............y..x...............x................r........wv.........x...^...~..h.........................{..............v...z.......i........~.............^...........}..........................v....y.......s.................................o......K.................n...........{...........\|.......x..........}.T....l..o..i..{....g./?..."tRNS..`.``..;.E .........pp....D....&-IDATx.....@....Y.f.+L6f..L9.4T......\ga.{.....Wj.5.....W...}..Xd9.x...W..##..B.!..B.!..B.!..B.!..B..7S{bY.....X....d.<{\tE6#.y..}...

Chrome Cache Entry: 380

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	58441
Entropy (8bit):	7.9430727556328
Encrypted:	false
SSDEEP:	1536:p5ML7XgwWC4GpozmQD/gGckcz1a4QrZBdfqLRBYsp:fe7H0D/ghz5aTKp
MD5:	A2CE6F8AAB6A24D6CCC1D29D892C347D
SHA1:	802C2AA62CC9C1FE8CE3E4DC03D6397472130AFA
SHA-256:	152672C20605881C313AED9004E060F2F6EA4C7F8AC59C8736A5177B1D490D50
SHA-512:	74266FA440454CF8AFF3A0A88400FA24EC63501E57DB824A3435B760EDB5B7ED0A1FEA7B20439775B6CAE233004FA4DF108BD5B874B8D69A0B2EE5CDBBF490C1
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE...........zzz................zq.....u..q........}...........w..o.....z..................v..y..........\|l.......nf........M..q.p.ti....qm.^j................r..?..C..s....DI.iu.F.-..KR..U..r....4.....\|....8."y.T].....}....<.+..;...Q."...j...o5.f........@6P4...j.{<.,}.T?...{...b....~...1..........#vH5_....-..g._.......+..'..L..Wz...j..TDNL...M.u(pL6A......e0....-k....>(B..?C.z........?../Vx.....pOYvv...BR{]...:....;u.WOau.....&.D...:<....&o......Z.N..X..w......v........N..8[.<Gie..$h.E.....p`n..........q:P...]..j.Y..:..,7h`Y.......Q:s`):..........fQ....m{...M`..G.6..`..Ns...Jlq............d..Oj......\|..E..K...ye/.......n[.....t.n........x,....\.....).o..........\..B.fn.g{.IK..~.W."..p.HB..R.Lur.D?......tRNS...U8.s........IDATx..Mn.0..+4vJB.....)."k..Z.f.....=F.WC.)..ub..(QJ....q().\....r.\...Q......T...#.`6.\.........$.@...N.CH,....../w..+....nF..}Cr..,H?.Qb.Tw....*b...

Chrome Cache Entry: 381

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	47110
Entropy (8bit):	7.976803512948249
Encrypted:	false
SSDEEP:	768:9L/Dm1LC5bpkhvjZFXEHBWDiR6QvYUs1TC+vLyq7TeZLWYTEeNbZcib/jppeR8GB:dmRC5bpkhVFX/2k1TAcyTzJdXpAJ0jKz
MD5:	2AB8F5C5A6C57CE00974E904430044B7
SHA1:	DE1C4F98727E300F9F491CAAFD9435C8EEFB8B35
SHA-256:	4B320A69C7597D83F9F331A715BF923613181AF8AC32D014EC40E28B0C6880E0
SHA-512:	35C0488B00B9E25681B446EDF82F9F8AB648C230CA44053BFEEC2E8E26B33C9C2063F713A1459710E3537664E91E9D737296074230010FE7496F5B5DD4E4939F
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-6.1dc4108f.png
Preview:	.PNG........IHDR.............F..?....PLTEM=.\R^4,5pr..B..<......9..).P....$J.......9V.@[...'....rU=).x...E..Z4U..h....z^H/.~Vd....H.....pN........G5%%....lS4.vY.i.Ja.......z_....^..s.tQC?.........}.....&O.VHd^Ul~g.uZAxeL`[W.p.F<5zU..kQ.............RJO.}....h}..o..tD:D..wqgkf^_Q.nH9N.~jZo]s......{o..id`..h..l..K8....h.[C..F)....4~.......of.........8)".[..s`.p.8..`I@sUYcVG..p........../IZ.V1.sB/.kQwl.....+e.S.........]..lg<%.\|\..W.\|.OT....v...'".......^IUj...l...{GQR}..A..Scv...m.............&...eMS....Xa.%2[.....no..{..`m....4.5...u..J@V...}..{.....yJ..O8...lm.Xc.K.3.z...pL...8.............O...f..i:vn._89....~u>H............._l/..x..xI.c...4Dp.......S[B1......E..}R!...,.d%..s.I..............2.%./.Y#ap..u*.V...3b......e....7B.w..za.]..eb.Q.Fv.@.......tRNS@...'.......IDATx..kllS.....f..H......GN..WB<.....kB..!..A#..Q..-.IP...1M...f.j.Ns..L...(.D.A................K....O.}ZZZZ.Bg..Q.N.D.=..D....P."..^..#Vo~.J..L.wFY.D.......(.~..

Chrome Cache Entry: 382

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 362 x 362, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	13803
Entropy (8bit):	7.936047500471041
Encrypted:	false
SSDEEP:	384:XToMW/+wWSgfERy/c2BT7ESs8HaIcHQDsZbW4K:jW+wrg8YBUIaIcHQYRW4K
MD5:	81D7CB8BD7DABF68B4708E360C1A3AF9
SHA1:	B37EDE8F179BF294F55D6E8A7F3A6E485D17FCDB
SHA-256:	32C09443BBAD070BE70434F6677AA6526231809752E1351C7408E2902C5AD858
SHA-512:	739898A682022545643C9A9320152E0A4E94432FADDAD13E2BD2763A634518494E7450DA39C627F7E0923EAEDE3B7DF185BE7D4658DD15BCEEA7E883CBD97257
Malicious:	false
Preview:	.PNG........IHDR...j...j.............PLTE.......................................................................(............................................................................................................................................................................................"................X.........................................................................................e...................r......l.._....`............z......u..q.................._......Y....[tRNS...... .@ .@.@0.._..oO ._.`....p .._O......`/........oO....o@......o..... ...l....3qIDATx..............................].{m...x.fP.>.U....){..p..b.......(..y.C.&..._9'......'..{.p..sn.......90@..z..W....7...e....O...........O.._/nN......8.M.h.y..........G.O...6P.Nq.B..h...O...s...t..c........Xk.~.$Ib..~.....5.P....^.1.&......`x}.. .6*.g+.E....n...6.....Eib2:..y..M....)7`.i.h....(...Ug{...s......c+)mm....V..,.lw......<..4....j'=...5.......u..62.."...4<..

Chrome Cache Entry: 383

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1076, components 3
Category:	downloaded
Size (bytes):	81925
Entropy (8bit):	7.712420480647295
Encrypted:	false
SSDEEP:	1536:GmWQQjVmtXMAQ2cs/Q4q5/6swII60eNUAarYphHkreGJBN1mwmo:QQrtXc2MrYIIdmRjptkr9BNowR
MD5:	7B0ABE7BED4DC357226C2C4BDABCEC2D
SHA1:	53463626DA4CCCCAE2962274619A022B4563A1CF
SHA-256:	1A3C2CE9B513F5074C412351839D0D1A0ED84DDCE04BA30AA21A1DCF4DB4D523
SHA-512:	9EEC358DF3828E5F3FF549359495F7F7F70FA378A8921ED73C7C1118725A21FC4B1C59121047578457AEE16E6EA486BCB0FEC34D17C7B51942F5ECF48D00DE2A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/qq9_introduce_poster.afa30316.jpg
Preview:	......Exif..II*.................Ducky.......D......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmpMM:InstanceID="xmp.iid:84972B9E904411EEA99AE0B90F894467" xmpMM:DocumentID="xmp.did:84972B9F904411EEA99AE0B90F894467"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7C573D7F901111EEA99AE0B90F894467" stRef:documentID="xmp.did:7C573D80901111EEA99AE0B90F894467"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................................................................................................

Chrome Cache Entry: 384

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 243 x 243, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	8670
Entropy (8bit):	7.87551147076075
Encrypted:	false
SSDEEP:	192:SmFo2tPjYj5vYPrkZPqz3V9VE1iFYVKx85EyKnqS5EvQjs+:SKombYjW4A77RFYVKxEU2vQn
MD5:	045BAD5526851F2D14DF3BDC67946623
SHA1:	40106348D7139EEC4C91C9C25645883F18648080
SHA-256:	D6BEFCD61EBA657E81A623A45EF30695B9F436847D13ECF9362AFD522B93A006
SHA-512:	3ADF77F149D974172435756797D0BB3E313141FC850EF6AE4D6E40FCB4993B22DB4376E881DB13B4FC1A822956AADB82A25DAAA4571FCE8F2FF199DB78815822
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-8.18097ed7.png
Preview:	.PNG........IHDR.............d(......PLTE...............................................................................................................................................................................................................................................................................................................................<......................................................................................b..`..............................................................E...................................{..u...................N............o..N.........._....b...............N...........h....?...O.7................W..M.......%..P..x..\|...........v..v.......l....... .....&.....J..G..A..].Q..W..n.....v..v..a..K.5......$.r...atRNS......@@@. . ....@..._.._......` ...0 .....p..........po`P0...o```/...pP....!.....oP!y......AIDATx...... ..0...~.X0X$...G$.A.........f).Q.....=...S....l^..(>.".....B.Z.+.-....p...(m7%.1

Chrome Cache Entry: 385

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 863 x 1584, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1168126
Entropy (8bit):	7.991501408732424
Encrypted:	true
SSDEEP:	24576:n6hPogblOenlw5jYtfzU2bTUKm4u0RJgjVL4fGqnhOWR8ybDcliMfs:n6hPo2ECS5ufzU2XUjd0TkV/E0YTbDkk
MD5:	717967BDB03DEE08D45E00C98E1C7835
SHA1:	997A961C2BCE7A02BCDAF5917B1A331563F19C7F
SHA-256:	71EBB3BED948A2CF3113C87B8E67592CF0A65A5C6BF8509AA4885837FFAF53EC
SHA-512:	A3C0DC87699C51412677560A9FAE7EBDA422497257F53872327B32E73B05B1411CAB9A32E72FCCD010DBBE0BCAB0DF39B64F00A507A42C648861B1FBBE654FBC
Malicious:	false
Preview:	.PNG........IHDR..._...0........A....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6...?IDATx....e.&..:.0.S.$....+.'......C.PwQ.p....^...,....}.Z.B..a.`..... ...LT{.2. B....'.z..... .D...***.r...Q=D...G...]_.../...o..+.Y.O...O.t........qm;.o.K.....{e.9M....}..t.......3....5ux..m.f.......^...s...\|.Y......Y.Ke=..w0...R......=.......\..>..t....uX.;......hd.....V.6.2.9...<....uK......y...x..eV....r=&.+...#yH...\|a...~.l.<.G.f2.#]8..\....2]._.1...c=.v}...g.B....z..g........./.......Y..s>../9...s..t..}...z.l...^D[/.L{o...cKIQ.{.....V...n.@....2f..4.^6{u.DwV..(..i]/. 9.}..u..i.^...-3....A%_...{4g\|.H.<...................-..?

Chrome Cache Entry: 386

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	181293
Entropy (8bit):	7.987444042817545
Encrypted:	false
SSDEEP:	3072:a2aab2VmV5SPsWvwafEk8sdTn7KM/8mYol/UaWEXSUM0gRRnuZfETo4A+Mzq2qz0:aFa6V+Wvbckd7sR2ZLXSagPnuOMzq23/
MD5:	06E40876E3D85A102B955A1BCE327E7F
SHA1:	EC09F1F5612C2B09C6C6AD37EDCF7D1CDFAF220F
SHA-256:	2534CE591FC99AEFDCD189315B494C9BE4D464AEAB2B957E03A092B7F6FCD82F
SHA-512:	3D0911C85AEDFE54EE3FF0447EBA8959393A146C11C29DEC443F27F98083C2E5EB2F680C3BA978604625ABC3D403FEB296C63EC496B91E0246054191CDA1036A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/scene-bg-x.6a1a9834.png
Preview:	.PNG........IHDR.......8........C....pHYs................eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6...nIDATx...v.8.n..z.3xS..l.V`@.....m..2..X......&.a.`...`mn..D.j.......(..mH.....x..V...x...#.k.Wh.?n....-.V....X....K.....V...m...l...(..-........r....@.....Q.=B>..X..fL;.Xa\|gF.......!........`n..m.g.C...3..3.m.r....3......`.....yff...`..@....(?...y.`-......<....Y.m.....c<h.-T.z.?.B}...0.. ....&..ZA....]p>.7.C..H....w;#......Y...b..1OiW..C..X....z@...Q.G...`...\|.x.sv..A].6...\H.V........B0@.l{.@.....`-.V..s1.u.dy....C..@^.....D`.=.~.@.......a.=...Fy..s.uD........A...........a...V ....8f..:.........Y.....GDh......v ....0.....k....^0.....7...p.B>.

Chrome Cache Entry: 387

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	59873
Entropy (8bit):	7.975051851127102
Encrypted:	false
SSDEEP:	768:RsP+dBO2mkqldbtMDjJkoyfiP8HMJE43RVRTvlkLwTXuL55WBU5W6EL3IDQfCWSr:emdBHmFlJtsafpH5wRLGqud8h87Lk4
MD5:	CA542FDC551D6A47773C942ABA49E1EF
SHA1:	C5E4AD7B86B6FF99AC8ACB6CA5AFE1DB3014040C
SHA-256:	7230FF37FA7BF159A3A483EDEE96D61C533D6EB3299FEFB7277B1BE4CD7C850B
SHA-512:	4D57930AF3A1C5D9FD3BC1B86BEB14CC553697E37A45AFB1C4D5C59B1F3A4420E7114DCA138F7D76377030F526D6BB30470551F3D33125CDA5C24C839587CDD9
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-7.12c86460.png
Preview:	.PNG........IHDR.............F..?....PLTE..-)......H..A0Ru....../Rt............t...............0O3.("..-Af+<]'6S.J2Mu.%D (>...6Ik."7,.......2.....9:S{..?.."[TZ%.E0S.RJM"3\+Cq..1^\pJDG:Z.c^hecoSOW..)ihwKc.`Z`..+[Yg@.4......fav......8C]<a.... >_3<S.....l\|....4JEX.&..u..^v.o..ZPQBQq.......Ul....VUaIGQok\|Gp.....8jXk....<g.e~../Yrr.P`.A=A."."Nx#Hj......616......J}.fq.-].j_]{~...........v...<`.eo....w..FOco........qw......8*&).....\|y.9o....7..Z..L.....Ip.......Yf~......................OZr...\y.........y......^.....f..pgj"...........{m.O.Y>.!L..'l. [....~........jWN..y[LDu...ja...x_X......:......y..,~......ur`..k...&....c..,..QC;...xcy...C71...M..~$Fu.._..d..shU...2R...z..S.7b..x.2.u....2B.N.+.....w..L...g..o..D...B_.0.....s..Rl.Cm.6.a..Fqg._.....J.}...e...I5B..[Sh...v..m....tRNS@.@..?.@.@@@@....[...IDATx...Hke.....?.h..~8"Z..tk.L..O\Y7...kR-....l.LZ..e`.EB%..........cq...."Jn6......;.k.s....>....{V..Me.._.e....%.qp........30;.2..y....9.N..?..F.ssc.AT.

Chrome Cache Entry: 388

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 145 x 145, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	10613
Entropy (8bit):	7.969519207899228
Encrypted:	false
SSDEEP:	192:r4bYlWiNrG4NCDipJIfC9w24iNxXOijd9SmsoSvj7WZSPnrmedIQ9eF:dWTeC+p2f615hd9SvlSZ2txI
MD5:	0CE957FF769D91BF85EA8FA3BD1588BA
SHA1:	473D549616A57378690BCB9D7E6D235E21DB1FD1
SHA-256:	E7D7409888C659FB0A8C797E0A374FEBF1CB555889AF77D6FE99A83BE0F333AB
SHA-512:	D175ACE9220C956AEA0248414DD715ECE08EEA3972B3792364B938A9786624E5EB2CF2BF8E40347FB21B05ED99D7E9F9A15C53F512A1174F857EC1A83803FEC3
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-7.c9b84e44.png
Preview:	.PNG........IHDR...............Z#....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..'.IDATx..}.t..y.?..\<......H..%Q.%...:.)5....4.i.:I...-.m..>..:q.8..k.........G..(..D.H.DJ1I..H..A.\|.$..x_.{'.....3;{q/p/...#..;;;;........5.PC.5.PC.5.PC.5.P....58.9....b.ACb.....5.P..<[.....q.l..jpA..!^:.I........8..../...W9j>.....mA..%...>.......K...3._....+..=b.M.J=p..'Q.@.N.\|......O@......@C{.&.UM"'.........$q.h..R..).UG"A..X=.~...r..P#....D.@/.eS.8[.).t....R......U%.bl.......'hh7^.j.G.......?...34...pE..I4..R....l.....p..I.0.X..@.C...........H..2....9D;..*....2^.$.3..W..;......\|.+P..H$I ..n.,.d>.C.p..Ys.5a....@Q......r..3.....$.V._..x..

Chrome Cache Entry: 389

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	OpenPGP Public Key
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999605959277708
Encrypted:	true
SSDEEP:	24576:H/kmGjt6aMuy/sbcrBB7Ewd33A/J7gO+4daD3mwh2FZ4w+B:H/klx6aMubbozD33AaIYDBhsZ4w+B
MD5:	BB0B360F2011D60B066950F64FD155CE
SHA1:	C312997B7A77157C038E440A87C9D91170FC5879
SHA-256:	488A9E136B841281F72A3A50082769073D53AC8772461638AD808E27DA8BB670
SHA-512:	2B36A2EB5B7D868132547F483758C31100EC0FEAEF510FAB9EE8C5E767796FA31F3174AAFDFD7EDA1A2E25AA50CBAE51D8EBCA4B8E2CC93F96EAAA1C22DB2986
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:7
Preview:	..8.:io.LT{.J%..........K...]..a}XL.....+.a]Ab...l..,....}f].t..)!B.~...Ed......S[.#.1..._...l.~........s..[.E...0.J....f.N....xu".K...?.=Al...g...5.....oo..X.D.._>.....8..,..@RS..k.......}\|EL.3...."3.'O..}L.kD......p..p.<..EB....P..J.`q..Cu.V... ...\...d/........&t?..;..R.-......a..+0...M...m.v.B't..~B./..o..=.sW.I.K).........[..}.C..]....1L..t...H8....t...#.......d.J.....8coY#...y...:4S....S...o.5kV....m...a{/N......C..S&.W...g...L.%1.Z..1>R%#V.WY..8By_O\.....D/.S_..r.X.X...4.]Ogi.qe.-5k...3.....}..axr]....4._......}&....7.....aq..#.8.2.....KD.9.R...J-}H..>...K..+......V%cqc.j'.......d.....1+..,.T.tO..&........O..]k.I47...F....O..... G.....}M....r#E......;.....v.#..S.W.....jb..-....T..+;..K..{.\|8c,(..h#+{;+..y.:.um.. .yu..'. DF.H...@.jp.v..?....9W... ............R .3..mK.........Q$.P \|......K.......M_..-.)....a4ny....ft....ei.0..p+Q..sJ...G..X...d..o.tQ.V..e..U.o[.n.3....5...{:r...H..F..IrD.0..G....;...1\.Xb^x2Wd..

Chrome Cache Entry: 390

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	35833
Entropy (8bit):	7.968432364063312
Encrypted:	false
SSDEEP:	768:uRzyOy/ma+XXWqSA86MlBjK3ybYd1okZiwF:um/VEhMlB2ibYdBMwF
MD5:	B3B6BF49A0DAC771E6231C8ED7B50B7D
SHA1:	7D08C613473985C3DAAF49EC38066202D823565B
SHA-256:	70D372944A2862902B182B09E2E6EAD81242FED2BB7E9C01448735C63A230F20
SHA-512:	093EA5D747DFB9822A52A969982789A03DE9311DB21E7E4AB1DC70A87EC35A2C87148F1121552C8006CC40FBD74567C2280BE9125AE5DF8D5CFD7B6E4CA5F073
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-jy.26b790ff.png
Preview:	.PNG........IHDR...x...x.....iC......PLTE..........tv..............tu.....vx..................t{t.df......h....Od....q...........................................................................0!3......(.).........................d`...................{.?=.....fi........x......oe.................wo.....:%;.....u...\|}...x.Y...qp....ZU..CB.IE.....d....~...yy..b[n...TT.KG...{...UQ.......o..PO..........oeivTG.sx\|np... .!.qe...^^........gG=V92.n.U.y.]v...L<N....c^B)$...............lfG.n}Jh....h...r.=?.uj.^O.....h........s..h..........=p].f..A?.....}.>M8....It95>....p..{J_O.i..U.u.nq3'1\IeA\........]RYV+ Qvd.~..C+...^......S....deZ....\|...............0/..@...........S..8_..)^..]Xq...........Zp........U....]...VK~.i....tRNS...!? .U.E}.lq...............Nkd....IDATx..k.Q..S.Kbb..F#.D[....5.R)I'.B(M@.+......%4C......s...8\...(.$.....%./..~........}.^........^..B.P(...B.P(...B..w.B.h4..(.&..v.4.B

Chrome Cache Entry: 391

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 288 x 288, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	10792
Entropy (8bit):	7.928512726156912
Encrypted:	false
SSDEEP:	192:hhbDB4gaxuT19SSZXbMyqx0kXFrtduepb1MI1w8M3Y9eNFUUyozDnkAQ3vU:7fB4gaxuXS0XbMyS0EdPpdM3FFmkDk18
MD5:	85632BDF7020DF4019A08F5DE56B7BE4
SHA1:	247E066BB8367E6750725693BE345553D4DD5E91
SHA-256:	145D5C4071C5D749832B4568A0B8F688897F2ABB80A0B10BF0351F919B07F04C
SHA-512:	4EB48499EDA7319A6885E7EAAE888C043DB909E0DA25C15FB9B01C5D85B7E9FDB926E9B16EE882B9E454CB0DE21EE0CD9EF181028ACC74B81516EC9653ED48F1
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-3.2b846208.png
Preview:	.PNG........IHDR... ... .....#]^.....PLTE.........................................................................................................................................................................................................................e$.......W#.[ .d".c".\..a".g'.......c".g#....] .......`#.j+.a".`".......}G.^-.m1.......^ ._"..._ .l-.w?.s9.Y#.....Y.W#.....M.c.........g.^!.d5.Y&.n!.....k.Z".]!.............yC.u<.k".....^..V..w....................\|V.\"...........c.z........\#.v ...........t.s..Q.u...............\|.X".f..k.........o5..............p.j>.q3.s.......}..k....p..........................._.........................d.vN.s"....................................................nC.{ ....................o..z...wJ.vA.m9.e+.l=.t..f..Z.j".q!....'....HtRNS.........(..>.0.......$..H.wc...ojS8..L.P,..pC.W`4....~]..t....zZ..c...&.IDATx..yP.u.........r.}...j.?~.N.(..@..!......C.....DG.#.X..GG.Q<P+j..v.5.1...6.~....I.d...C.x.

Chrome Cache Entry: 392

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 113 x 111, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15596
Entropy (8bit):	7.9763092156654105
Encrypted:	false
SSDEEP:	384:VmgxeuEZVy3nfBsKu4dgFIvUaMUUaLEI1uUKG:VjoVyJAmgW8IEWunG
MD5:	405EFA58AADC182793EE0EFEC2D849C7
SHA1:	B4EC2780644B2C5498FADC39126CE2FB5306DE89
SHA-256:	91264AEC36D0386073531F5D5F4A135FFB4AC2BEC2FE45E2DFD0A495A0B08DBC
SHA-512:	102A3C3218A80994700EFBACEDAFB7F636CFAC6E5035AFD5DA3B16CA8DC16BE8A0F30805F8D001D4ECB34B2C24EDFC14F23CBF2F0F5C8AC34CA35D056D18E5EA
Malicious:	false
Preview:	.PNG........IHDR...q...o....../;....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..;-IDATx..}..]Uy..p.;..n..@..$(..AQ..E.Z).....>K..}}m.......hm.___...S.$P@...0.&!sr.........^g..f..?Y......}.^.........u....&..V.\8...W,..i.....{[oo.K7.t....$...v.../... ...R....e...<..o.sxx..x............}_J9 ..\.p/.0\.@~w.5..F...."..8..R).M../.8.s..$F..J./..-n'.ND....;.....AC....<A"....x```\|.......a.y......`..#..x.$F.=..$@...B...o...Dd..#......L.".x$J.kI....t+..wx... ....kH..k.....B0.$b.b5l..K/...~....".....l..Kf..".c:.E*.I...4r~.~..q.....]..H..H&...u......I.#..l<. "..D0Z.<.z...].....k.g~......,JI.RC.Ll.M..n..D..WmkT..C=.....JvI...g..9..

Chrome Cache Entry: 393

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 109 x 109, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10650
Entropy (8bit):	7.974743785874016
Encrypted:	false
SSDEEP:	192:1RykbutDjmIpiZJ74aSo0CSrXt7ORWR26IIQ8ihVzh1TTNLg:vAxaIg8FovaR26jQ8ihnlxs
MD5:	70E6CA8E5D7D983AED25C7A3AA5FE556
SHA1:	2669ED69894AB0CE4BA4A9EFF19843BC0DD19515
SHA-256:	BC64C29E5189BF9A3BFA33BBA2A87EC95B09A85450BF65CE6CE1EB03B5D46842
SHA-512:	B3CC4A4F6FC19F9D60A98619784A93D503EA2538E0B1D2BB3991BDF04C70F1E13073767121FD8AF2D4D8D3A9D9A7674A7AE1835126D66C163BDAE265A56798BF
Malicious:	false
Preview:	.PNG........IHDR...m...m........V....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..'.IDATx..}....y.W}..?..=-h.-..XH.A.....&.......a..c...1..A.9'..2.8...L.$.....&..`.l...D8. .....>.....]....o...JzB$.................;...C..;.......R.C..).Li.IC..)...B.AL1......1<....a....i-..d>...c...{qN>...#.X..6...[v.m6.&.d..>..,[.......[....+h..b...._.o....-..F..fn..p.2.3.6.AJ.H]=..$z.M.Y..\|.y..}.ro.B2.......X..U.5...8.t.A3..Z...........3&\|..:%...o.@j.F;.@.ci.....[.._.1@@9b&.5..1~.7.%...ow5.p.....hR.mv...t..~.Z..L7...!S...IpC...8..<.a...?{.p.E.....V....1HW........9.D.i\...X.Cf.1uf..;5...!..4b...4....).Li.7]...B...d......Z..(....3..xc.2.p.....

Chrome Cache Entry: 394

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64998)
Category:	dropped
Size (bytes):	68901
Entropy (8bit):	5.356724459097988
Encrypted:	false
SSDEEP:	768:PH2q4D5xJTQQMiLKHdEeW0W68sHIiMnasWVByzZ0lcrzrXcl:uTH1KmeIi5/dCU
MD5:	501B8EB6120E4C66ACCA2B604CB91261
SHA1:	E2FC65B261ADD77CAA7A60E5AE31C6D54820BAA0
SHA-256:	D8DCB49319BD61CCD67610C592B1212BF50921FE2081F97BE84D3FA3DFF52DBF
SHA-512:	25400C855971AD2881784C7FCC9DA1B653E7705239F1143373C3E6F7159C544E342E4722688FE0AE785BD94BACB41D288C6AC6A08CCEE18119F94A98DDACAA12
Malicious:	false
Preview:	/*. ==========================================================================. * @tencent/aegis-web-sdk@1.43.6 (c) 2024 TencentCloud Real User Monitoring.. * Author pumpkincai.. * Last Release Time Thu Jan 18 2024 12:16:00 GMT+0800 (GMT+08:00).. * Released under the MIT License.. * Thanks for supporting RUM & Aegis!. * ==========================================================================. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e\|\|self).Aegis=t()}(this,function(){"use strict";var q,j;function _(e){this.name="__st"+(1e9Math.random()>>>0)+q+"__",null!=e&&e.forEach(this.add,this),q+=1}Array.prototype.find\|\|Object.defineProperty(Array.prototype,"find",{configurable:!0,writable:!0,value:function(e){if(null===this)throw new TypeError('"this" is null or not defined');var t=Object(this),n=t.length>>>0;if("function"!=typeof e)throw new TypeEr

Chrome Cache Entry: 395

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 313 x 313, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10656
Entropy (8bit):	7.932010847910039
Encrypted:	false
SSDEEP:	192:dqYYJPT4gghFpEJj2dJQ2wcT1hSqnURRJBvsSUv0p1:k3PT4EJin3wcT1hSqnUbnve0p1
MD5:	F561E3801404CE76F185066FB255EAD6
SHA1:	6AD3FA571900696715A1CC1D684E2050793F2BDF
SHA-256:	EEA0D44FCA098300A7D54F9454C936FCC494DFBD6490F2D3F9CAD56A772C6FD7
SHA-512:	847229EE9A5E7F7BA478775A2D495F5906DB8E4999851924C66B84572D6EAF4C57F9706E9BBFB7214853651E1F57F4B7588D89FD1397144FFBA5681C1890E290
Malicious:	false
Preview:	.PNG........IHDR...9...9......?......PLTE...........................................................................................................v..vs...........w..w..w..y..wE\|......w..wV...xr.........x..w..x........x.....x..w...g.........v..x.....v..x............@{........w..w.........t....<z.m.....p...x...........`.........x...........x..v..........x...n.8z.............o.......w...~.............y..x...............x................r........wv.........x...^...~..h.........................{..............v...z.......i........~.............^...........}..........................v....y.......s.................................o......K.................n...........{...........\|.......x..........}.T....l..o..i..{....g./?..."tRNS..`.``..;.E .........pp....D....&-IDATx.....@....Y.f.+L6f..L9.4T......\ga.{.....Wj.5.....W...}..Xd9.x...W..##..B.!..B.!..B.!..B.!..B..7S{bY.....X....d.<{\tE6#.y..}...

Chrome Cache Entry: 396

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1570 x 1235, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	199208
Entropy (8bit):	7.949718808846237
Encrypted:	false
SSDEEP:	3072:4CthhIhWl9r9cvgKicJH4ptsidifbavD1WZSycptum71/RkZxTQVSzaMbiaU:zthPRBk2TEf2L1Hyutjixc6aMY
MD5:	98E298488EA8B5C55A4A16734393D65E
SHA1:	9024EA8F496CD2AD0EA1555A0EFA908F02BEA544
SHA-256:	5510987BB85305D341050282B4093B29BDB440A1DE11C976D52A2EDB668617F9
SHA-512:	07CFAEB80F404E4281B1AECCC90A648F282D9381636A61E80C689F3CF8173381402FB1D926E4E94BC917B6833F3462539E8C9D47D7BB05D5E5877907FC239F18
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-3.88e518ac.png
Preview:	.PNG........IHDR..."................PLTE...........)...........................................................................................................................................................................................................................................................................................................................................................................................................................................................74-...)%....JC4.....vOLH....n....ygwpa.........ogY...YY[...[UFihkf_Q?>@...vvy-..........~....................X..............{....................?%.....zF...y.......wo..q.......`....\[q#......L.w~uD=.......V..I$X.......db..>Fg.q\......v....xx..k.W...."[.q........U...E....1..*...."tRNS................_.ierya.......1..a......IDATx............................................f........._.AUUUUUUUUUUUUUU.=8$......../L..........1c...(.n.>..B..J.,....kK...o.0 J.f...

Chrome Cache Entry: 397

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.702819531114783
Encrypted:	false
SSDEEP:	3:YA/JHaLWAiI+7n:YABHAWAiLn
MD5:	07AF6F1DDC7312D27CB0B3EC3C6A5F11
SHA1:	E14461D6C670B627DD5F6ECFDF493BD9B28A39B1
SHA-256:	851404A868D79418E64C0C164C587EB92B651B44DD5B0DB6544E7E797246ED7F
SHA-512:	BA3CF0F7367C2CE4D1E44353A72FB6B479926B9142B8A895FC9569EC1EC3FA0EBB844038873E76B90D93BB4FC60F65566A8E21F1CADAFB08B311B6A98822E285
Malicious:	false
Preview:	{"error-type": "unsupport-type"}

Chrome Cache Entry: 398

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999734396099774
Encrypted:	true
SSDEEP:	24576:lsOvIdXGMZvkoZp9FTmbRC4dKaiYKOoQAnzZSZBoKzFM/y1jCxsgFVe:uOvId2ckc9FT2C48UKOoFnzZSoKzFU8R
MD5:	36E83FA7DFB4AFF0A45A2F26A5146B55
SHA1:	4261F192A801EACEB9F9FBFF4A539B8A98507349
SHA-256:	0A69ECFC7FE4D4A89A06FCB4C5D706FCD7A98269CF7C307177131CF5B7C5F759
SHA-512:	463A9647BFADAA9A3B0B991CFAE7B6441159830564DEDADEC328DE328FD5DD1381FDC0774136F6E6EB560B80E80A30B3478B1EE6D88BA4E6CCEE3515EB020070
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:2
Preview:	......].qG..wh...~..X..fh,...\..IF..%....^U..\|...\|.....(.........T.m....(=+.#g....H....D..m.:t......oX.Dl..^A.x)<Z...3.k.e.M..s....q.X .#....I..m%..q..GHn...Q....jl.U.E^...g+<v.;..M8`D....:@.q.fz.\|.....q...&../....)..!..WZ....f..v..v..Q......?....d...t..3.....Q.H\|..=..".ux.,...hV.b..l.... ...w"..h.......QG..$Z..?...O.A........~2....xE..C..&}.$..g..a!.ySr<..5I....B/"......m4.}.^..~.B:Q.sgPH....W<_Gg.....mQ.L.a..5..........V..u.E.Xc.).jL.&F.4..OE9T..".I..kZ...S..M..n..j\|........o.......K#4...Prdd.J.....4.......o.y4..P.~.;...-!.....W..j.+.I..e.-..+..%XC.X.N..c...A..g...w=...Y.:..O.......P..R.6..n.....&.......%....W.=..i..\..v..b.h`.f....h..ke..6.m..7...$..%.xdb...(.C...z}9x.S....8.b..F.9.~..@z;e;=..d..7C..^A......IN...l....B....jT.I..#[?.u..].R.z...{au...]z...0....C...0..;:.......y...]..M.bt..#7E'......_T.6..f)c'..Z.....5]6?Eb.Q[...T.0.~.v.CY6..p.FTx......#......Y..vB....^^..!.h-.yK.q.WVl-....g.M.....>.cDF....=.YK.*}..............2...q9UV

Chrome Cache Entry: 399

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	55620
Entropy (8bit):	7.974861509667521
Encrypted:	false
SSDEEP:	768:3lkPULDSHgd2kbXfYzmBG4TFvRSRFpFC/Qixz2CFTYQVudXBCz0gSTHLKCDigKgX:KrMjfdxzSO/QqJrurA0tL3Digfs6E0
MD5:	798149665DD41BEBFA1A29B345D8A887
SHA1:	6C36919B12772F406A1E461ECFAF5EA8B208B18C
SHA-256:	3E9BABE314BE382C18E2E5C1D4E0914475AAFA0712717A8722181521647672D8
SHA-512:	D9C38A4811EA78BAF6838F423638E1547EAF42B3D9403F71B4E3D2F0C715397043AD902F51B931A992531ED77DEBEDCC1548D1D9A4FA5EAD2D8EC09CDF6E6E34
Malicious:	false
Preview:	.PNG........IHDR.............F..?....PLTEe]s.....8..FX.6...Qj....t...COh....Qs.Q......9..:..#(H...7.....f.....0..[.....SLc..........................z..o..s........E........VUj.........N......`\q*1S....fq....ldw...1G.nl.9:V......~...y....Ni..iwJ].Wd.A......;Bgdj."e.....vu.......?S......]Qt..{p.BJr...`QfG\.<N..../A.......5T....BU}Ut....IK[...`a~......U.....f..o.........z..6...%n..\|~.x....OY\|.....m_f.bu......$Z................q....{mk..........vp...tz.{.._.....1:_...NBB............Bx.%5j9^..yt.q....hXW[OM...Qy.:c.<..........A..q..W........9t.m.....\|_[/\|..........W.....W..g..:i.[......n.....Rg...........ia.....M..V..=...x..............Cm....G....R..){.;..B..J........w....."Si...^..p..~.O....=55...o??............n.qn.O..FP............Yf.R..P..c.e..{S..n....tRNS$...p.$...p.p.d.j.....IDATx..kH{e..R.utC=yD.... ..Z..../....B.]..Q..7..X...,-"(kdTPlTR.."....D.AH....=..\j..s.sn.......y..S..O=...:....N=..3.z.......Kv.Tg......?..

Chrome Cache Entry: 400

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.99966101034048
Encrypted:	true
SSDEEP:	24576:SHWH+aT8BnAZa+2Hgx9NXMtkXbU2T2falirf67:H+DASAskLU2irrf67
MD5:	6852A034B21C40ABE6640D6BA3BDC61F
SHA1:	9DA127E240F7BA9CE1D974D5C51DA971E5D0CF8A
SHA-256:	12FEE48588E9AEFE9948B2B73F5038F108DBA387945A0AB02C40E57AFEF613AF
SHA-512:	F2D935CA31C7AEBC645B4AF67735F4CBFD26A16B326177ACCC2994A4DCAFDBB3F355B6E008091CF564502E6EBEE61EDA46C1444CA9DC021153D9DC481D143437
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:3
Preview:	mEf..C......8G.".i...o...6....~1..0.f...L.........e.c.ZzB.1j.'....s.H./..1WN.......+2v..U/{.QB.h.d.A.\|.......D.......l.H.9...k$pD...\..mB?j..L..DF.g.-"...%.......:..oK..{..Z....1.8..h...(...VK;....n.........C..g....}...P.<{.f#dq1/..Jvk.....`....6b1d....;9......UA..u.c.M.......V...z.M~t.../..l.....:..........K)7t[.y...F..........Le.0...h..uX*.lB..740<..6F9...$I.0.0..z....q...F.;8x.x.C7..(..J.^..kVh.uq.Fw.Gg.[.Sn..$..E.ku...=..A.g.!.nAQ...H.......b.H...g.."O.p.......lM....^E...................b'...P,....5.........b.0x./.L]B0.W)U..7...~).D.7.3..&.k.Z.....{F..3;=.]..6)..+U..i...N..a..F.U.u=D@...ajN..ykn.j.k...[...y5#...flu..4Kh...'..n.UG.].C..u.......g..l......Y...H8.57.B.Q.2e....).)....4.. +ds.11dQ."k.V.....$.@V.5....B.$.k.dGO.q...v.....gm..+H.1@.......Gt..b'1..L%...T.7q9s..J..\|T..=._j.!..B.sK...R.....`....{D....Y[U..Cs.....j.m.\|...?~.Ua...+.J...._.Z..R.....'.\|.Z.t.`.,j.....z.8..!...iP.&...y....s./. ..b...k.<.....J.

Chrome Cache Entry: 401

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 183 x 183, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	8642
Entropy (8bit):	7.952672161123514
Encrypted:	false
SSDEEP:	192:OrERR6bZLvG4vapsqAXnvOOq3I1kTxXS9q3eBJV:MERR6bxfip/AXnvDl1kFXS9quBv
MD5:	2084BBD39F76B48EE1F28B841151E2FA
SHA1:	F669FD2C8219FF8A9D1035CA9B89524AF3FB55AC
SHA-256:	ECD9602F5FE036A031A7FAC1C9D862B3873F9EA20A7D8E93234BBDCE7835CFAA
SHA-512:	1A9DE8A43A438D08FB9B907DA8985B14C83D7A9AD9BBA606E10B6641ED65C349D34A99E4CF11E3506ED33B68EE5AC0428B8A83FBEE7D5B1EF2D8EA3B84909309
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-13.f040bb44.png
Preview:	.PNG........IHDR.............g.?.....PLTE....m.o.v.t.p.x.w.n..}.u.x.\|..~.r.u....x...v.v.y...{.x.t.....}.{.z.{.u..}....v.......t.u.k.s....v.v..\|.z.w....t.y.v..t.\|......}..}.m.t.s.r.h..\|.q.k.w.n.l.u.x.k.h.j.f.{.p.o.n.z.u.y.o.i.p.q....v.l....w....f....j....p.............n.......{.r..}.......z.q.u..........................~.r.y.t.x.q...z.t....~.l.x.p........r.....m.....{..}.\|...........x....e...............................t............x..........o.z.x.....9tRNS...... ....@0o.`?...............^@...o....^...P....O.PQ......(IDATx...k.p..........."..S..$-.M....i...R....... ..A...>..............y...Zk...Zk....s.......-Z......'{7w.T.....m'.F.V.j..N..I.Zt...\S...~.,.V}.f.Q.^..N..\\|}.w..w^...y>..,.<=..c{b....t.-.._...l.y.a.Y.;....9..E....=..V.n...?.F...O.,r..h.LM....t..z.m.......u..&..3@..fj..4M....0`..y.}l.........k.)....^...zf.....#-....^..0.$.Z.=.r.o.

Chrome Cache Entry: 402

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 814 x 1555, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	103063
Entropy (8bit):	7.978507916796797
Encrypted:	false
SSDEEP:	3072:ItSF0R3ulBWhFvTMnS2OWuYfROEH9+U70kyQ4q:It4O3ubghTMnSouYfzH9VL
MD5:	E36F69BFAEE8E4FF2CF071430B20D60A
SHA1:	A568FBF8DD6AF84F794FF8C2C563D9299D196029
SHA-256:	C6EAC38B55F2A38D1A081EADEBD3BEF2B5DF2A57C0C058BF03F6DB7E496997BC
SHA-512:	CDB4865B872273AA88D1AF36CA76F60FDAC8BF1BB7BC081F77517AD7D3DF1B142C8FEF0358C45E0BE0BAC9B0452238AAADFACFEE1DB685D24A4E258715F3BC2F
Malicious:	false
Preview:	.PNG........IHDR............."..M....PLTE....C..>\|.=u.?..=.................................................................................................a9MMN....................................................................................................................].......................................................o..............................................................mln......]]a...>=>...............dej%%%..........................................VVY...{z{....................pqx...x.............667........GGI.....................H.................~..sv.p......x1.........x}...............j......................r.....................N....................s......uU.................jE..............b^..`.......c>....B.g.J...s....N...iE.wU0.v.I......tRNS......JmS0l.....w........+m....4IDATx...............................sA. ..(u.K...u[ .C........N.EQ.EQ.EQ.EQ.EQ.}.tjy_z.G......Z.......T....o.?zD..(.k.:...`.J..H_..U.\2.3zZK....9S.K

Chrome Cache Entry: 403

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999710489093819
Encrypted:	true
SSDEEP:	24576:ijp3A8uQJJZQ15iVv4Q4g2sb3x4g50x+CE3baf6c:CNJJeXiVAQAsyu0x+3bQZ
MD5:	A4CE453A0A078C47A71F36C127360309
SHA1:	C7BBE3ADCB258CDF51DB814DC7FEF7452E2D503B
SHA-256:	869BE7C8F510F2F1BD9B8644650189A01A8AD9E3CA65FEE7CBFBBCD7E6A22D5F
SHA-512:	FE1C18A0E55170FD589EAC5F6B3140580DD208B80B9B47BDA72080E8E80959EF53DA2652A1463B72204DC7AEF3A6E3342103F9C702C33FAF4A9944F6448B6991
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:f
Preview:	......a)..j.C.E..<.E.KmC...:ZD.@..o......x.Tj.g.R.i&..:0....p....kE..^..Jg...E.n..1.x.<T...O...!..!..p..a...5.=......A.J..h.........5..._...r...q5'&za.h..u-.....'...!DW...Bn....ND.{E%....()Gg..R..f6_.A.c..Z5./.MJX.^`.=m.&-IP.+..........."..H..V.dB).Y.....#....x.l8.h...@.`.}...ED<M;.0...@.G.i"Xc.Ou.5.E..TE...Q..6.w.^...R...j.@A"}..#C....X.F6m.....;w~?......%...4\|.Z.?..uv.Q-.h...=<...$..U..6[.9.f..l....J..%.q!..cd#.X.........m..H>...q...8.%@.d,....N.J....5.\|....C...... ..@}...%.Z+.Av&.. ...K....U."-..\|.~..h..........."k]?...D..NM.2..E:IR2....W>/...i.qB.m.0x.....y.....v.Q..$.........T.{.r.R2.....)=]&..A!....7.....?x..Z.3.....uKh...."Y.....]H3&.Vi.;.B...F~.8..gw?j$.h......F.mk.......;%d.%H-..._vY...h..5:.....3.,k".N'._$..e._V..d:......X".d.TJ\P..K.[.uy...R.....2,....\xG.U.`h...<.".2...p.^...).Os.s..Wa..-Yu'.[.1.......F0..[.....0{x,W....wM'z..+.cO.q.,.....'.&.@..`.m{.~HP.e..^..i/U(.L...p.-C.."f+.^...j..hU\8^....E'%..q.9.QL3....pW.L...m.N..

Chrome Cache Entry: 404

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 330 x 330, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	15463
Entropy (8bit):	7.960717688850482
Encrypted:	false
SSDEEP:	384:IVvwNlQ7OjzqKWBQzfRYJaS3n+GiP4IEJ8J7:Ipk2qX3z+JaYn5iP7Ee
MD5:	05A71DBBA3D4953A14985CA4F13FC508
SHA1:	8335DD71FD30EF3DB08D1B2AEE9EAAB0DE35DDCA
SHA-256:	614584147BBAA7503AA7C73A769E5BC00119555104C0571236666458AD49C348
SHA-512:	6A77578704609DAA537B6FBA071A6B92B025E1731322A4288D528978C091540159E7E804DFA2B6F5D858E1A08D478D174EDB710EAEFDB98EDB3F97FB9D45FF00
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-14.6ebef64d.png
Preview:	.PNG........IHDR...J...J.....L..7....PLTE...j..,..0...........0..1..1...../..1..1.....7........q..0........3.....s.....3../..n.....1.....1..m..}..m.....1.......E1..^q$.....G.............................G........E........B..>..C..F..E..A..E..D..E..C.....D.....@q....By....A...{.......D...........A..Cn.......?..D..D..B..?..@.....E..D..D...v....Bt....Dk....C..?..E..B..?..A..E..A..@}....B..B..B..?..>..D..B..@.?..@..A.?..?..A..@..?h....A..?.....D..B..B.?.?.@.?..@.@.?..?..BMp(..@.@..>..C..A..?..?..AK....D..B.@Tp&...[q$...Xq%..B.@..A.....B.A:.......?..E..B..?3n-Eo).@..?.....A.@..@..s.A>o+..B.@t\|(\...@A...A..E..C..CU.... c....;p-..b.....0......iv%....n..6....O.....6.:.....9..3....g.<....[..Q..Q..w..U..D..J~.*..<..V..<.7Lz1..O.._..3..i..9..@..zu.7e.4Y.3.....<.;g.5W......&tRNS.. . `;`...@...0.o.p..P...... ....P.R.&..8.IDATx.....0.F..I.... ...........z.m.i....8........................O...;.P1.ri....!~=.c..!.....V..9.O...u...sP...q.b..d5.?^../.q. ....^..\.>

Chrome Cache Entry: 405

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 324 x 301, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	9900
Entropy (8bit):	7.934188853857167
Encrypted:	false
SSDEEP:	192:iXQaYKgrIxLoLg80C12RERhu8lRtLJbl+XdopI09PpztnWQfXUBf/ILSJfflE0X5:Et8rS80RR0u8jpHLtnbvxLIa0j9
MD5:	1DFE40576C21EC613CC401CE31DF6F8B
SHA1:	9C5A65C4BAB90F6B4D70F419B3462AC6945B85E3
SHA-256:	C2E7A0CBFF662D0692901ED08AA7EAD12D8E8F8556831A32E9EF42038ECEFFE8
SHA-512:	32D9D4328FCAC3097FE0EFA2D81BCA932E2677DF3F220785FA8F695838B2C436E9C4EFC52F72FD60ED21FE754845607F9361B71A0261A682187CC4CA62AABEC9
Malicious:	false
Preview:	.PNG........IHDR...D...-.....G..f...VPLTE..................................................................................I..............L.......................U........O..[.....y..q.....{....._.....v..t..d..X..Q.....q.....z..m..i..}..f.....k..m.....s.....k..d..i..f..a..............R.....`....................................................................\..............................tRNS.. .._@.p.0......O@P.....\...$.IDATx....j.0..PY..`......JZp....\|.,a.I.f..V....oV.pr6~q.}Gry....R.b....).....M..j],..r......}.......[.n.J.R.A...V.c....C.w..B...~...v....X..k.a...,....fE7..a.d9.X..H.N..n^..Pc.T...X.E.G..............~.F......Q..I.)R+..Xd..k.om2.....\B]J......7.....}9G.._sE#.P........{..}v.u$.....].Q_a.O..a.H.....+.........=.C".....uf..*..a<.=e=tp.....H......$.+A.....Wg!f_..[c.t......g.ZO...V"8x_X7b......n...+9.[..u.......i+.....).O......C.'cs...........x.a..'.....e... ......u.Bt}U.#...H..N\|.5}u...........f..?..].....#.ljBYvE.../a...w..}.2iN..B%.&..D.0..+.

Chrome Cache Entry: 406

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 369 x 369, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	16731
Entropy (8bit):	7.934811457314126
Encrypted:	false
SSDEEP:	384:t6tUvgyafgNzKZjCbA87llmXyul0WyL0s87eab9tjky:Qtc2szQjmzLul0Debf3
MD5:	FD86FD75E7DA848163C4B41CD0989D03
SHA1:	1819060631186CF29B9C070E6B84941A7F075D2F
SHA-256:	4690D37928F54D8FF0CEFC2CC93C8DF80E71C232BBAD2291D1A946994B571EC9
SHA-512:	17BE335FDE8C08AE4F4726DB63B05F733598221D58CAC002BCD8E283985BD59C5288BB03B9B1F4024A8ACF5895E528C64A8214282F369A8B21FA7809BC9397E3
Malicious:	false
Preview:	.PNG........IHDR...q...q......Yh.....PLTE...yM....xH.wJ.wH.wJ.wH...$.....#wwwmmm...........................j.......................l........i..........h..i.............k`V.....*.........\|um....r..........i....qqp.....w.I.....Pi.._][....c..._.........i...................................................k.....t..R..n..c..q..U.....L..z..X....\..f..<..w..A..&.._..F.....I..~..,..g..6.....9..}.}......../....O..[..`.. .....D....2..?..3..............N..Y.............%..........?...................F.......................U.................................,.......D..>....+....w.....m..2`............MSSS.....'..Z..@ddc[[[....=..c......Q.......MML.....:....x..k..a..Ov.............P.. ..i..F..t..b..m.......S....].............~H..g.(....e.....g...G..)....GtRNS..@6.+. . .......p0..p`...O!..e.......L.}.D.}`RN.@...........#..P..=.IDATx...............................:Vm...8~.v...(I..@..,}.$....N........u{<.^.]u.........B.!..B.H..v.Z

Chrome Cache Entry: 407

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	55588
Entropy (8bit):	7.967886615532094
Encrypted:	false
SSDEEP:	1536:ThSIDXg8xSi8lU9LTjUju7IkTKZFRY3D2gdOLlyE0x8AeXE0AGherWHUZs1:Thjdci8kLTsMcAT2bLly1DGIrWHYs1
MD5:	EB338AC3C26A1473324D01C330AC54DE
SHA1:	19C460EE023AA3716C950554E4598782AF6BDC11
SHA-256:	2D72AB4ED632E7D709A81A955825D934BA2EB2CCB107F1FD9D142282F1529008
SHA-512:	AEA5C5C9E24B1D4CD6D1D7742E221A68D1B39195CC99750044E2BC99706357C7A5D42A1FEA9EEA179E01D730A780FAB960555ACC75DE0D27200E9D8514EAC98A
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE............nnn............................................YM..nM;sO>.gt...TG.VK.[M._R.dq...bU.............RD............]S...kw...eX......VI.am.].p{xQ@.^i.eV~Ze.l`.^...xV`.........pe....h\rR\....o.`Q.^T....kOW.c....z.f.v...j[M>B.Z....M;.....o`.b.dZ.WN}RD...J79......X.qh....a5+.jb....d].}s.N;.wm..\|.......u.V?XFJ....m8O..Q8...'..V=?bKO..........nL.....kLGp@2.j.q- !.uUN................bD?.G/.aDp&,..{\|aZ>P/.zS.B/.j.yh.zj...@/2....V%..$.............og.{&.f8'(ES..\CU5.{..+.....s.];K/+.....yVAep..b.KGc.M(.R........zjn.........Tb.zv.p`0.iny....v....NX.rG..CQ....t..".......p..n.jt.K.z.3.../8.....^zL...k..z=.l.....^..M..^..{..[m.Z..F.p.%N....Nc...bI~...R.w....p..ORZk.OeC........o\|..z6:K..5.......tRNS...U2.....nF..4....IDATx..A..0.E.LRP.N.}..;.].8.x.\|..P.M..M.]?...?..B.!....."...Z....%P.U."...<E.A........Qk.to....R..J....`....)........>a..K&)C)U.W[.(....$..*.6......

Chrome Cache Entry: 408

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 6410 x 1040, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	458472
Entropy (8bit):	7.907759234052355
Encrypted:	false
SSDEEP:	6144:q6ekpbHldleM4XwMxMXV1V3irLm+xAVr6xhFUDe2D8SFUeOsSEiYzCQvhLB1zR:q6/bFCNXGyr65Ve2Deu8SRSvCCQdB5R
MD5:	E401FD858AC3FC57E1A2AFF07709E145
SHA1:	76AD3FC50BC33DA72BAAD02908A6BB570BE3735A
SHA-256:	A97F46B492FAA4048454C01F323B19652C54EC9CC4F3BB4A908F180487A84897
SHA-512:	0ECFE22F481A000A096F7D6EAF5AC651BF20B383BE51F7BF5040CBF9C25A9D7852F76EB281815AEE02094A7AF8B7515753BCD76BF9FD42A0203C58B34E632524
Malicious:	false
Preview:	.PNG........IHDR.............9U./....PLTE......hf[.....................?8?.v...........}..4.pho...\|l.irX.aQq.1..YM?LGH........^V_.\|<......bYZ.7..........x.....v.r>0M6+...\|x.U5.o9s....A...UH...N.#......n=3..E.rC..x.......B...\|.......-....l...o.@\..T$..............z0.......u.......o'yI)..................................3...S5.....g...<.................~.......I.....g..g2"....e~......r...Y........W.................]...0mC8.~....k..I.w. ).........x.a.....t!.3./...gP..P......5....r...........p.r...b..o.b\a..._\|..tB- *G..PGy..\|. .....;.v[RJP..V.a....Q .^...l.....nj..~.........^pnr.........P..!..P..{.s......N...jB./2........S]wQoq....th>[.O..dB...2_Mc...+.w.h]....Q7L......c....I.....J.{..;d.....%.....Ut....<...T.. G.]..p..j.....t.......=O..5.9z....wpF.c.....HtRNS..+)GD..~d..c.....7.m...J......R..............c........k.........;B.....OIDATx.........................................................................`..@.........TUUUUUUU

Chrome Cache Entry: 409

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	55588
Entropy (8bit):	7.967886615532094
Encrypted:	false
SSDEEP:	1536:ThSIDXg8xSi8lU9LTjUju7IkTKZFRY3D2gdOLlyE0x8AeXE0AGherWHUZs1:Thjdci8kLTsMcAT2bLly1DGIrWHYs1
MD5:	EB338AC3C26A1473324D01C330AC54DE
SHA1:	19C460EE023AA3716C950554E4598782AF6BDC11
SHA-256:	2D72AB4ED632E7D709A81A955825D934BA2EB2CCB107F1FD9D142282F1529008
SHA-512:	AEA5C5C9E24B1D4CD6D1D7742E221A68D1B39195CC99750044E2BC99706357C7A5D42A1FEA9EEA179E01D730A780FAB960555ACC75DE0D27200E9D8514EAC98A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-10.de84dd3b.png
Preview:	.PNG........IHDR................u....PLTE............nnn............................................YM..nM;sO>.gt...TG.VK.[M._R.dq...bU.............RD............]S...kw...eX......VI.am.].p{xQ@.^i.eV~Ze.l`.^...xV`.........pe....h\rR\....o.`Q.^T....kOW.c....z.f.v...j[M>B.Z....M;.....o`.b.dZ.WN}RD...J79......X.qh....a5+.jb....d].}s.N;.wm..\|.......u.V?XFJ....m8O..Q8...'..V=?bKO..........nL.....kLGp@2.j.q- !.uUN................bD?.G/.aDp&,..{\|aZ>P/.zS.B/.j.yh.zj...@/2....V%..$.............og.{&.f8'(ES..\CU5.{..+.....s.];K/+.....yVAep..b.KGc.M(.R........zjn.........Tb.zv.p`0.iny....v....NX.rG..CQ....t..".......p..n.jt.K.z.3.../8.....^zL...k..z=.l.....^..M..^..{..[m.Z..F.p.%N....Nc...bI~...R.w....p..ORZk.OeC........o\|..z6:K..5.......tRNS...U2.....nF..4....IDATx..A..0.E.LRP.N.}..;.].8.x.\|..P.M..M.]?...?..B.!....."...Z....%P.U."...<E.A........Qk.to....R..J....`....)........>a..K&)C)U.W[.(....$..*.6......

Chrome Cache Entry: 410

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	71635
Entropy (8bit):	7.96894871105753
Encrypted:	false
SSDEEP:	1536:RppHnC8DL4KgdMu8m42e3X9e+CA+4Z5xZKtJLJ5mCB9EWizMv:R3nCsL4VdD8V2LA+m0rLvmG9dizMv
MD5:	4F355848BAA5C5919CAE6C6B848396F9
SHA1:	FDD7093F94E6024F1C4755AB29D7BEE6CE15791C
SHA-256:	50133CDAE17EE8E49099E7DAFF2F72C8EDB83A452C507D464259E5D6BAD4D7FA
SHA-512:	CB5D9619708F1AB3615174630C1ACF1ACFDE3E725A87C26B56188F65B8A8FCB2CD74B6FAB8D3129AF794615758F7D14D19E69616982C75B0581421229B194056
Malicious:	false
Preview:	.PNG........IHDR................u....PLTE...........nnn....................Z:.dA.kEm..q...^=.....\|.........eF..x..{ .....R5...v......kL.yL....!.r...sK....rF.....u.................zS..).6%....$+g...oS#bJ......".......>..O.2!..U..V..o.(.....&,..)\|......`.rZ9...bJ..L.....e..<1.,....J(~(........z\.>#.K/.1fL...0/.....Z...F4..X...6..#...................d.yf.>,..............+....Q+F"..............c."..l.I2....A.........y...2.........<jO....=0.P=....H,........f.7..W6..p._/...n]....8$..J......cR.bA.+..E<.}......v.'........m..K,w+...z....!..AKoU.{..qI..B.P..;'.......iS...HuB).?.....[;.UG.j3bx].U4.V2.pA.N.l....`.......y6.h..(...nb.ZO..A...........x..Q.Y.lSB...d5.......O[F.Q.a..<.y..ou.l......r.g.RA.N.v.mf........~..d.Y..u.^..+....s.....3.~.W4-..!........FX.O....tRNS...T2...n.S.....vIDATx....A....E..=B<N.K.i".....MP.....T.A.<.....m...Bbo.!..`-ha......@q....^...7...]"F...<...w...............ZV...+....!...j.n..bi.H.p.l.cW{.v.........v

Chrome Cache Entry: 411

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 627 x 1356, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	73157
Entropy (8bit):	7.982897369993432
Encrypted:	false
SSDEEP:	1536:ZVdrqf5fw1w5hPYHZYVBwJB+eok/PQk3P3dsDhWFTuV2ohO:dMSWhPYkwJ0NoQk/3dahGus+O
MD5:	3D2EC3CAD68BA80F42BD7FCFAD6628DB
SHA1:	46404455CECBAE1AD6DC512B516A1E3F2395F023
SHA-256:	443957598B75DAAD3A309B891A9C0A53DEFCE21D4B0C8AC9AB42D6E03009EC51
SHA-512:	37BD42C05BF8DD32904B0262760A176A6CF524235EA4ABAF2078F2719C3E81A0B468006BB9097061D3B4637F97FC18EDECEEA8B5028176BD704DDAFF962FECE8
Malicious:	false
Preview:	.PNG........IHDR...s...L.....c.......PLTE........................................................................................y..........\........................ ....................LLL......==>.....'......i...........J...........zz}...............................f................................N............U..........................]]_...^^t........ZZ\.................bc{.cX.lkm....XWov.....S...............,0...........R..d...........NJ_........P...............TPfV..21EFCV.........x...WL,..>;N............y.................~...................v..:..........vvw....nc.................Z..........!....tm...........KB.......{x %:jm........yj...u{.....w5............]Ye>>...........QQ.x..jg............@h...nmN.2...iZT......C....Y.....tRNS........f....mIDATx..Aj+G..C .72.Y..2.....A..,l\|..M@........\|..[..^......\|.W...Ii.]3........g..b..hs}..~.^.t..n.2\...f.d.S'k..R....q2YN.6.ou..$...M~.......:g.....1.8b..M..u.

Chrome Cache Entry: 412

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65462), with no line terminators
Category:	downloaded
Size (bytes):	70935
Entropy (8bit):	5.430529487250691
Encrypted:	false
SSDEEP:	768:hMbVPfhLTXrJk2RbKaUgEKCDY3P3bgAkn8:hMRf5bi2NJhy8
MD5:	11524DF85EBD860F62B9FCF12E871306
SHA1:	00726F7883F50D46E8448C8672A8E925DEF26A20
SHA-256:	DDB778C06C7567906A7A2A8F60132EF81EB97C93BC939A83DC5B273485A4476F
SHA-512:	67344BF5F821BFC5D0DD47045E323879763F833473A6C09AD1BCF8E4C25A9A76176B3C1ACE8BFFDA1E2462E3D3BB2ACD035A2ABE977696A5B5F7581E559A5368
Malicious:	false
URL:	https://qq-web.cdn-go.cn/library/latest/qqapi/qqapi.wk.js
Preview:	!function(a,b,c){var d=b(this[a]=this[a]\|\|{});"function"==typeof define&&(define.amd\|\|define.cmd)?define(d):"object"==typeof module&&(module.exports=d)}("mqq",function(a,b){"use strict";function c(a,b,c){var d;for(d in b)(b.hasOwnProperty(d)&&!(d in a)\|\|c)&&(a[d]=b[d]);return a}function d(a,b){var c,d,e,f;for(a=String(a).split("."),b=String(b).split("."),c=0,f=Math.max(a.length,b.length);c<f;c++){if(d=isFinite(a[c])&&Number(a[c])\|\|0,e=isFinite(b[c])&&Number(b[c])\|\|0,d<e)return-1;if(d>e)return 1}return 0}function e(b){var c=window.MQQfirebug;if(a.debuging&&c&&c.log&&"pbReport"!==b.method)try{c.log(b)}catch(a){}}function f(b,c,d,e,f){if(b&&c&&d){var g,h,i,j,k=b+"://"+c+"/"+d;if(e=e\|\|[],!f\|\|!Q[f]&&!window[f])for(f=null,h=0,i=e.length;h<i;h++)if(g=e[h],a.isObject(g)&&(g=g.callbackName\|\|g.callback),g&&(Q[g]\|\|window[g])){f=g;break}f&&(R[f]={from:"reportAPI",ns:c,method:d,uri:k,startTime:Date.now()},(j=String(f).match(/__MQQ_CALLBACK_(\d+)/))&&(R[j[1]]=R[f])),C.send(k,V)}}function g(a){var b=

Chrome Cache Entry: 413

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	53552
Entropy (8bit):	7.957624598794933
Encrypted:	false
SSDEEP:	768:pOhnzpYr0Vl0+0oe2wWkshEJarHNjpB/TvoYgUHhzwp2G7cZWd8MixCRpKYFjAcj:UhnzCa9PF2o5ProcHK2YcZVCbKYBAcJt
MD5:	2BA7372C1CC901630FCECA0F23915FFC
SHA1:	F317EBB8E6D879F668357AB8240579028A67CD59
SHA-256:	8C69F057FB44E6A4E9F51B9E6DB35CCFE7FA089FFFBE266CEBB3A502379959C6
SHA-512:	AFA9724E6258ACB6295E15B16A03197BD4AD3CADAF764E1A3587A7E67A1A138E4A16C71C54495063610D5737C834DB0B2B2C8862419BD8BE11300946ECC8EA6F
Malicious:	false
Preview:	.PNG........IHDR.............F..?....PLTE),J.....5-'87R.00F...Lg....E[._s.:Gsz....=v../<tfv.,@j.....Oh. 2.. 2+;".......)"#77.>../("2-&6..).....1....9(%8..##&=;2C,)=0-C..2.."..8...$F..@&*D....0KA6H#4`..X-;c$-M.'PC;N+5VKl.........65N...d..Pq.J@SFc....Wt.7:XPDW..;\....3Gu-?l............K..<S.X}...`..C^.+<w...<?^...k..7M.......5Q.%7lSJ_{..Pa.8Dk-C........aPbr..?k.8O.8O{u^m.....~....jXi7?..........6Z.......CLr...H.?........y..BV..q~......j.......~hvs..BX.EHi.................p..U..I..../H..~.CR~m.........y.....Ti....FZ.f..Pc.m..w...........Bx.DAb6!/...l..E_.at....S\.`x....W7IZ...^HW...`q.....g\|.Y..?f.Xj.Kd.>F.SQkY..ap.oN`^..MTz......v..S..n...z..[g....h..om.H.....i.....h..Y..Fi....N..{w..s.[Ztx..j..{..Yo...tz.Jx.UX....fc.......h;Q8..Di....Z.....+g.<X.MM.....F_.........k.(..=....tRNS$$...`.`..```.````O.T.3....IDATx..[L.e......!]qa.omiK.rQd.5.....`.....%.C......Qc..p.P.S..7...EC.).q.6.1$:...y....!...mYYh.y.....?.[.....n.....5..W7.~...z....L7...o.o..

Chrome Cache Entry: 414

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	71635
Entropy (8bit):	7.96894871105753
Encrypted:	false
SSDEEP:	1536:RppHnC8DL4KgdMu8m42e3X9e+CA+4Z5xZKtJLJ5mCB9EWizMv:R3nCsL4VdD8V2LA+m0rLvmG9dizMv
MD5:	4F355848BAA5C5919CAE6C6B848396F9
SHA1:	FDD7093F94E6024F1C4755AB29D7BEE6CE15791C
SHA-256:	50133CDAE17EE8E49099E7DAFF2F72C8EDB83A452C507D464259E5D6BAD4D7FA
SHA-512:	CB5D9619708F1AB3615174630C1ACF1ACFDE3E725A87C26B56188F65B8A8FCB2CD74B6FAB8D3129AF794615758F7D14D19E69616982C75B0581421229B194056
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-9.348ed857.png
Preview:	.PNG........IHDR................u....PLTE...........nnn....................Z:.dA.kEm..q...^=.....\|.........eF..x..{ .....R5...v......kL.yL....!.r...sK....rF.....u.................zS..).6%....$+g...oS#bJ......".......>..O.2!..U..V..o.(.....&,..)\|......`.rZ9...bJ..L.....e..<1.,....J(~(........z\.>#.K/.1fL...0/.....Z...F4..X...6..#...................d.yf.>,..............+....Q+F"..............c."..l.I2....A.........y...2.........<jO....=0.P=....H,........f.7..W6..p._/...n]....8$..J......cR.bA.+..E<.}......v.'........m..K,w+...z....!..AKoU.{..qI..B.P..;'.......iS...HuB).?.....[;.UG.j3bx].U4.V2.pA.N.l....`.......y6.h..(...nb.ZO..A...........x..Q.Y.lSB...d5.......O[F.Q.a..<.y..ou.l......r.g.RA.N.v.mf........~..d.Y..u.^..+....s.....3.~.W4-..!........FX.O....tRNS...T2...n.S.....vIDATx....A....E..=B<N.K.i".....MP.....T.A.<.....m...Bbo.!..`-ha......@q....^...7...]"F...<...w...............ZV...+....!...j.n..bi.H.p.l.cW{.v.........v

Chrome Cache Entry: 415

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9918
Entropy (8bit):	7.962775403040729
Encrypted:	false
SSDEEP:	192:yDjwcupsSrn2B+S3PaZRVJce/Mb6FvQ9zVP5hHM1jAQ:A6Fm+rZ2kwumpP5hHM1EQ
MD5:	F69698E47D99D8CEBC84D7CD529904F1
SHA1:	74BFC9525829B58B49C67B4262229EA589F33994
SHA-256:	8420A3DDF47F8EFCBDCC0A483B2CB8C949E02EB99930AB1F15755485C0EDE91C
SHA-512:	34333AA0961E858B50EBFC67EAC10EFCA1347901F5524D85D05BDD97B2E6BB822FF9D7367A0BB8AC6BE1FB0B105B44D3218EED90293AB285362BA4D48E4236FE
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-8.492bed09.png
Preview:	.PNG........IHDR.............B......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..$.IDATx..}{.].y.o.rE..ER.......E.."Jmz..]..l.M[...4V.0J6Ec.-.J..HE.-R.E#. ....y.fb...rb...zX$.(sE....Er.Lf.=..o....s.......s..{.7....9................"z..u..=`..sTS.)s.`.'.RS...E.r\m...9.L...1:.....ty..D..).H..6....v...5...Q..}..(;..uD......z.o..........X....@.{x.S..d..S.......A&..r.$....4.Rs.A....\|.Ga....UD.t.U....<..zr.[..."I...r.}.@s.....l.VDt..$]...........xR.5.. ...H...1..X.P.v.?.....O...#b..I..0..n9.....~.._..'....\|....!/Us...K.H.%D.i..n.$H...`...../=i.O..U.a..3....$Y"...i.m.h. ..............Y...h.w..$K...S.m.$CM...'k*X......!.d.`U.H

Chrome Cache Entry: 416

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	34850
Entropy (8bit):	7.97508088854308
Encrypted:	false
SSDEEP:	768:08UOOsZBoSdrXgf/mz+KOGesdq3xNeBG5GUEB4r:iO7oSC/mCbI+HoINCy
MD5:	39E35891E9266850A457CB7B868C3760
SHA1:	562C2FAA7DD1DF7D34DF09146E2058A5F8CFED6B
SHA-256:	3768E6BCAD89790FD98B0E234AB256DFDA9654646060D672A8686207494DF7B2
SHA-512:	6C0640E08525989DD15F07282474002A806C8AFACBFE7888E40FB876C7179CD6025D90B9781DD966CCACDE16FB1774E1F1A99652BADAAF68C2F69C996E6F1548
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-ql.44e6743e.png
Preview:	.PNG........IHDR...x...x.....iC......PLTE...5/0DNm1,/..802#..##)=E_..n.xt....i..",.BJd...hD#...BJf.r?Q8$..O...S.so.sL&..A....m0uP(....yw.zr..C.~=.j..`.(& .#$#'*//-1..................315958....,.74)&...#%/9/+...;:>......,$#......%.#..s...).....B>A.~"..24= ......mQ8#..)+0>=,".x.g...HCFA4...nK,...aG1!2$..qK9,..y...`CeI/2..;%.[>%.h3 )sP/iE%..nV?/..FNHK....ejM8C46.].H.h2.Z.@R0....\9.F+.._...[1WKN.n:.Y.v\SV.a5....uT9f?.16I.U.P.{@.R.K.d7.wC=&0rF...D.Z,\|S/..]..L.S%.j............[wM%.P..O.Z=.q9...]A;......O8>z[3..B:>P.....k@.7...dA...t6.`-.:i_].d......ukj.....\|O.....{2..L._%.z..V!.i+...WR.c\.nk.sgtKL.l..tL...x~.o.KH..a.up._..r&.4..._`.7:.~............qo.}Q.]Y...............^y.........t...........\.....vMe.XT..j.WT........i.-.......'....)tRNS...0.S.i..%.........L.L.t....l.......A......IDATx...n.0.......%/a.W.~"K.\|..........w~..M;m.Fn...)$...ccg.....g.y(I.........R..=....yT.......w..}...O.JR*....\|=...&.2.>

Chrome Cache Entry: 417

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 362 x 362, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	13803
Entropy (8bit):	7.936047500471041
Encrypted:	false
SSDEEP:	384:XToMW/+wWSgfERy/c2BT7ESs8HaIcHQDsZbW4K:jW+wrg8YBUIaIcHQYRW4K
MD5:	81D7CB8BD7DABF68B4708E360C1A3AF9
SHA1:	B37EDE8F179BF294F55D6E8A7F3A6E485D17FCDB
SHA-256:	32C09443BBAD070BE70434F6677AA6526231809752E1351C7408E2902C5AD858
SHA-512:	739898A682022545643C9A9320152E0A4E94432FADDAD13E2BD2763A634518494E7450DA39C627F7E0923EAEDE3B7DF185BE7D4658DD15BCEEA7E883CBD97257
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-1.31d4bb78.png
Preview:	.PNG........IHDR...j...j.............PLTE.......................................................................(............................................................................................................................................................................................"................X.........................................................................................e...................r......l.._....`............z......u..q.................._......Y....[tRNS...... .@ .@.@0.._..oO ._.`....p .._O......`/........oO....o@......o..... ...l....3qIDATx..............................].{m...x.fP.>.U....){..p..b.......(..y.C.&..._9'......'..{.p..sn.......90@..z..W....7...e....O...........O.._/nN......8.M.h.y..........G.O...6P.Nq.B..h...O...s...t..c........Xk.~.$Ib..~.....5.P....^.1.&......`x}.. .6*.g+.E....n...6.....Eib2:..y..M....)7`.i.h....(...Ug{...s......c+)mm....V..,.lw......<..4....j'=...5.......u..62.."...4<..

Chrome Cache Entry: 418

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	47110
Entropy (8bit):	7.976803512948249
Encrypted:	false
SSDEEP:	768:9L/Dm1LC5bpkhvjZFXEHBWDiR6QvYUs1TC+vLyq7TeZLWYTEeNbZcib/jppeR8GB:dmRC5bpkhVFX/2k1TAcyTzJdXpAJ0jKz
MD5:	2AB8F5C5A6C57CE00974E904430044B7
SHA1:	DE1C4F98727E300F9F491CAAFD9435C8EEFB8B35
SHA-256:	4B320A69C7597D83F9F331A715BF923613181AF8AC32D014EC40E28B0C6880E0
SHA-512:	35C0488B00B9E25681B446EDF82F9F8AB648C230CA44053BFEEC2E8E26B33C9C2063F713A1459710E3537664E91E9D737296074230010FE7496F5B5DD4E4939F
Malicious:	false
Preview:	.PNG........IHDR.............F..?....PLTEM=.\R^4,5pr..B..<......9..).P....$J.......9V.@[...'....rU=).x...E..Z4U..h....z^H/.~Vd....H.....pN........G5%%....lS4.vY.i.Ja.......z_....^..s.tQC?.........}.....&O.VHd^Ul~g.uZAxeL`[W.p.F<5zU..kQ.............RJO.}....h}..o..tD:D..wqgkf^_Q.nH9N.~jZo]s......{o..id`..h..l..K8....h.[C..F)....4~.......of.........8)".[..s`.p.8..`I@sUYcVG..p........../IZ.V1.sB/.kQwl.....+e.S.........]..lg<%.\|\..W.\|.OT....v...'".......^IUj...l...{GQR}..A..Scv...m.............&...eMS....Xa.%2[.....no..{..`m....4.5...u..J@V...}..{.....yJ..O8...lm.Xc.K.3.z...pL...8.............O...f..i:vn._89....~u>H............._l/..x..xI.c...4Dp.......S[B1......E..}R!...,.d%..s.I..............2.%./.Y#ap..u*.V...3b......e....7B.w..za.]..eb.Q.Fv.@.......tRNS@...'.......IDATx..kllS.....f..H......GN..WB<.....kB..!..A#..Q..-.IP...1M...f.j.Ns..L...(.D.A................K....O.}ZZZZ.Bg..Q.N.D.=..D....P."..^..#Vo~.J..L.wFY.D.......(.~..

Chrome Cache Entry: 419

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46455), with no line terminators
Category:	dropped
Size (bytes):	46455
Entropy (8bit):	5.9299458295873135
Encrypted:	false
SSDEEP:	768:iBL0qIOc1YFobig3h2/HoOAwrQa9TC9Xcu+X36YsSzpdEyc90UbVEyRIKsW/78Bn:gez0HRSa9TC9XcZ7TEyc90CVEyRIKpO
MD5:	C61BB0DC32449268750E84924646CB78
SHA1:	1FB8F8EFAB22D6C5A32CF2E787AAFDD012D7A3FA
SHA-256:	ABE43BEBEE4A0185AD6707674C089D0E5AAAADA2A3938DD514A47B707C1754E9
SHA-512:	EFE02FB842EEE3C8141927B67466A06D17FB75637871F8F6303651A6125B04008CC1D6CED78F1222C3ADEACCBA2F5C48E46AE675798A8F5DC66F7827EC87E66F
Malicious:	false
Preview:	!function(){"use strict";var e,i={2029:function(e,i,n){n(6992),n(8674),n(7727);var t,a,s,o=n(5010),r=(n(4916),n(5306),n(4765),n(9653),n(3396)),l=n(6623),c=n(4870),d=n(5678),u=(n(2222),n(7139)),v=n(5082),p=(n(1539),JSON.parse('[{"name":"\u6ce8\u518c","link":"http://zc.qq.com/phone/index.html","pvg":"immobile.menuzuce","datongReportValue":6},{"name":"\u5b89\u5168\u4e2d\u5fc3","link":"http://aq.qq.com/","pvg":"immobile.menusafe","datongReportValue":4},{"name":"QQ\u4f1a\u5458","link":"http://vip.qq.com/","pvg":"immobile.menuhuiyuan","datongReportValue":3},{"name":"\u5e38\u7528\u5e2e\u52a9","link":"http://url.cn/OLVsaa","pvg":"immobile.menuhelp","datongReportValue":7},{"name":"\u63d0\u4ea4\u53cd\u9988","link":"http://mma.qq.com/feedback/index.html","pvg":"immobile.menufeedback","datongReportValue":8}]')),g=JSON.parse('[{"name":"iOS","link":"https://itunes.apple.com/cn/app/qq-2011/id444934666?mt=8","version":"v9.0.75","icon":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGYAAAB+CAMAAADhhJSm

Chrome Cache Entry: 420

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 121 x 121, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	9080
Entropy (8bit):	7.97339212610903
Encrypted:	false
SSDEEP:	192:saDQLp60sEUE14XW4ExN7SMZ3G5naQaf6r2j9L6/JdrBPJ35x:stz4G4ExwS3G5nK6r2xcdrBPJJx
MD5:	CCDBDFB8D84B291EDB24946BE9957719
SHA1:	27DB831377AAFFA4FA6FF912BFD23F28B5D068D1
SHA-256:	F75DBB19DB6774F7246351423A6ED594271D5A5BED4436DB59407B2A2A7DFA5F
SHA-512:	3C58717534262F153C943FDE25C26AB6727919CFBCE0DD76BDCD3173303D8A9015E53072A53EC49B6568F6C74EBD0DE7EE385235C55041D744A1D7DF5C30E9C8
Malicious:	false
Preview:	.PNG........IHDR...y...y.....$~{....PLTE.............TD........Z.....{.................S.. ................lK +1..S.... &.........rM..z....lJ1>F..$..............!.~S....%+.......#_kr....b.....S.....#.....~............-8@..t.oK...\|..Udm..!.....b..X.ZH..............!.........@NV..$.........>KS......Xgp&07....:B0<E...-8@. 'Q`iUcmCPYVeo.........2?H-6=.............)0Sbk...Yhr...[is...ES\9FN28!,3......N\f5>P^g......LZd4AJHV_...]kul{.)3;........JWa#.5....&-fu..$+.")...bqz<IQ6CL......^mw...LYbds};GP......HT\...r..&1:hw.o~..fH......v..jx...........x.................anw....lI.......EOU.pJ...............MD...\|........_G........M.XE......xP....g.vJ..\|.~T..a..Y.....s..n..[..W.....f..`.....w.....i...ku{....S.........[Am:0.nG\D7.E6......P<:0-S,'.......e.V{p[.zP.dD.D6.}.r..j..Z.{KaD.....HtRNS.1..76....3..4....7....V..:&.........~of`T@76....w<+......w......=.aA.....IDATh...O*W..M........}.%i.i.>..}.C_<..d....(.Z...h.......0.D....r.H.&....7...!.......f.%..\|k....}F..K/...[.

Chrome Cache Entry: 421

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	49
Entropy (8bit):	4.57349453781615
Encrypted:	false
SSDEEP:	3:vA6eihKyWMSz:Y6e8WMSz
MD5:	694953902603885864ECC3388D5C2BFB
SHA1:	183D31BF7F93C6ECF488F24C32992720F525085E
SHA-256:	D20D84B7545FBDE8CA7E28980FB446300A4C22D0E762A0061B66AF0B0790140E
SHA-512:	26EB1EBB1E46A0660B46C3574FF9484306E25726431D372A57C85E94086912E184CA7992C417D80DA800FEA5B0FFA68539E215C3ED2B6C39402AC994F6BBECF3
Malicious:	false
URL:	https://v.qq.com/cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1
Preview:	offline_log1({"data":[],"code":200,"version":-1})

Chrome Cache Entry: 422

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 223 x 206, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10534
Entropy (8bit):	7.972168833531366
Encrypted:	false
SSDEEP:	192:e/2Vsi7KFbmNSR5OZBzfILVeUVjBgCqXxGJhfpkvl5khLBNL1N61dRODFbd:e/2mFeowzfufVjBEYivvkhLnX61dROn
MD5:	A1E07D3D8BB55DFC2F935D7F9728CE02
SHA1:	6D2E229C15B8473419E0E7073D63042EDA7C09F9
SHA-256:	8B8D55DAEAB9F04B425E058872184714ED1C6C1CB9DA644C7E43A0A2CA2B06D7
SHA-512:	6CCDEB90D25AC0F24A8C28F78C9F082C77BDFD7A3555F6CF5C1E81E19A1972B69A8DF2EB2BD8C913CA540BCDA3B931534144C5AD714BB7CC476D656546F8DF9B
Malicious:	false
Preview:	.PNG........IHDR...............' ....PLTE.....................................................................................................................................................................%..................3<.........i..........`.................y........................?.....P..............................u............................g..............KO.6D.........GO{...<F........3B.:G.......@L....1;..t...np..{.n...+5......./9.7E.M?...F..1;.................................................................................................................................................c...'.o..8....O...C..X..N...4.z.........&.......J..b.!@.......20.....]...4.W.+;....................*.=....I.#0....sh.......&...........`2..%...y....Y<.DJ.CR.Y.....tRNS.........................................................o.."...............C..,....2......I...^....m.!.J..?.\....m...............v.........%>IDATx...............

Chrome Cache Entry: 423

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 162 x 162, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	10030
Entropy (8bit):	7.969577421383059
Encrypted:	false
SSDEEP:	192:h08XUPI2MP7s4plUGogmWwG8Rjzqk/sC2EPSRdP0CVLeEuF0o4LnHx8v:hDAuP7gKwG8VzJUr8SoqpumnLRa
MD5:	1B8B3CD8AF61B7F074E1C8373A382ED3
SHA1:	342B8CB70410BF48042C7CD65BF61BC8F72BF07F
SHA-256:	C96B0F69D6FF5DF29E5E17A02F0947EA4D2181E98DB8BA2C9E878D5000BD5997
SHA-512:	3BA3108036616702136875F20453AEE43995C2E936CEE6BFE53DCACFF2C2F223172FF4CB9114AC45A0359CB829464871FAC6181113E2E89B9AE5001BF2664E6C
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-4.8c005656.png
Preview:	.PNG........IHDR.....................pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..%oIDATx..]..]Uy....@..A.#.Z....bkm.}O...9......}.m.....v...jG.T..9.J..[u..GP....Z....<s..<.=.....Z{.s.....g}w..{...~~....6PPPPPPPPPPPPPPPPPPPPPPPPPPPPPP0......u.&.\at..PJ.@..(Dl."..m%.5T......Ce....L.1;((....r).'..........K@...b....1.,.......A[..@...D.KirI.m...w...S...4.s.P.,.>{..Y..S....#W..1........T..>"..f-....E....csP....H..=...<,{.L.-((Dd..oE...).C..R.mL.M#B....%SME.Y.j.S....=...z....a..K.o".....]C@C.@:W<.j...#.E....$`.X.......i":/vC^.v"..N...N%.#(..S"..:...W...y.....Q9.-D..0.haD.<.uy.;.D.s.qds%.j...H..TLPf...ep=.....{h...=........cd%".

Chrome Cache Entry: 424

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65458)
Category:	dropped
Size (bytes):	164836
Entropy (8bit):	5.4141536255986855
Encrypted:	false
SSDEEP:	3072:lypM2Ag2xOO2NPrUE8Pbq6FXj4dlkCGfdJ6dK1m8wqTY:lypM2AHOO6r6FXj4dlkCGfzTY
MD5:	0F0C9E1EDDAEE7BB222D26EF9F59951A
SHA1:	11F609C9B805C356F0BC18A30FFA812BF1DD1902
SHA-256:	E0C78AA993AF098837267BA6E735B477702467F3F372D63257F04FEE70C0B347
SHA-512:	60EAA254A94A40530B2BFC19476057E2755CE670380C8D652CC1CD2977095F98E7825CC6E39F7CE337CA6922785A05D94A58A57B114DE23C64D923788F780829
Malicious:	false
Preview:	/! For license information please see other-chunk.ddf042d1.js.LICENSE.txt /.(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[256],{7268:function(){},402:function(t,e,n){"use strict";n.d(e,{p:function(){return r}});var r="q"},3936:function(t,e,n){"use strict";n.d(e,{s:function(){return c}});n(1249);var r=n(3396),i=n(7139),o=n(7261),a=n(402),s=n(2482),l="".concat(a.p,"-dialog"),c=(0,r.aZ)({name:l,components:{QPopup:o.Z},props:{modelValue:Boolean,visible:Boolean,title:String,content:String,dangerouslyUseHTMLString:{type:Boolean,default:!1},dialogClass:String,showConfirmBtn:{type:Boolean,default:!0},confirmBtnText:String,confirmBtnTextColor:String,showCancelBtn:{type:Boolean,default:!0},cancelBtnText:String,cancelBtnTextColor:String,buttons:Array,lockScroll:{type:Boolean,default:!0},beforeClose:Function,callback:Function},emits:["click","close","cancel","confirm","update:modelValue"],setup:function(t,e){var n=(0,r.Fl)((function(){var e,n=(null===(e=t.content)\|\|v

Chrome Cache Entry: 425

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 121 x 121, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	9080
Entropy (8bit):	7.97339212610903
Encrypted:	false
SSDEEP:	192:saDQLp60sEUE14XW4ExN7SMZ3G5naQaf6r2j9L6/JdrBPJ35x:stz4G4ExwS3G5nK6r2xcdrBPJJx
MD5:	CCDBDFB8D84B291EDB24946BE9957719
SHA1:	27DB831377AAFFA4FA6FF912BFD23F28B5D068D1
SHA-256:	F75DBB19DB6774F7246351423A6ED594271D5A5BED4436DB59407B2A2A7DFA5F
SHA-512:	3C58717534262F153C943FDE25C26AB6727919CFBCE0DD76BDCD3173303D8A9015E53072A53EC49B6568F6C74EBD0DE7EE385235C55041D744A1D7DF5C30E9C8
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-5.87d757fd.png
Preview:	.PNG........IHDR...y...y.....$~{....PLTE.............TD........Z.....{.................S.. ................lK +1..S.... &.........rM..z....lJ1>F..$..............!.~S....%+.......#_kr....b.....S.....#.....~............-8@..t.oK...\|..Udm..!.....b..X.ZH..............!.........@NV..$.........>KS......Xgp&07....:B0<E...-8@. 'Q`iUcmCPYVeo.........2?H-6=.............)0Sbk...Yhr...[is...ES\9FN28!,3......N\f5>P^g......LZd4AJHV_...]kul{.)3;........JWa#.5....&-fu..$+.")...bqz<IQ6CL......^mw...LYbds};GP......HT\...r..&1:hw.o~..fH......v..jx...........x.................anw....lI.......EOU.pJ...............MD...\|........_G........M.XE......xP....g.vJ..\|.~T..a..Y.....s..n..[..W.....f..`.....w.....i...ku{....S.........[Am:0.nG\D7.E6......P<:0-S,'.......e.V{p[.zP.dD.D6.}.r..j..Z.{KaD.....HtRNS.1..76....3..4....7....V..:&.........~of`T@76....w<+......w......=.aA.....IDATh...O*W..M........}.%i.i.>..}.C_<..d....(.Z...h.......0.D....r.H.&....7...!.......f.%..\|k....}F..K/...[.

Chrome Cache Entry: 426

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 688 x 934, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	94725
Entropy (8bit):	7.9541927351780926
Encrypted:	false
SSDEEP:	1536:qR2+4tfZ8/+N1VYRiY26fwtwdnljQatc0xvwPYld3/JEqMpDg3CiThcY/:62JtfZ8i8EJ67IMc0xvBld3/uqMpU3C6
MD5:	95A95007010FA30BA35C88F23C05F5BB
SHA1:	AAFA96CCDEA967AC0B01BC6AE05386ADBF7C6CA7
SHA-256:	9053033D37404F80449CF72C06F0FF9DC7ABF1CC7678749E0D645306EADA664C
SHA-512:	4E6EE304A378F8898DF811B6FA5611ADC22ACB10C7D9F3F96F001B0165A2E4E6E98B02DFF4FDE9CAE4D878F9493389D6883E2B7C665AF020AADE71C7E7D923EB
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/girl.031060e3.png
Preview:	.PNG........IHDR.............$bV.....PLTE......^`....V\}...FJl...........................P8Dag....CBa......VUwej...................<>cN...42P........................................................................................~...............................WVx............jj."Dj..................x.....qp.......77X?>a.......ed.^]~PNq.....z\|..............4..................V..vw.//N...W........xq....&&E................pj...KHg.........SX......~x.Q.....IO\|...................C..'Oy5...t...BGp.3Y!.9......../\.q...........E..]b.hau......nx....]..9i...............J..hp.`.......T....._k...A........\|..>..Fw..4{.....l......px.`Xj...U.'4..{l.zti.....la(..Q..ZT<..n/.....:<.IG.kd......e......q.i.....ZT...sv....n{...~^d.cb.;>.7R7......$tRNS..';JgktL...d\|......................n.IDATx..=r.1...qck$Wn.q.E.^...]\0...7.yr..Ke..V...!..o0....;..x~9.....o....\|~zzz\|x8L&..]....Y...%........iZ;./xx:...wS.RJ-Rk.k....

Chrome Cache Entry: 427

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	OpenPGP Public Key
Category:	downloaded
Size (bytes):	936386
Entropy (8bit):	7.944224969502524
Encrypted:	false
SSDEEP:	24576:2l6QcjVh9UQsjuZTCnsKWt5zcidQLsj/Hhil:W6QQxsj7WttdOsj/Hho
MD5:	B9A90252ABBDFBFD9369C2B2BD2BB27B
SHA1:	D27B1C624ECEAFC943264BA15631E952823C93B3
SHA-256:	28324A20CC92E3EDAA4A0059824D9BF6353EAF8376961145391D439186CF96DE
SHA-512:	3F6785F8F0D3075030C7558D7C1D88D0B75C9C3433DF1BDCBA92EA5B55C48B16E3107161EF27239C0014F174554FDB55B4B8A703613006280F45B0C69B991D3E
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:16
Preview:	....a.3...C\|.U...V^...!1.....6...X.E..i..N....HmH\|....b..EZN.....I.....8.&..".m..Bh..^z..............6=.$..~..X/..M..7.....B.]..6..W.+....QX9j...{....R;..?5p.Y..@.B......4.....C.x.O....:k..x.........,zR.y......3.......^Yf.O...I.q.-.[q....8!-........s.S...E..[.1..WzS..s.....h.j t..e..u....t-...k7..;+q.....\|...C.\|.Zo .T<NDH.gi........,.SN..Ucv....)8.^.sc....]..6.'8+t~>.m..^._l\\|D...^in.s....T..]X.ll..?...eO1.5zy.-..'.r...P...<..O....t...b.-...o......&<.$.U...Q..c...f..;......~.9R.$........I.....&.,.jDs./.qB.y..8...2s..uQq.............k.1.rI@J..L.a.cfN?..l...F.....}.L...J...).@>...........I^.%..[...G.M...=^H{.L:B..XQ%Vs..dF..0..I^......V...C.B.l.z......4R.d.H..U....(...YJ/=g...;.....?.a}=E.z...%..;]<..K........O/..=.i.....u\.....2YOy....w.o...}..5.........+..}...G..\...])...w....>H.K.%.....s..PV...\..q~s8.U...Y..s.3K..5..:..., .x....S.gAl..c/..N....Ri.g..\.....m.),......3.p..Y....Y..E.jZ'.{6.v~=.)........2O...x.lYQf\.....OY.p../.

Chrome Cache Entry: 428

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 121 x 121, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11928
Entropy (8bit):	7.979219128250882
Encrypted:	false
SSDEEP:	192:2/jd2qJxm3HMTF7TNctutuR9M6ENgVtddfaf63Eq02Kor8PCacHKHJDSy8dCHhoS:a0qHm3HCTWNRPEwtTafQEkrYCappDNoc
MD5:	3D023D568DA1BC239AE899B20FC628A8
SHA1:	5397E59CA33DCC761656B612F3CAE2EF3A50051C
SHA-256:	DB08AFC5E482A6E2F40C558F064600E84006A9C6945BDAE6E2FF63CC5A464EE3
SHA-512:	17C1177A9213C5DFDF35F5FDD12A7668FF8E76AEF1FA615EF208AA6F0473ACBA5EBBF3B75AE10D0D04DF78230EDFF7FED046D19F424896118E485F74D6DE8F59
Malicious:	false
Preview:	.PNG........IHDR...y...y.....$~{....PLTE...19_#';Z\....28d...NR.%-P"&G#,Sh..3>d&-M.!<=Ix..3KQ.<C.H[.:Dq......;E....+;..."1,->...%'8)&4..%#%3;5C..!/0B..,-7A8F1-<,3L %E%,D.$<71?.$5#)?18Q. 8>B_)6VHS\|7Jv=N}0?j6.8IRs7>Z3Ab*/G33F-:dPX.=JlAGeMY\|4Dm@V.2:W%0NJZ.,;]Q].&-T86KHb."(L7FfCP.Tc.=O......278_F=LFS.?RtCJp...q..@[.n..U`.w..G_.a{.1AtKO.BI.4H}Sf.GMi9<i...&1[IDT:Cs+4b...jy.^m.<S.Sf.>FzEc.6W.]c........er.Ji.% ,g....Xo.\h.==S`..Z{.Yn.Tr.e..Kv..../7nQt.7H.~..O..Mj.N[.[Q_.....6?zTJY.....o.....s..r../0[...^..kz.]d....\|...jt...&.......Fn.Ab.s^k......\|.......}.._....Gk.w...\|..^i.......Q.....^x..x.jk.Z^u...Z....l..d.......@T.8d......fXg......l.......SQi...@y.P..Sw.qt.n......kKZ...`..y\|....}huT<L...eu.p}...o..Y[.O..C.....d.....w........P..Ph...........Rz.T..Eo...~yg......7G."-. .=....tRNS.?@>. ..o..>....s..g.\xg...+.IDATh..kLZg.....g.:M.....=.@.9....Vn......a T...Sg...M;...n.......%.s.R.nV...~.....i..>.9..........{....Iz.../l..QE....E1...d..;Z.6.M.

Chrome Cache Entry: 429

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.57349453781615
Encrypted:	false
SSDEEP:	3:vA6eihKyWMSz:Y6e8WMSz
MD5:	694953902603885864ECC3388D5C2BFB
SHA1:	183D31BF7F93C6ECF488F24C32992720F525085E
SHA-256:	D20D84B7545FBDE8CA7E28980FB446300A4C22D0E762A0061B66AF0B0790140E
SHA-512:	26EB1EBB1E46A0660B46C3574FF9484306E25726431D372A57C85E94086912E184CA7992C417D80DA800FEA5B0FFA68539E215C3ED2B6C39402AC994F6BBECF3
Malicious:	false
Preview:	offline_log1({"data":[],"code":200,"version":-1})

Chrome Cache Entry: 430

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 369 x 369, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	16731
Entropy (8bit):	7.934811457314126
Encrypted:	false
SSDEEP:	384:t6tUvgyafgNzKZjCbA87llmXyul0WyL0s87eab9tjky:Qtc2szQjmzLul0Debf3
MD5:	FD86FD75E7DA848163C4B41CD0989D03
SHA1:	1819060631186CF29B9C070E6B84941A7F075D2F
SHA-256:	4690D37928F54D8FF0CEFC2CC93C8DF80E71C232BBAD2291D1A946994B571EC9
SHA-512:	17BE335FDE8C08AE4F4726DB63B05F733598221D58CAC002BCD8E283985BD59C5288BB03B9B1F4024A8ACF5895E528C64A8214282F369A8B21FA7809BC9397E3
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-29.bf39516b.png
Preview:	.PNG........IHDR...q...q......Yh.....PLTE...yM....xH.wJ.wH.wJ.wH...$.....#wwwmmm...........................j.......................l........i..........h..i.............k`V.....*.........\|um....r..........i....qqp.....w.I.....Pi.._][....c..._.........i...................................................k.....t..R..n..c..q..U.....L..z..X....\..f..<..w..A..&.._..F.....I..~..,..g..6.....9..}.}......../....O..[..`.. .....D....2..?..3..............N..Y.............%..........?...................F.......................U.................................,.......D..>....+....w.....m..2`............MSSS.....'..Z..@ddc[[[....=..c......Q.......MML.....:....x..k..a..Ov.............P.. ..i..F..t..b..m.......S....].............~H..g.(....e.....g...G..)....GtRNS..@6.+. . .......p0..p`...O!..e.......L.}.D.}`RN.@...........#..P..=.IDATx...............................:Vm...8~.v...(I..@..,}.$....N........u{<.^.]u.........B.!..B.H..v.Z

Chrome Cache Entry: 431

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9918
Entropy (8bit):	7.962775403040729
Encrypted:	false
SSDEEP:	192:yDjwcupsSrn2B+S3PaZRVJce/Mb6FvQ9zVP5hHM1jAQ:A6Fm+rZ2kwumpP5hHM1EQ
MD5:	F69698E47D99D8CEBC84D7CD529904F1
SHA1:	74BFC9525829B58B49C67B4262229EA589F33994
SHA-256:	8420A3DDF47F8EFCBDCC0A483B2CB8C949E02EB99930AB1F15755485C0EDE91C
SHA-512:	34333AA0961E858B50EBFC67EAC10EFCA1347901F5524D85D05BDD97B2E6BB822FF9D7367A0BB8AC6BE1FB0B105B44D3218EED90293AB285362BA4D48E4236FE
Malicious:	false
Preview:	.PNG........IHDR.............B......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..$.IDATx..}{.].y.o.rE..ER.......E.."Jmz..]..l.M[...4V.0J6Ec.-.J..HE.-R.E#. ....y.fb...rb...zX$.(sE....Er.Lf.=..o....s.......s..{.7....9................"z..u..=`..sTS.)s.`.'.RS...E.r\m...9.L...1:.....ty..D..).H..6....v...5...Q..}..(;..uD......z.o..........X....@.{x.S..d..S.......A&..r.$....4.Rs.A....\|.Ga....UD.t.U....<..zr.[..."I...r.}.@s.....l.VDt..$]...........xR.5.. ...H...1..X.P.v.?.....O...#b..I..0..n9.....~.._..'....\|....!/Us...K.H.%D.i..n.$H...`...../=i.O..U.a..3....$Y"...i.m.h. ..............Y...h.w..$K...S.m.$CM...'k*X......!.d.`U.H

Chrome Cache Entry: 432

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 248, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	57081
Entropy (8bit):	7.985896019418537
Encrypted:	false
SSDEEP:	1536:edxFhMvVUhpos+XmSr05cvlHrezI+CIlhnZUDh:dVUhuj/0uycKNZmh
MD5:	1E7C5EADB5E51E5F94DAF988419923DD
SHA1:	A4C0FB87B0AA1B1C9D7944C2B5855BCD3ACE5F8C
SHA-256:	25839FB3D654A4D8ECE9223531E4B8BF9DB30A125038E3D5F0F737D9CA3D0E3B
SHA-512:	9CE5E57AAAFDEA324575A96D4FE8BBCF5A935F0CD2721374A814FB345033FFCF87CAD8FE698D59ACDC97E3FE0661B49962E54953BD47D7B98B7C2EE737F33AE9
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-2.bb8e2315.png
Preview:	.PNG........IHDR...............3.....PLTE...Lv.Eex+..C&.R/.......G]g<( \gnaG5<".px}...".....)..a..Z2....Q,.V/....K).....$!\.....R}._4.d8 F&.u..Ly.:.......e=%2".@".......8'.5+'......V.....]9#...z.....jA)...i..l="". ...........vA&2.....b.....A-#...Gt.......<1+......qE-}H+.............n..Xy.>72......MC<G;3...g.....^..d..........G4...........)(YF<...S=2...Rs..........PIE......B=<Bn...).....YOG...R5...p.....cTKEfu....Z:Lm{w~.sYJ302......\|..@^kP4$_t}.....uH7p..~dS...n..bLA..}un...paWc}....}..\|O;..............uojg\R...ilr_@0...Vlv.}v..\|xw{.ma...78=.wkky.^YV...lgb.hAoqxVRQwh_gE8..plN@.J...{CCG.YDf`[9Vc.dM...oZKdo..^^ccfl.wa.(....xP...k,......mT.Z..x....w.!..bC[...<...GJLR.._.~4.S0.~.a).a.D ...\r.....o...qSV^.S'.8".\|e..1.uF...=..hG.G.\|K.o..l......[./....I...}...5.o%..Z..DR.R.....tRNS. .........s.....IDATx..?..Q...J..NB..k-....v@.....k3..} ..I!X.H.....X..`!.!...5<..{..fF...<....Lf3...y.#..O.XOG[:..:.7...z?~..)....~.j..5....9...G...h...Y.\|.....i....

Chrome Cache Entry: 433

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999665450646417
Encrypted:	true
SSDEEP:	24576:GQdBM7DkTxhSANXFd9hls+35aN8jqNTYDNsJ0ty96hDi:VonkTxhSANXF/hl/5xqKDNsCyUNi
MD5:	625A20F4620CC2DF50ADA562E68DBAF5
SHA1:	16C9BE28CCC6741E20817FA2AC4A3D6D167995AC
SHA-256:	4E36A74AF6448BDBAF5812DBBFD5951CFC50274C7E6B7DFD9A943013D68BD0B4
SHA-512:	7B4D25197691957EFE7CBF56B10E2A4CA54E693B391E046D7348FB541775125B78750654CCE5B9CFB95872583B2C88B04B02009E06920BAE0BE14DE73B343A91
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:a
Preview:	#h.G.J.........H...... ..i..^.....XXp..r[.g>....~6.........{...m..9i.f.L.......jb.Q...8..s:a...#............;....H(J..K...+.\|....<.......0.=.......u....2.3...D.E%T...L>..L.h.NP.........<.o....c....L2...}.p..'..hZ..C.]..:.6U......Z4h.l.P..".e.UJx.M.>.....L.m)..... ......t@t..=...ya(Z}.<B#...X..\|Bx......v...} c.%./..8r./X0.K..i...e=.8..r....F.z<#=O. N.....FT,)...........jSb.9... .T6.%...KQ'4.s....M.J.......D)....@Ep%.qYr..6..N...u.03.......$....>........1...r........rP.q.J3V.y?..fd=Gy....c..y..:...E;.b..cR...(.t..^.)i.4.Um{u!../........si./f."FE.&.9.bQ..]....}L.-A.YH....H..9..U..L........hX/.;.q4...bX.;.XGg.S..v..>F...)`..8.w..N-.a1.......p..C..$....m.0.o...-....]gD3...i...AS..f...p.L...pp9a...<;L.?.LM.....D?..E.........Q....{j..$...&.jFt..G.....:...U.aJn..!_...P8`.4jh.W....Yo:_hD..39v{..q...A..+x]b..ah.#Q......K..:.LJL......).....t+....D......'....#.G6.w.._.:..'N..y...-...<.5....2....M.........HJ...R.b.c...d...g....=.......U.K.

Chrome Cache Entry: 434

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	32253
Entropy (8bit):	7.958742758880246
Encrypted:	false
SSDEEP:	768:qlZSdg/54N7sPO7M1CdzlwoOqUrk6g/BrvbisG:cgp7sPOwYq36X/BrfG
MD5:	5100441802FAB75DBD3AD326C8A872C1
SHA1:	CFE25CD0CF51DC68788F53E51F73B852185997BE
SHA-256:	4A071501E44D57A20ED004EA8AD1489E76E6E5C2F9DDEC5B38DE731D25B0F9E7
SHA-512:	946AA06336F4ED1532AB4876FECC3BA72F30E43815ECCBF1A18B72E434C9DE6FD13BD0BA1400572EC8F85D0A1BF0146AAF1FFFE5BBA6712CD8852CB63D9E9BA5
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-yd.e89120ca.png
Preview:	.PNG........IHDR...x...x.....iC......PLTE...6p.............=l....b..6p........<i....................:r.;v.9q..........m.....k.....j..Z..(Ge-Oj.KD4Jgy.........hi.]YbNg.................................-d.........................................................<t......<`....{...........I.............>w.r.....Hy....j..t..1i......./Vr...U..k..}..[................WVG`...bb.[[..z......'1Me.....F.(.............{......pl\.............@Y.....z....M...gc..............+..Sj.>bz.ws.QP...\#-.yp.....#A...Q\...D...........T...[Kf................GG...ai...prEm.......3S.dx.l=O...w....et.l-6;Ke...i_..JK...n........\|}....Gax......drtSd.sh..is.9A...bL.....r.CG..}..Ax.7..V..l}V4C......9]...OV....y....%F..Sh..E'4.v}....j....u.q.,.~..t.D.....L.f...h-..`...-tRNS....(..-G..h.V..G.k.......y......}.......Jm...z.IDATx...k#G..p....v.&..c......h.Xv.XX.[.$....1Ar.^U.B.R.E......1.\...u..7..;;+....H...;[..?=....^v.i..f.i..f.i..f.i..f.i..f.i

Chrome Cache Entry: 435

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	35304
Entropy (8bit):	7.9742668972721615
Encrypted:	false
SSDEEP:	768:Pd24VoXv9aJJwRIzzDxsm/3WK1zKsZv4mOVSQeEdeCp+i++rR3Es:VZoXv9Awy3/xzKsemtS+inEs
MD5:	D9EB20D6C7B9AF71AD3A9E5515549A0E
SHA1:	0297B88C948696F5B2FD0F01C8E10E08A99ECFDF
SHA-256:	55976AB7E3177781BC697F893592DCB27EA70AB35319B29112DC51565DC96DF5
SHA-512:	6C95C668E400B7788BC30A8254B681FD1874A49A3DE4B2D3630D744772FBE5906970279257E8F4BBD2F66F977819915E76447DBA8C94D989939EA7E05F27BD4A
Malicious:	false
Preview:	.PNG........IHDR...x...x.....iC......PLTE...D61=52;514/-:2/=54.~q=1,?3-"#$'&&E6,)().$%&.jW...ycKKHQ......qhq...{i4..{q7.]..qhq.TC...~s=...s.}.w\|>+ @-!C/#9)!?-%D1&<(.6&.......:,#3(!&..2#..........#..H3'-$....!!/%%. ""&(4((+02046......%,....+)+H54;235...........49;...,..C11:,,aLMM98I=?..`h_dA68.. K8..[S>=`Z_..:=@rekgQQ]GG....WCD.......'KIO^SWlWXBCH.4".@--SPV...P..V.....MXJNsoq...cOCF".......s]^......xvy........hgk........K................~........r?...................................zB.x..W.#-.......y......"2C.wK......^]m.ws......pX..}dMD(t`-yh:.asJN1;J..S/1hjz.iBF.......JUf5.....{`7;...XN4..XF!'..M..i.$;.RW....weT):HZ..S..m.EC...w._S...n0..._f.og[?.qf..........wQ..@.cV._E.......{w.on.m.!AY....hf......-6.y..vtwhK.W_.x.k~..I?...R)a......&tRNS..0Lc~......&.M.s.@...b.....e...E.....qIDATx..=..Q...f.1.-....iB $a7...u.A'r.8.....N5..`c..'...[.._.s.;.$Y.7i..u.1..3.s.{.DLLLLLLLL".L.R.d"...L.3 6._H...r&..U..T*.4_...d\|

Chrome Cache Entry: 436

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 374 x 374, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	16911
Entropy (8bit):	7.934373703337371
Encrypted:	false
SSDEEP:	384:QSOW+DyEX3jVahDPxHnivjHpD1kvKURoCcmsaeXQr6o7:J+tWPliDx1qroCcmxcC
MD5:	6B09F48B65A18886447C92B4F6285881
SHA1:	EA811C1A652CAA584B91A500D2D92D6D924C8AB4
SHA-256:	5B90F20FC8A9EE5CACC2A1E9A6ED72FFB1EEB183C770E67CA9190F6F7A883076
SHA-512:	A41E6CC8C5CCF16FDB4F3B3B490CF0506B8C87A2F655A4A92AA6B213F2456B17CA133866F31CF327D14B7D3FDD60F34B3FF30DC1DEAA2C1656DF80088ADCACD6
Malicious:	false
Preview:	.PNG........IHDR...v...v.....M.CW....PLTE....#C..........Mg..5....Vt..G.;h..........<i.......<i..........=d.................9.........................:g.Ve..8.Xq..%.....@.7`.......Nc.......8`...................gs.....I..S.<c....bn.......bn................{M.............8h.X..Bo.......;j......................>k................5g./d.\...R.2e.Fq.b..\.>m.T..$]..T.`...[..Y.&_..W.............)`.............Bl........../.Px........%..............4........Z........... ....Y..d..^u..O._..6`.m...C.g..<g.Lt.......r..\p.......+\..8....0_..>.z..U{.iw..;.......'U....k..k..Tf.....T.j..8e.Q..e...........f}.2Z..J.................H....P..<`.C[.;Y.dy....Bb.cq....$Z..U.......)O..D....Vl..N..N.o.....Jd.J]..U."G.R_.NH....]l.h-._y.Gi....:.......\|...@...r............<P.../E.\|....^P.r{.\|1..!.xC.rE.....a.N........JtRNS.. .\. ..g@.. `..c@...Y0p.g@0....1...?..p..........PP..v...$Bm\|..>}IDATx..............................].wM#....#.^.b".Z.B.C.....B...R..%M.. ..r...!......(n.I(..rE.t..?......

Chrome Cache Entry: 437

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 323 x 108, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	14758
Entropy (8bit):	7.977532405504438
Encrypted:	false
SSDEEP:	192:gnEPGtlyJPY1ujvePNBsUyBBsLmd3IPr4WVfK0zR4lgG/8b9dQ24Sd/A450tyCdS:gnSGtwWQSVqemdQq094lKptCjQ
MD5:	1C27C52714AF312A8698B26AC8615E25
SHA1:	762F8ED472CCB3C7BDDEEC0BB61A29D262F33CC4
SHA-256:	3B12CF3572945F32D7CFF79A0DCE732A78F0527BFC1B86AF34ADA79F34CC72F8
SHA-512:	E317213952FA7FD49BF71E1BF7B79357FDC519E2EECA89ABF4AC8D9AF7074613BFAD617F8FBF38604FD67994B9C91C7E8B58E2B78019FE5514AA827D7800D1D1
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/qq9logo.2a076d03.png
Preview:	.PNG........IHDR...C...l.......P....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..7.IDATx..}.s%.u.........nY."'..U...S&P....KK...b..\..wm.&.........y.6yp....DI..@.2SNd..$L..^&y..X.....=.=.O..\\|\...?.{gzzfz...s...`.)..b.0p...6.....a......6.....E..h...7.....C.0X.`v`...........\9....pVi.)[S..m.(..3...8-...8.....{0O.n.eU.....C].;.....R.=......!CK\|.CX...(.[.2u.2.O....>....\{....]....f..{..l...........S.5O..P..r..c.../+;... ..jd;....lkx....y.d..y.._......T..Vm..Vv.../....6.o..]6.p..h2\.K\.V..........{2sO...G...&?mCjz.MR......Lq. .\ ..(...k4...XY.F.X....c.....2...2.a...w{../M..a....e.... .$.......S.k..-~r\|.q......'(a.DHs!

Chrome Cache Entry: 438

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	55620
Entropy (8bit):	7.974861509667521
Encrypted:	false
SSDEEP:	768:3lkPULDSHgd2kbXfYzmBG4TFvRSRFpFC/Qixz2CFTYQVudXBCz0gSTHLKCDigKgX:KrMjfdxzSO/QqJrurA0tL3Digfs6E0
MD5:	798149665DD41BEBFA1A29B345D8A887
SHA1:	6C36919B12772F406A1E461ECFAF5EA8B208B18C
SHA-256:	3E9BABE314BE382C18E2E5C1D4E0914475AAFA0712717A8722181521647672D8
SHA-512:	D9C38A4811EA78BAF6838F423638E1547EAF42B3D9403F71B4E3D2F0C715397043AD902F51B931A992531ED77DEBEDCC1548D1D9A4FA5EAD2D8EC09CDF6E6E34
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-1.45f490cc.png
Preview:	.PNG........IHDR.............F..?....PLTEe]s.....8..FX.6...Qj....t...COh....Qs.Q......9..:..#(H...7.....f.....0..[.....SLc..........................z..o..s........E........VUj.........N......`\q*1S....fq....ldw...1G.nl.9:V......~...y....Ni..iwJ].Wd.A......;Bgdj."e.....vu.......?S......]Qt..{p.BJr...`QfG\.<N..../A.......5T....BU}Ut....IK[...`a~......U.....f..o.........z..6...%n..\|~.x....OY\|.....m_f.bu......$Z................q....{mk..........vp...tz.{.._.....1:_...NBB............Bx.%5j9^..yt.q....hXW[OM...Qy.:c.<..........A..q..W........9t.m.....\|_[/\|..........W.....W..g..:i.[......n.....Rg...........ia.....M..V..=...x..............Cm....G....R..){.;..B..J........w....."Si...^..p..~.O....=55...o??............n.qn.O..FP............Yf.R..P..c.e..{S..n....tRNS$...p.$...p.p.d.j.....IDATx..kH{e..R.utC=yD.... ..Z..../....B.]..Q..7..X...,-"(kdTPlTR.."....D.AH....=..\j..s.sn.......y..S..O=...:....N=..3.z.......Kv.Tg......?..

Chrome Cache Entry: 439

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	40507
Entropy (8bit):	7.961167183634244
Encrypted:	false
SSDEEP:	768:cunsBJA+Zn8kDVhXUFF/rNRrqgWoAVo1Sedo1czCXW5X6ugWxr8pQLvfimQMK7N:cjBJJZn88VpUXxRqgWocQSedo1ICG56p
MD5:	DC7EAE4CB33CFD503A7392EAA24337CA
SHA1:	6D23C2E24E655F16025003BE66EF31FAE0EDF45F
SHA-256:	1F9114E36F9EF6B3F7B8CE4CD507BDD4AF2DA47178CE5F32402DCD63723ADF85
SHA-512:	A92D5E4A4173BD2B86BD6258ABB01FB263C6AE125E1DA4644EEFB3522EEC0651F3779B2692845CCE0958E80DC0BC08AD167ECBE4AF11CA7DDDAF5D542BCC788A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-me.8d49096f.png
Preview:	.PNG........IHDR...x...x.....iC......PLTE.....RUI,.Z]l......."D.NSh9:......px.}..bi.~..ju.48.@E....Be...KM.......Ve...~..9......llw.:?R...QIy......zv\AI...l.........NRI...`...q{..............D..B.....=............................{..w..k.....s......................m.....e..l..\|..q..r..`.....~a........................xX................njPxqR..vtb..x.....idF.....}......_cX.p...x]]B.#........hmc..{{m.....{.......b....)..........o.......i.........."...Y...x.........HM7....7....\|......d.X........`......O.".....*.\|V....~........C..&$....._.Z[....".27/.-...M[X........s...Y....ki........../.cu[a........X.&......XG\|-9.=........{q...OM.K8Gw:.BK....0..3 .....mo......{h.C.\|.....}j.._.....D....o.=....j..Ve...cw..b3.ui~...(......I.F....;...?....Ce...;tRNS....%0...N.H..C..r..c.....J.g.}.{.......}...........x...w.h....IDATx..?L.Q..y.......^.q...p.AD.J..I..i..`;4.....$.c0.4..)c..c.M...4L..K.N...{w..o...,..[>\|......$E...?..

Chrome Cache Entry: 440

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image, VP8 encoding, 62x62, Scaling: [none]x[none], YUV color, decoders should clamp
Category:	downloaded
Size (bytes):	1566
Entropy (8bit):	7.846612275654403
Encrypted:	false
SSDEEP:	24:mgKzBqobxpp6DOA+sk+A7NzkQDPRObhtfEX/AQxQAPYyeuefQqQZUu0JX8E:FuBqQwKcmN46RihtfEXSmYFyZUyE
MD5:	AF058AC90F3FBBE838169BD156898A87
SHA1:	2A8C439E16E1D92B01C1C7478B64FEE460AAC724
SHA-256:	9D721F0400F71EA2DA4AA60839F7D9568108ED3313820ACE965FCC74B587BFC6
SHA-512:	AB6F9DB31F55AF5FF770E9CA499157CC27BA69AEAE0F619E33A111D4D47BB2DCE90F534ABE4163D64A4AB2CA13D2115A159646C13A24D67D8F2EDA7553B830B4
Malicious:	false
URL:	https://qzonestyle.gtimg.cn/qzone/qzact/act/external/tiqq/logo.png
Preview:	RIFF....WEBPVP8 ....."...>.>.>1..B.!!..O. ....h(..3...'.7.o\|...ND.]...W.+..P.0...........K......X..........'...O......I{/.[...U.g.O`3..S.... >.=....E..........~]...g.+./.................?.?......'.3.....O........{$~.9...C!.?;.P.a.....X\x,'......5.L.R.B..r.Z;./.A.rY....a.h..`.r....G...4..}d.....7_\e..ju...M...e....R...M..1.....ao.`.#..}.B....\|=;x.C...).....L.L..1n..m..E/.c...=.@.........7/....Nalhg......p.L...........fb.c...V1.{'.V.R..q.@.o%..(....t.x.....".?..I.0"x...3..a.i.-.f.r....w7..>7..s.G..q....O.'.>.\|.5....j*.%B..3.W8..._.....L.~..u....r..%.Tr...u...,dj.....>..@.;}:+.....C.z..}3I'.I.?..a....w.&^.V({.A....oU.o..l...>.$..=5J.=."g?...T.K@6f....&.<...m>"...q....n~=.............:..D...)-..W..0!....5.zx.XOF...B?..l..{...-....x.e>.Fr......D...G.UJ.]<Tp.kG5!....J..%..z.n\|-...e.-..T..$..d...mLp...'.l!......n^..qHM...b.c..P...).......C.L.......^.....RN.......... m...FoB..H..t.._.u.Q.d#`%.%0.[.&..}1^..`9~\N.....i3.J..h..FyS....0.H...-.I:..

Chrome Cache Entry: 441

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65456)
Category:	downloaded
Size (bytes):	1023552
Entropy (8bit):	5.572929986497309
Encrypted:	false
SSDEEP:	24576:o2vhEaBBJBaFhijEWhT6DB4knPaGq5fyleoMFwm:vvhEa/JBaXijEWhT6DB4knPaGzeokz
MD5:	E0E514C85C4187923718073DEEA44C15
SHA1:	C0D613CAD82DBD446FA91513DEEA18687255CDF1
SHA-256:	F0E1EFE4D82894FC57AA53DA7C3A08CB9412DBF6E2BAB67CA156E214CB7EE8DB
SHA-512:	22BD310A31DEC1B28002EB6F866657C9DA5076D3CCFD3366ED577C42DE4D85DC32946BC4C524FDB18326C5286EA59CF3025AA7D4A8BBC3B02DB75A85B1CCAF9B
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/chunk-vendors.952b5fa2.js
Preview:	/! For license information please see chunk-vendors.952b5fa2.js.LICENSE.txt /.(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[998],{7434:function(e,t,n){"use strict";n.d(t,{CQ:function(){return y},IV:function(){return C},LJ:function(){return i},Nv:function(){return _},V_:function(){return x},cn:function(){return b},e6:function(){return S},en:function(){return A},jn:function(){return E},n4:function(){return k},ns:function(){return T},oV:function(){return w},pv:function(){return I},uT:function(){return P},vD:function(){return F},vc:function(){return l},ve:function(){return m}});var r=n(3336),o=(n(8862),n(4916),n(5306),n(7658),n(3210),n(1703),n(4603),n(8450),n(541),n(9601),n(1539),n(7042),n(4747),n(2772),n(9714),n(7941),n(6699),n(8674),n(561),n(9653),n(1058),n(1249),n(7327),n(4723),function(){return(o=Object.assign\|\|function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e})

Chrome Cache Entry: 442

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.702819531114783
Encrypted:	false
SSDEEP:	3:YA/JHaLWAiI+7n:YABHAWAiLn
MD5:	07AF6F1DDC7312D27CB0B3EC3C6A5F11
SHA1:	E14461D6C670B627DD5F6ECFDF493BD9B28A39B1
SHA-256:	851404A868D79418E64C0C164C587EB92B651B44DD5B0DB6544E7E797246ED7F
SHA-512:	BA3CF0F7367C2CE4D1E44353A72FB6B479926B9142B8A895FC9569EC1EC3FA0EBB844038873E76B90D93BB4FC60F65566A8E21F1CADAFB08B311B6A98822E285
Malicious:	false
Preview:	{"error-type": "unsupport-type"}

Chrome Cache Entry: 443

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999048206471408
Encrypted:	true
SSDEEP:	24576:zcvrzFCW4mOB3HSNKqLRl0E6cgvfplny07Ok7VmCi3tUKM:QPctmOBXS99V9MfpJy0KmVmC0M
MD5:	CD7D1149346D823ECA9B2612EF719154
SHA1:	F57DF41D085CA94595119B8C6D70AAEE6AB78AED
SHA-256:	3F95E9DB80CDD2A2A83A888E24FA2421E85C4BDD54EA4C58EE923349A3664D29
SHA-512:	2AFF2462BF148AC1C49856FC8ABAC41A50A88C361B37BA41BB4C5E1A354E0104946AF49E344F6040AD541E895BB0A2D48103EFED29731D5697213F421A9547A1
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:14
Preview:	....`.[i.L.P.....am....v/{&........h..+../.6.. .q.d]!j.....EF....x.$..gn..$?.$.!.{.mI..].Y.(.n.~.Hk\|....`..c.h]mx.......c.P.......@...m5.%.?..^.m.B.e1....`..?.m.%.@...U..9.W../.....x..f..A.7.!.]QJL..`}fct.1.K..Q+&.....L.i.K>BB..... \U..k@.'....p.tbY....N.?..=.XKz./......G..u...>Mq].._.k....g.dz..E.J.Mk.....+?....M..6.&&Z.w..y..jG...4.?O]7.0if..!.Ul.....!..A.YFh.,.4.pa.tL(.k/.j3......@d...`..dS.....I.....#...R{8.x.V..\|.).J...X.rW?.]......./5..%...&..E.2@.X:.....D.0.......l;..g..{....-.....n.`.E..U...BW.9d..8............)....;gv.e7...?...(m. \|.6...$H..._..=F.<$Ib.6Zg.JD.hz.-..'.`g...0..s...V$.O....I....4.#.;(a.O../....>...LJ.\|..8..t6K..F..F...........mU.~..._.R...{.1v........9.d}.F"!E.b..1W...;(q5.9...1.x.s.....Ak$.c.v...#.9....P.Q.......r.\|y......l<S.D.e=... ...1.....UVoD..8.-.$..x.....Njb..0@...j;.f...>..>..t.Q..3.E!.2......}...0.e...y.k...B.%.=....._...B.v"..]_..1.`z....E*...[........!P.p..G.....(.7.-R...L...........uP....(:..u+

Chrome Cache Entry: 444

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3050)
Category:	dropped
Size (bytes):	9409
Entropy (8bit):	3.8627449454505975
Encrypted:	false
SSDEEP:	192:KvkADp0wXlhMnEXb74PtkADp0wXlhMnEXb74PPkADp0wXlhMnEXb74Pe:mrbXlX741rbXlX74nrbXlX74W
MD5:	AF8675A61A81E9941A3CB303E4FD987D
SHA1:	6E72CDF2677356CA4D7AB8B99E544042F43D6D7F
SHA-256:	65A5FE2D566AF66945F50B6B3A428B01932C9F585EF251D2594100CE786F87B6
SHA-512:	638221A4F5D6D930C01D9F71025CD06E7EA1D33ADC1667A5BD80F6CD37564E350D2F2F23E1B53E6CE264250112B4C2D4FB5F3A906DBB12CA6825E1F40C764C75
Malicious:	false
Preview:	<svg width="971" height="292" xmlns="http://www.w3.org/2000/svg">. <path. clip-rule="evenodd". d="M105.756 264.757C130.013 280.641 158.54 289.132 187.73 289.157H351.498V249.96H288.875C301.838 238.074 312.526 223.967 320.389 208.298C330.308 188.53 335.468 166.803 335.47 144.782C335.476 116.227 326.826 88.3107 310.616 64.5635C294.405 40.8163 271.361 22.304 244.397 11.367C217.433 0.429948 187.759 -2.44079 159.128 3.11769C130.496 8.67617 104.192 22.4143 83.5408 42.5953C62.8894 62.7763 48.818 88.494 43.1056 116.497C37.3931 144.501 40.2961 173.532 51.4475 199.922C62.5989 226.311 81.498 248.874 105.756 264.757ZM187.878 249.96H187.861C166.589 249.964 145.793 243.798 128.104 232.239C110.416 220.681 96.628 204.251 88.4855 185.027C80.343 165.802 78.2113 144.648 82.36 124.238C86.5088 103.828 96.7515 85.0808 111.793 70.3665C126.834 55.6521 145.998 45.632 166.861 41.5735C187.725 37.5149 209.349 39.6003 229.001 47.5658C248.652 55.5313 265.448 69.0191 277.263 86.3233C289.077 103.626 295.38 123

Chrome Cache Entry: 445

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (64998)
Category:	downloaded
Size (bytes):	68901
Entropy (8bit):	5.356724459097988
Encrypted:	false
SSDEEP:	768:PH2q4D5xJTQQMiLKHdEeW0W68sHIiMnasWVByzZ0lcrzrXcl:uTH1KmeIi5/dCU
MD5:	501B8EB6120E4C66ACCA2B604CB91261
SHA1:	E2FC65B261ADD77CAA7A60E5AE31C6D54820BAA0
SHA-256:	D8DCB49319BD61CCD67610C592B1212BF50921FE2081F97BE84D3FA3DFF52DBF
SHA-512:	25400C855971AD2881784C7FCC9DA1B653E7705239F1143373C3E6F7159C544E342E4722688FE0AE785BD94BACB41D288C6AC6A08CCEE18119F94A98DDACAA12
Malicious:	false
URL:	https://cdn-go.cn/aegis/aegis-sdk/latest/aegis.min.js
Preview:	/*. ==========================================================================. * @tencent/aegis-web-sdk@1.43.6 (c) 2024 TencentCloud Real User Monitoring.. * Author pumpkincai.. * Last Release Time Thu Jan 18 2024 12:16:00 GMT+0800 (GMT+08:00).. * Released under the MIT License.. * Thanks for supporting RUM & Aegis!. * ==========================================================================. */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e\|\|self).Aegis=t()}(this,function(){"use strict";var q,j;function _(e){this.name="__st"+(1e9Math.random()>>>0)+q+"__",null!=e&&e.forEach(this.add,this),q+=1}Array.prototype.find\|\|Object.defineProperty(Array.prototype,"find",{configurable:!0,writable:!0,value:function(e){if(null===this)throw new TypeError('"this" is null or not defined');var t=Object(this),n=t.length>>>0;if("function"!=typeof e)throw new TypeEr

Chrome Cache Entry: 446

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	78041
Entropy (8bit):	7.994232648382918
Encrypted:	true
SSDEEP:	1536:IKiW1ekBKCgKIxaAgkCgeCZwrDe4f+XwyISuI5ofFDRUI5K3dos:IceCgKGlgkMPrDe4fNkofFDRUj3P
MD5:	517898A28FDC274A85B7D9CAC871418C
SHA1:	DC4515A9663955E842D8BD4083B5CB1095779BED
SHA-256:	5AA735F3747384609123A6FA0E7372D79A66D62EDFCB15991DDA844F146D5802
SHA-512:	6EC89AAE3FA1C9C1D44B4A0EA20D6E6A82AADD93B03B8C0CEF0C1C6C668F3AA12E29CA3C24606F96607D3C7F7C8DE1545D38384B052B3B57A5096DD6519B90D2
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-8.2357f6e0.png
Preview:	.PNG........IHDR.............F..?....PLTER`l................bu...............................................*37...0?F..........;B..................+7=?NX5AE...6EL2BJ\s.=KT...3>BBVcBR\GU^1:=...:HQ...du.<R_w...........Vo..../58.........^v.Ss.KYbT`i;EF...ky....n..G[h.........Nfv...'/2XfqOi\|O\e..._nzG^nx..epy...^js......t}.......8MZ...^\|.........Vw.......Obp...o.....i.....Ow....On.lv~..........................{.....s..L^k.....g.....m.....YdkV}.>HK...........VjxKq.f{.BYh......GQU...y.....................Gcu...`.....~..`..a.._..4GRs..T..u.........k..ELN.............V..NVZj..U.....9?@......Fm.................Kz.z........x.....x.....Eg~x..>\o......{..:Vg................l........ttu........V\^gkm...i....cbbF........i...]...#&..y.......vib...TQO6b..tl...F....`XV...5o...........tRNS0./.0..O.OOOOO.OOm.W...-zIDATx..1..D...Q.B.d.0L.d.).l.\|.{.o{A..F...b+r....ie%.......mD.._a.....W.$.L&.Iv.y...^9...._f.^.7..Z.T._r<..0...^a....6.4...fe....z%..^....F.%f..N..

Chrome Cache Entry: 447

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 146 x 146, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	14148
Entropy (8bit):	7.978254582428027
Encrypted:	false
SSDEEP:	384:q1GHKV3Zd0HakeHlNl6EbGLXIHWZUhwsXg+:OGHKVD8ZX1Z92
MD5:	479DB0F10762671239DAED3178E75A46
SHA1:	D83E281B5609D98ACA781976C00B8E17A0920038
SHA-256:	3E206D38432A886D92CA15AB44C1B94CDE12D819C668B8ACA8D88D9701EB00AB
SHA-512:	CC0B4CEFB63520C9DFF4B02518A25E00F0F7EC4BB29DB229C4E0EC0D9E87E66044E2D51C4F60F7ED92459B436ED93DE37E0DD6AC0EDB5FBB83ACB15020CACD18
Malicious:	false
Preview:	.PNG........IHDR..............{......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..5.IDATx..}..eG..W..{.[._/v.._.7...m&..qw.L`...AVl)...F...%...)..h.h..0..@..D3..%.#...V.l..K...K/..~.vO...._u.........S..s.;..._U..}.K_..J....l.RN..i!.4..*Q..W.......,?Q.......F_~.E.....Q.~.:.....eyM......w....!...q.w....u....\.@/..m.....^.9..X~.r....9.].....S.jK@k+j..Q[......~R..({j.5.6...~\..~....Y.H.$."y..g...tV.5.hj.(.....^..u..N(p-...9........n`...~Hg...e.{O..uQ...roPy.......FI.H..l....b..s_.f..]s..R.A..........w.j_.6.wW...z=p.......8;.\|.!."....e..6..n..~3..$6.L} U..;@TLq.O.;......;6.........BA........\|..}.._...H.</....P...........`.....

Chrome Cache Entry: 448

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.99980567772675
Encrypted:	true
SSDEEP:	24576:ZkmFdOqrpBXQroEQIXHgd8BJs2wMkvsmz5tW5RIqTCohV23wT1jQ:dFkqrtEQIVBXwMkvsmFtW5RfOobN1E
MD5:	00D0C545FEB3B500415C3BE24D5B01F9
SHA1:	88CFA63D3E586FF5F4AD6B703EF205B87E71EDCE
SHA-256:	BDDF8737BC1B6059850F3B4F1EED309069EA292DA87E82318596D7971536949C
SHA-512:	A5EDBA257438CC936C29D87A3340FC690CDEF51BC471DC1D06EC97FC58A5B75A98A5ADB268777D2794A883C31380E835BF26AB8DE46D014A5261459F56B6F11A
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:12
Preview:	..e..+.j..1..VKe...D.8\NUW....l...a....o3M....$.&...^..e.z.=..U5............W.f.'k..B....{l.../b^xK....\|.Q.......V...e.O......t...5$.;..`..E...C.<.(W?q..O}..c..k.S...%.5\|).. .3k.D...1T...s9.F..S...+..z.FG.Z<..cC....}Dg.F..b....Q./1....m...~.%......3..._......U...../.4M.o..j.w.!o=1.'En.....fi&}.H/..\|.N....n..&.i..Z..5...tI....,Vq.Z.(5.THh.........H.\Vt.C.=...6OT.Xg'..d.F.L.%d....p.jW.~...3..5g.H.M.d.l6.?h.`.n....`.;......N..t.B,..D..1d...y...2._...'...).r.....VA'....3.I...R......%?.\9..5..I3"...VsXq...\=...ePb.Zp.v..OI..KK.;..R...&?L.r.z\.9..EZ......:.....f...W.h5/.......E.k2n]%.UZ......zLx..7.u/.o..j.?....^..@.G[$e... .iqq.~L.Ye ....PN..;G....f...q..0..7.MA&G....}.RmLc.J%...c.E.R._.H.$...M.n1.V(N.LE..=`..7.....od..yw.j.$.g.]...3.o".....Or.`j...^..I.....S...-.../U.~)....?29L.....h...T:D..&:%.dB.. &R...0b.}.ev... .l.$..'w...Q..7....+0_.}.?..^..^.;...,..N&..Pn.C..}..3.....j, T.=>x...<.@..p.1F..1.'.3Q..mq.Bukx.%.z..F..h...y.uw.\|E).o..

Chrome Cache Entry: 449

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 82 x 900, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4121
Entropy (8bit):	7.859900132218484
Encrypted:	false
SSDEEP:	96:OZ2KKHDX6KfKSJNgLoot/tCUcWnL+aRGLJDD:8Kj9CegjJtC5WnqiGZ
MD5:	A13B4636ED3593819041FC602DF9ED5C
SHA1:	2433529C29FAFDAFA32FCA89B813C9E4BFF69F57
SHA-256:	F35E49E254355130D7042EE1434FAD1DB7D6304264E5F31412CCFFAFCCAD6BE3
SHA-512:	6D13C10CA6A4EBC8A8E611BF987DFA0E0BE305BDBE1C083F84069D2B69DEFAFECF6242AD9A29945759326490329047ED126827ADE703804AF912AEF461BD9851
Malicious:	false
Preview:	.PNG........IHDR...R..........}.....]PLTE.....RT.i.c.7..j...e.7..}...f..f.7......e.7.....e..e.8.....7...f.~.....8...f..f....8...f............tRNS...!+/BKLXefg.......................NIDATx..]kw.8.ENB(0.K.c....&...!Yv.=..~.s..I..ea;..B.P(...B.P(.........(.......\|....B...KxE+..\|...6.....AKY..~.. .w.)H...F.H.0J..4.s....B.P(...]+...AN.Q....8...J...`.Q.SB.9....3.}......../.ZP.A.B..!t.\|.,\...^#.....OlE3..W;+.U..../..F..bK.......~.....n......:.e..c).wk......B..J...Xb......e......4............8.#.~..z..P.8e..i..V..T(..l4_^!w...;..B6..=......2..4...0e....e.....dQ.F<.7.......&...~....RTB.I(g6.O.b..{..;..\|O.Z..O.b..AjR..X.3P..$...Bf..1.^.r..2...\|...%...l....(...........<.......Pf.m.....b.....#a...J..d.c..m(....l.:.E2...P}...wn.....%$..9.Y.)$Ug...."..v.cHd....0snSJd8....I=.b.N...jqE....-.f.Q..\:~..n:e....j.......7.)Mv(Q..F.2"..o1.A:%WB.P.~{%kz(..l..C....l&..t(...]&.9.#S_......bR....H...A..Df...c.......;..........L....p.,.W,.....c.,>.u"g...8,.)..t(MO.

Chrome Cache Entry: 450

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 288 x 288, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	20188
Entropy (8bit):	7.96819634126776
Encrypted:	false
SSDEEP:	384:IToO30LgfBM/XFvwdIOnPI828bN8iXF8GRlCjhjUX056yZaxdd:Ij30MZMF0nPYiFi1UX0IyZs
MD5:	8E76F959C9AECA3A6E98925F144534C7
SHA1:	32AFA8E3D4AE23A247F4C4050A78DAD8CD94EAF3
SHA-256:	BE75A2541B9C61B869386FAD474A462EEBD8B735771B5F79B768BC09D9DE8897
SHA-512:	A62295B6307C15486E5BC88389E14B51B7AAE52503C74C652AC6B2E7B3CD4299908BAFDC2E1D08DA5CFBA1DC3C290FD840A8796A4AD401E4942A0D2B54F339D1
Malicious:	false
Preview:	.PNG........IHDR... ... .....#]^.....PLTE..........................................................................................................................................n.@..................r.>...........@..?......x.?...z.=v.={.@....C..@..F..C..E...t.=^.7w.Dq.A...t.C...m.?...{.F...........J}.H.......N.........k.=..P.......L....R..T..".............K.............6........F........i.<...Y......1.....Qi.:...a.7c.4.......?e.;..w..Z....Q..4...c.5........]..(.....u..hd.9..-.........p.2..+..(..............g..C............;....-.............V.....h.:^./S.$.....F~.9..$...........\|.0.........B..1.......'...c.8i.3~..........T............v..e..6................\.!.....cc.".....!.....sr.......h..P..%................sr.8...............................*i....z.. ......-tRNS...........N".)..V..wn.^@.e/.4G;8..........g..KaIDATx....p....R.\Z(........;.. ...I..c.P...BDM..>V"..w0q..w....1...Ll.......M...I..sN...g.O<.$....O#L...?...=.0V...W....5.

Chrome Cache Entry: 451

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 287 x 287, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11943
Entropy (8bit):	7.921713463674599
Encrypted:	false
SSDEEP:	192:4t5RVBMRoRG5ectnEGZUXMrE97R2DV1qBWMO/a1K8JMVkQd6gfL0SuruPFQGCraZ:4jRfctnfCEK7R+0IMAuK8J4kQdFfL0Sx
MD5:	11C7371BF2336B5292AEDF41CAF163D7
SHA1:	9778B47F333A85B086A9A698241670CBB984A50B
SHA-256:	42259CEA0D1FC6BB23FB76D840A68E856B255C01AC3E6A12DB4DEB889F973AA3
SHA-512:	4A48ADE9DF5B2B5C0A43C57877318FF3AB3B145E299BBFAA032372D62C2B3D3F2F7D91088A96FB18D5284C20739A1C6F4F10E38D529659B96FDE88D91410A59E
Malicious:	false
Preview:	.PNG........IHDR.............O.2.....PLTE.......O..c..U....X..T..Y..`........X..X......+....Z...'......................Q..?.2e..O..L..O.......5`.....!..R....4a.....R..6.6`..I..7..R.....S..$.....[..?.....T.....O........<.......7`..3....7`..2.5`....5a..........<......f..........................$.....)..-.....1.....:.....B.....=..O..I..E........@..K.....!..8.....3....8..5...6.;..>..0.....-..)..2a....A...s.....v.$.....E...............k.3...n.....S..z..9..g..a.'...]..Y........R.....O.!...E..&..!....5a.....=..4..+.-b........A..U........}.}.../.....F.....H..........(c....$d........d..1.d.z...L.................K..C..f..e.......2..:......f.N..6..7..n..`...f.).......C..x....P..Yo..f.dz..j.....P...i..)...Cz.4x..L.tt.{h.ec..n..`.jR.W..No.yY.wB..;..:.z...g..I....h...y..g5...$t..!.LN....<2.....V....GtRNS........ ...'. .@10..a.... @ .`.p._.N...oP .....o)..`..C..o......W...+.IDATx.....@@....@r%AMB..1..n...o...^........FU.y.i....mK?..q..\|I)...]..o...N.P..y.a....q.!..11fb..0...L

Chrome Cache Entry: 452

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1272 x 967, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	200887
Entropy (8bit):	7.978433783839488
Encrypted:	false
SSDEEP:	6144:xvm/YA+XXWKJqC4E33iTG/RVDoqjKuH02eF2:o/WXWTEHiTG/RVDFjKu9e8
MD5:	EDBAB82D8BA30C28D104494FC12827F7
SHA1:	2BAA1832A50962487FA6A974ED034367E0A655A3
SHA-256:	73B55664C9A77FD8495A153D5801CAE0791708E2506345E792A776E81685936F
SHA-512:	643419F0D12469272EB4EAB76A539127F7FEB63F5D75B2D04E3D624885AE7A3701559E8CAA7A0CD0CC835D6E9BB4E8F0C252A52BC3E444344D77B0C88F842E38
Malicious:	false
Preview:	.PNG........IHDR................^....PLTE..........................z..........[.......~.................FGG....................................................................................~~....... !$.....A@A97=222...................QQQ........omo..A..........#Lvuw```........+)...9j............(+;......$/]..............III...........[l.........4......ffiXX[.....c....%,Qw..x..8..Rd....r.....BT.Me....~..at...........pv.s..L].Nn.5I....o..Vz.g.....il.=LtV..{..5;Q}..=Fbs...l}.Vt.e..JSh?Y.ADRHNZS]r\e}N..........1Dt......\........,>>f.......B_.`..bv.l....yZ\...-x...O..:.....'Q..b...%]...........}sQ..C....ngNR......dXi....lg}........mi......:.Byh.VAG.-.....^C....a4!.......G...7c...@B...I(M..wE.p..u.......`m2z.N;.O' ....m.c......-..F..OO.......k....M....tRNS....................h..8........QIDATx...1.. ..@...N.%.@....................................L.8..g...Y:z....V...y.n...(.Z.&._~.....gFK..0.%...2.nOw:.E%.X.IC.)*..BTm..D,.:.u..LR.\..

Chrome Cache Entry: 453

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	357269
Entropy (8bit):	6.109414968977961
Encrypted:	false
SSDEEP:	6144:6VBDrgNvuaT9zZ9hDfQe57kZZg4UUe+e9nEQ7gjyM0jO/A94O:6VBDrgNvuehDf99eg4S+e5ELjyljO/A/
MD5:	633FAC9E433F674E39286CA1F66B4FC3
SHA1:	E1F328AD6B1D31CAF851FB19764CE78134846F44
SHA-256:	BADA0CB4C2A02906530CC3E5440534B489770921A1182185CE473159331C7A24
SHA-512:	F283942C445F7EB52835C09AD3BFFF911547A91039D16DFFAF0DA10EF8FB0E854F5E272051EC6F9B3D832748B7C7CB2C228A0DE3EC10023C9B969050B55BE14A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css
Preview:	.max1600{max-width:1600px;min-width:1007px;margin:0 auto}.topbar{position:absolute;left:0;top:0;width:100%;z-index:900;border:1px solid hsla(0,0%,100%,.08)}.topbar,.toppic{height:64px}.toppic a{color:#fff}.toppic a:hover{color:#09f;font-weight:500;opacity:1}.topicfixed{position:fixed;left:0;top:0;right:0;width:100%;height:50px;background:hsla(0,0%,100%,.8);-webkit-backdrop-filter:blur(6px);backdrop-filter:blur(6px);border:1px solid rgba(0,0,0,.08)}.topicfixed a:link,.topicfixed a:visited{color:#333}.topicfixed .logoLink{height:44px;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIcAAABICAYAAADcWeZrAAAACXBIWXMAAAsTAAALEwEAmpwYAAABZWlDQ1BEaXNwbGF5IFAzAAB4nHWQvUvDUBTFT6tS0DqIDh0cMolD1NIKdnFoKxRFMFQFq1OafgltfCQpUnETVyn4H1jBWXCwiFRwcXAQRAcR3Zw6KbhoeN6XVNoi3sfl/Ticc7lcwBtQGSv2AijplpFMxKS11Lrke4OHnlOqZrKooiwK/v276/PR9d5PiFlNu3YQ2U9cl84ul3aeAlN//V3Vn8maGv3f1EGNGRbgkYmVbYsJ3iUeMWgp4qrgvMvHgtMunzuelWSc+JZY0gpqhrhJLKc79HwHl4plrbWD2N6f1VeXxRzqUcxhEyYYilBRgQQF4X/8044/ji1yV2BQLo8

Chrome Cache Entry: 454

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 868 x 1592, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	186062
Entropy (8bit):	7.976052427970381
Encrypted:	false
SSDEEP:	3072:U4YQ/YltYaktLa++NlpHMSH4v85WebWBHcB5lRrKN2ciWxIjLY70IKEzmdoolifA:U4Y0akVaFzHMSYv8tbWBHcBL5lciHYz4
MD5:	1802AB075609934B68B194238808E6DA
SHA1:	27B1C78682B1D25F3EE89A1EF0593EFEA070F5A5
SHA-256:	49FB5963C746A33F9942D3CE39DEBB364350D0036871B5B369D25FF4AC15148B
SHA-512:	BBA048B2986AACFE7041D351D658121121F8830EFD11776DDAA6D1F3C9BB4749C84BDC0E78958870B5EA610FBA9CAEE07F19BD5AC4958FBE4EDEC6A5CF9C78D6
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-1.9d39f9ad.png
Preview:	.PNG........IHDR...d...8......B......PLTE....9}.:}.:~.;~...9b............................................".._^^...........$...?A@9.........../5S.....63>$'11.9M..9....2KO\DGT78G........rmn...q..'E.............:@Thn}PKQ=C`B?KM_.QYu...FMj0..(;:b[iZP]...Zd.iQR.....c..nbdC..,4X\h.RZd....~..\|uyNh.r\|......Q@B;X.\HKi{.io.#[.fauq..Zt..nf.,VF6:`.....2E.z................p........6$4iDqASz\go...^...^.50...Vy.i.....=e.:w........Kg.\|k.[..!k........XF)....x...zm.aY...-D.4T.....................h............/D.........g......lE..8....g6 ..$y.;.......KP.}s..s........$....C.....z.....g..jK.L.I)...`..eh.i...Yt.......Y..c1a.@..z.........r......\.T<....H`..A".h.Ak..&..l.....S=...q.Tf...]..)...HH.S#<..S..w.. ..zP.......mA;...%....w0.DW.p/k.....Gs..YT.e...k....{s...6./.....tRNS.....54.r...[...wIDATx............................................f..a ...?.fo3...e..PpdY.@.R..`0.....`0.....`0....c0..x....,...?.^.%.T.P..l..L...C.K.!.....(...b^Q.<..d....A<.N

Chrome Cache Entry: 455

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 374 x 374, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	16911
Entropy (8bit):	7.934373703337371
Encrypted:	false
SSDEEP:	384:QSOW+DyEX3jVahDPxHnivjHpD1kvKURoCcmsaeXQr6o7:J+tWPliDx1qroCcmxcC
MD5:	6B09F48B65A18886447C92B4F6285881
SHA1:	EA811C1A652CAA584B91A500D2D92D6D924C8AB4
SHA-256:	5B90F20FC8A9EE5CACC2A1E9A6ED72FFB1EEB183C770E67CA9190F6F7A883076
SHA-512:	A41E6CC8C5CCF16FDB4F3B3B490CF0506B8C87A2F655A4A92AA6B213F2456B17CA133866F31CF327D14B7D3FDD60F34B3FF30DC1DEAA2C1656DF80088ADCACD6
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-17.ca026495.png
Preview:	.PNG........IHDR...v...v.....M.CW....PLTE....#C..........Mg..5....Vt..G.;h..........<i.......<i..........=d.................9.........................:g.Ve..8.Xq..%.....@.7`.......Nc.......8`...................gs.....I..S.<c....bn.......bn................{M.............8h.X..Bo.......;j......................>k................5g./d.\...R.2e.Fq.b..\.>m.T..$]..T.`...[..Y.&_..W.............)`.............Bl........../.Px........%..............4........Z........... ....Y..d..^u..O._..6`.m...C.g..<g.Lt.......r..\p.......+\..8....0_..>.z..U{.iw..;.......'U....k..k..Tf.....T.j..8e.Q..e...........f}.2Z..J.................H....P..<`.C[.;Y.dy....Bb.cq....$Z..U.......)O..D....Vl..N..N.o.....Jd.J]..U."G.R_.NH....]l.h-._y.Gi....:.......\|...@...r............<P.../E.\|....^P.r{.\|1..!.xC.rE.....a.N........JtRNS.. .\. ..g@.. `..c@...Y0p.g@0....1...?..p..........PP..v...$Bm\|..>}IDATx..............................].wM#....#.^.b".Z.B.C.....B...R..%M.. ..r...!......(n.I(..rE.t..?......

Chrome Cache Entry: 456

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	3.5465935642949384
Encrypted:	false
SSDEEP:	3:7Fn:7Fn
MD5:	1093E1A6FF610F824EDD80B8F7C2E5D9
SHA1:	7AF98552E2A774F65E166CEC5A781B1A9B05C555
SHA-256:	0F9ACC04DBAC5096B11F6F3B16188FFD8E9EC18A1F6408015285454581080CF9
SHA-512:	6C7CE358C51DFDAD72B4B3950C92EC725DBD14296D544C80429E89AC82B9E56CF8519F21158D65650B441F3C774EDA66B872E7CAD206CB6EF695752D59693D3F
Malicious:	false
Preview:	403 forbidden

Chrome Cache Entry: 457

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 814 x 1555, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	103063
Entropy (8bit):	7.978507916796797
Encrypted:	false
SSDEEP:	3072:ItSF0R3ulBWhFvTMnS2OWuYfROEH9+U70kyQ4q:It4O3ubghTMnSouYfzH9VL
MD5:	E36F69BFAEE8E4FF2CF071430B20D60A
SHA1:	A568FBF8DD6AF84F794FF8C2C563D9299D196029
SHA-256:	C6EAC38B55F2A38D1A081EADEBD3BEF2B5DF2A57C0C058BF03F6DB7E496997BC
SHA-512:	CDB4865B872273AA88D1AF36CA76F60FDAC8BF1BB7BC081F77517AD7D3DF1B142C8FEF0358C45E0BE0BAC9B0452238AAADFACFEE1DB685D24A4E258715F3BC2F
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-3.f961bc34.png
Preview:	.PNG........IHDR............."..M....PLTE....C..>\|.=u.?..=.................................................................................................a9MMN....................................................................................................................].......................................................o..............................................................mln......]]a...>=>...............dej%%%..........................................VVY...{z{....................pqx...x.............667........GGI.....................H.................~..sv.p......x1.........x}...............j......................r.....................N....................s......uU.................jE..............b^..`.......c>....B.g.J...s....N...iE.wU0.v.I......tRNS......JmS0l.....w........+m....4IDATx...............................sA. ..(u.K...u[ .C........N.EQ.EQ.EQ.EQ.EQ.}.tjy_z.G......Z.......T....o.?zD..(.k.:...`.J..H_..U.\2.3zZK....9S.K

Chrome Cache Entry: 458

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Category:	dropped
Size (bytes):	25393
Entropy (8bit):	7.975344734008277
Encrypted:	false
SSDEEP:	384:ms8YWEWWhxpiYIUvVNubHSTtMxmY1m8r3cVdnjjbeqRRI73POG8opzphDLupurpz:4op/H0H1x5micrvRRI7oaDLupkSk
MD5:	83E8B2F0F282E271EB9216F227EA0D54
SHA1:	5590E817B200BF2E27503E6C0F629F3722108E93
SHA-256:	9B1D79EA17F15878654FA4AF07696CA1D02E61C398196F26729F7ED785A080DC
SHA-512:	E796455CD041114B10BEE215224BEA29EBF673DDE5609DAAFDF74449A67F2CB9CA0085EBA26514A6851923C19677736A8FFD8FD7FA3A54DAD365E3E9B258C618
Malicious:	false
Preview:	............ ..c.......PNG........IHDR.............\r.f..b.IDATx..Io.....;..w.II.T.l.}.^..f.]..l.......0<0P....#..B..=....p...w..R.T.....mDl.V.8.).J.<$...O......._.#G..9r..#G..9r..#G..9r..#G..9r..#G..9r..#G..9r..#G..9r.Xl....9>.u..M}d..s{..l2.'...}...Z..../..0.......R....p.._c...Ev.c...[.....If...4.X.[.........P..@.X.....C%..A.V..9V...g.z....C..t..A.. ~....>h9....n....tE..]........T.b..2[.T....q..`._...6.7+.}..8.o..c...".FH#.?+.YdM......n..T..J^DV..@..&..o..u.x...........`.....N.Y...!1....d..q..9.....f.!B[..&../#+.J.X.....W....~.G.....E...D.......V3....c}>$..p.l...r..k...\..>X.5.........z..<.6.B(...].OF.NF..ge?."..c?..C/..\|$ @H.j.....w.a...:.....I.........>.._G..U...n........]..r.D.`[_A.!.:..c.1...Y..mb..H.B.f.&...A..A.....M_%u.5..)........?B.......m...v..#.8r..5#....6.g..7._.O."X..+..........i....0..U......5...n..3B.$....9.\..._B.....>......D.....e<...E.<...S..#..h...\|."...,.b..n..#j....[....C..1...... ..,..;K....!..!..9x..5..A.Y.E..+..

Chrome Cache Entry: 459

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	35304
Entropy (8bit):	7.9742668972721615
Encrypted:	false
SSDEEP:	768:Pd24VoXv9aJJwRIzzDxsm/3WK1zKsZv4mOVSQeEdeCp+i++rR3Es:VZoXv9Awy3/xzKsemtS+inEs
MD5:	D9EB20D6C7B9AF71AD3A9E5515549A0E
SHA1:	0297B88C948696F5B2FD0F01C8E10E08A99ECFDF
SHA-256:	55976AB7E3177781BC697F893592DCB27EA70AB35319B29112DC51565DC96DF5
SHA-512:	6C95C668E400B7788BC30A8254B681FD1874A49A3DE4B2D3630D744772FBE5906970279257E8F4BBD2F66F977819915E76447DBA8C94D989939EA7E05F27BD4A
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/role-xx.0c154e87.png
Preview:	.PNG........IHDR...x...x.....iC......PLTE...D61=52;514/-:2/=54.~q=1,?3-"#$'&&E6,)().$%&.jW...ycKKHQ......qhq...{i4..{q7.]..qhq.TC...~s=...s.}.w\|>+ @-!C/#9)!?-%D1&<(.6&.......:,#3(!&..2#..........#..H3'-$....!!/%%. ""&(4((+02046......%,....+)+H54;235...........49;...,..C11:,,aLMM98I=?..`h_dA68.. K8..[S>=`Z_..:=@rekgQQ]GG....WCD.......'KIO^SWlWXBCH.4".@--SPV...P..V.....MXJNsoq...cOCF".......s]^......xvy........hgk........K................~........r?...................................zB.x..W.#-.......y......"2C.wK......^]m.ws......pX..}dMD(t`-yh:.asJN1;J..S/1hjz.iBF.......JUf5.....{`7;...XN4..XF!'..M..i.$;.RW....weT):HZ..S..m.EC...w._S...n0..._f.og[?.qf..........wQ..@.cV._E.......{w.on.m.!AY....hf......-6.y..vtwhK.W_.x.k~..I?...R)a......&tRNS..0Lc~......&.M.s.@...b.....e...E.....qIDATx..=..Q...f.1.-....iB $a7...u.A'r.8.....N5..`c..'...[.._.s.;.$Y.7i..u.1..3.s.{.DLLLLLLLL".L.R.d"...L.3 6._H...r&..U..T*.4_...d\|

Chrome Cache Entry: 460

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 376 x 376, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	40507
Entropy (8bit):	7.961167183634244
Encrypted:	false
SSDEEP:	768:cunsBJA+Zn8kDVhXUFF/rNRrqgWoAVo1Sedo1czCXW5X6ugWxr8pQLvfimQMK7N:cjBJJZn88VpUXxRqgWocQSedo1ICG56p
MD5:	DC7EAE4CB33CFD503A7392EAA24337CA
SHA1:	6D23C2E24E655F16025003BE66EF31FAE0EDF45F
SHA-256:	1F9114E36F9EF6B3F7B8CE4CD507BDD4AF2DA47178CE5F32402DCD63723ADF85
SHA-512:	A92D5E4A4173BD2B86BD6258ABB01FB263C6AE125E1DA4644EEFB3522EEC0651F3779B2692845CCE0958E80DC0BC08AD167ECBE4AF11CA7DDDAF5D542BCC788A
Malicious:	false
Preview:	.PNG........IHDR...x...x.....iC......PLTE.....RUI,.Z]l......."D.NSh9:......px.}..bi.~..ju.48.@E....Be...KM.......Ve...~..9......llw.:?R...QIy......zv\AI...l.........NRI...`...q{..............D..B.....=............................{..w..k.....s......................m.....e..l..\|..q..r..`.....~a........................xX................njPxqR..vtb..x.....idF.....}......_cX.p...x]]B.#........hmc..{{m.....{.......b....)..........o.......i.........."...Y...x.........HM7....7....\|......d.X........`......O.".....*.\|V....~........C..&$....._.Z[....".27/.-...M[X........s...Y....ki........../.cu[a........X.&......XG\|-9.=........{q...OM.K8Gw:.BK....0..3 .....mo......{h.C.\|.....}j.._.....D....o.=....j..Ve...cw..b3.ui~...(......I.F....;...?....Ce...;tRNS....%0...N.H..C..r..c.....J.g.}.{.......}...........x...w.h....IDATx..?L.Q..y.......^.q...p.AD.J..I..i..`;4.....$.c0.4..)c..c.M...4L..K.N...{w..o...,..[>\|......$E...?..

Chrome Cache Entry: 461

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999493725913608
Encrypted:	true
SSDEEP:	24576:TXuRG3hkZRd3H842tyrmczPmlLh7WZ+pAPPJfS:TXuo3Mfetyrmc2qM
MD5:	1F3D7F810C43FA0173BCBA646EFB0AF1
SHA1:	70BD12C1B6072E4938A8FB861FF038374723DCA3
SHA-256:	DC0DDF7481DFEB7E5C696A17E5BDB69EA4CB90BBF4C28B57E2D9BF25C0C7C83E
SHA-512:	678C9742861861AB47B857C08AE399D196ACDEC240719D4E0E2368D1E1ECC99CA0D16D6AC365C0D3CD237870C600C3DAEB36437D0A28A34C0CBC60CEF22F3EFA
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:b
Preview:	.....t.M....MC.\.U..P.._..A...J`.H.l._.........e@./....D.....(.l....h....me.Y...")/{Nrq.T.9..b..i...]R.j-.o...R._g.C...O.s..."..H{..Pw/...J.G.e........32EI..c....ol.'.....w!...nBM4r.y...y.o...vqVK..[..'.0.B=6...&..u.......\|...jZ..kT&........o.......8.jjhQh4.\.m<z..........Xu...&.0.~Hv.......do`\|93L..4..GOS...w.E....j........C........;TF..$..r.wC...).7 {]..pUk..Y......pS.._..~..X>F..t.K....]..V.!.;"..Rb....I...e{......W(3....0.v.J.........W.c..{..p..\|... O@..w.v.Cw.\q...E.}._.\..R.%t.T..a...C..I%..>xf...4.....qqf...!..1...\|.W..7.<...>`...+.VY.0...e3.1.Q g,.go..o.JL6b3...<_rK#... ?.{...1Z,..g.L(.zw.&.G.....(L8.....f.$...0!.;`.8...1.(..\#ah..@roO.+.0D.h...k/..'W.q;..X..#....L'..#...3..2O\H.?g......j....Y#!...l$e.O#....ax.O..F67..r.7:.X.....s)%,*@Ml.....z9.C.ChuXSr..i.........\|R..^..rG.go.....<........;/UX...L...d..7..1m+_.1f......=H!..@-...M4@.vZ....m...U.%'....:.#..8..~.&..q.>UY.!..V......:.a>..\.uu9...u>\|.....l..fN.N1...W`wz\|3@?b...q.d.#.

Chrome Cache Entry: 462

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 208 x 208, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8337
Entropy (8bit):	7.922684154713854
Encrypted:	false
SSDEEP:	192:5ADPa0oXZ6jkudR2KsmA+FHbzfqCTrvvaY+E9tcPxsr2VMn:52azpUj2Km+KCTrvvaPE9tESn
MD5:	FBE6B924EAB40D73B0E3F142E6601562
SHA1:	1582C7A664D5A0CB42A8C767C21617C4482AF40C
SHA-256:	FCBBC36CE022D677E4BFC53A6E1CB0CCF287154A4727D77F5F27EF4C6A820A9D
SHA-512:	2BA1C9AD6FC30C5A844119B6FC682D9FB94A240F095F480D8706DB35453B84E73FC5E0B3B5B788F7F6A29E3FE6775882BB04F6E4A0C7CEE283AEF6B4792B6F25
Malicious:	false
Preview:	.PNG........IHDR.............Az.F....PLTE....R..Q..K.u......)........%z....,..4........z.......-...}..........".........y.......5w..........(..&..0........&.............7.....i.................i....-..!}.............................................\........./..4..)..9.."....6.....:.C......%.D.............s....4.....:..1...........$....."...........'.................2..-........................x.....l....#......w.._...C.e.......-...........=...u................,.........x...........\|.....~.......... ...o.....v.....z.........................................G........M..\|..........o.....U..N..h.....j.....X.....z..q..S..a...........p..b..[........Z....:.H.y!.N...Pi.......c.6..JC........6..N....=........{889....Z....211..,....4.(..W.4.i ...?AE,,,.{........<...]cmt..LOU...kq}.;.....KtRNS.......3':.N..P....d.F o.vb..W..~..m.....!......e...B....z...............IDATx...1..0..qHc..7...p.Hi.2R.=...di.(9.{.)r....a.....yK .m....'&.O..(...B.P(...B.P(....]".....ISk.

Chrome Cache Entry: 463

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
Category:	downloaded
Size (bytes):	108197
Entropy (8bit):	7.965925240016335
Encrypted:	false
SSDEEP:	1536:ajIplz8CNI/Oe+AxiRgR5kxrGJt/ElI3bo6i1PsrjzDipWOSkO3FaRTRpa7gx:aWlo/OeTL5kqJEqusrLipWOSxoPMcx
MD5:	E7CE14171EBAD4B5EB07FB8A70E65F09
SHA1:	13A0EF7C70413B97BE94C5537F8704123BC2EE28
SHA-256:	0BA0B3D297B7A2AB57110F1E18728CD18100B6A6E7F8EB3784D8BD44F3A5ECDE
SHA-512:	8BD03D0388E8860E85D7B9FCCFCA0D6C41AEC3EE85BB06BAABABE271A8CA03122023F76EFF8FE12F5E15F275F2EA2E2173733D56436E6C38DF4115DD6266F3C3
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/poster.712f34ab.jpg
Preview:	......Exif..II*.................Ducky.......(.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 23.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:A0B87D03944A11EE8656EFD4C33CE12A" xmpMM:DocumentID="xmp.did:A0B87D04944A11EE8656EFD4C33CE12A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A0B87D01944A11EE8656EFD4C33CE12A" stRef:documentID="xmp.did:A0B87D02944A11EE8656EFD4C33CE12A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................................$$''$$53335;;;;;;;;;;.............................%......% #...# ((%%(

Chrome Cache Entry: 464

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	50879
Entropy (8bit):	7.967083991413486
Encrypted:	false
SSDEEP:	768:oR7CA1cJ1DCqnNBIrdBIYEMBLtUwpl5N+DHhMAgrL4XWQ6iHYoi2ex5d:oAbTOqN6v5EQfl5iHyrLGpHwF
MD5:	8A759A3A1692424032E47211CB421A5C
SHA1:	85D3835506AEBBC06731C140E211BF287DF67E7E
SHA-256:	77E97533A708391B5ED096E28BA09837B4203FF78FE08BCB02943E89CC5960C2
SHA-512:	75AEAC44D2F3125C263DA6A51C47224C09498800AE0DEAC536C4C18750255FC7F4DC0CC58708C0FF39CEA2BA2EE4E10AE6EFF30727C1C5FFDA9322C250F3D82F
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-1.25daaddf.png
Preview:	.PNG........IHDR................u....PLTE...............nnn.........................................................................................................................................................................................................................................................................................................................................................................................................Y............................vn...e...z.Q............l.........r.........e.P.I.....y.._....b.P.....Z.....................z.L.....k...M...~f.K....O.J..K..Y......w...s.W......y...............rW.ZxS....r............ts.i{.........x......x.#.....tRNS....T2..n..t......-.t...YIDATx..r.0..&.....r.m..........i...VOz.>bI..@...^.Z-.$.[6./.>...A.R.T.J...>T...L.R.'. "O....@~..o..E.#K.:q9v@..v....no=V..t%..._...qv.U' .

Chrome Cache Entry: 465

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 152 x 152, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	19176
Entropy (8bit):	7.983338413624944
Encrypted:	false
SSDEEP:	384:GOlPWT70FVi7oViVO9eJaFIntcJrlbNoldw9OBh/esTTrVz:GOlPQ7e87W9eJaKtA5mldf//1TTrh
MD5:	B8B3AC9B2ED87863B567118CC18BBD15
SHA1:	AE314CBB019CE1710D39EA0FC4EA23D60D177A70
SHA-256:	15DC12C46BAAC97C8665C5D40A3323BF7242F266FCF511E14C15EC138ADE546D
SHA-512:	0A78C53541DD77E0BF14E5799F01CD75E39C9ED2A8A51A71FB9DF9F24A3C3D2C105BC6C7BF133855F5328B4F16F073BEB7F5530C29A4BFB8BD22DDDBA6D6643B
Malicious:	false
Preview:	.PNG........IHDR............... !....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..I)IDATx..}..]Gu.9..&u.-Y..q..../.2I.c......Y.&.....M.Y2I...2..pB...[.\|...1X2db......"c.V...$.[R/.....^kK..JT..w.u.....N...d:.N...d:.N...d....(...5.>{..p2.L..).+\|n.2m..a8.N.cM.@].u.,.uQ...t\|.4.td...h]:.b.O..N....f.D........[.nm.Z.s4..].>....W..4{I..+....{.._M.......o..aW..Jtx...8....E...h.@2::.....\..)....!,P\x.+^N...o....p.S.(..}.S...;v...?..~...=.....0.y...[..\|.}....>..`..m .J..;..........6..X{.8$b.#..U.}_............;...x...w..e~...iN.L.$.k.o_}.g..6.'d.d+..>z..y..O...^.........`.?......x .>.;v..\|.Oa....W.r...,.Y.u...Q.....nZ.Mk

Chrome Cache Entry: 466

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 200 x 174, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	8768
Entropy (8bit):	7.922964844859828
Encrypted:	false
SSDEEP:	192:QAhB8Ztl/3eu6Ot83RG1xtCwpcovaxOJwZKh6zEtFtc9KrQE:QiqZ7T6Ot83RiZnvuEw0pE9Kr1
MD5:	80E85FEBC3E5B7494B1FC825B13ED505
SHA1:	4B1CE6AE606721284C1A9C28FFA96F0731B4A5CD
SHA-256:	98E2DF484E9DA9002CED06EC0C5EC5FA2B97BDA21E7390D75C543EBD45A70666
SHA-512:	509B3513131768FE0A5BCB08F942D00FF2C2AE3B2EB840906D66E067D727E8F0F28F8494F7EDD38510C83CE75C09B435800F9C963F7B281B0ECDE802412B8B76
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/ornament-26.3e460242.png
Preview:	.PNG........IHDR.............D+......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................V.............[....S..........A.......O...................L..?................'...^.........H..........b......................E................g.............................t.}....K...........y._l.......C.......Y...1....ym..X.............Y.E..#........;..A..z.......n..R..7...[.......$.h......5..........U..i.;..4.Z,..x....M........*tRNS. @.`p..........P.0.`P.......0...`.1..x(....IDATx....N.Q...)R./.."...(e:u.4]@C,......XG.P.a.O..'..\.i...."q.K..sn.L{;Nq.~P....9.........$..1.../m\.w(..;[........tr..........5

Chrome Cache Entry: 467

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 121 x 121, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	10520
Entropy (8bit):	7.97949289515813
Encrypted:	false
SSDEEP:	192:IXYAmWhoq9Ff8KcQyKwOuV+litV+z/27VBtIV3menRaG7xRsfjxaB:IXSYrf8PNx+oUj27VExmenBxR3
MD5:	596E73982012010E6A3972C0E0D848C1
SHA1:	BC655FC79E3781E7C68C46C1645B198E2797FFF8
SHA-256:	13EB64C2097B21543E4B0632D529E695853A90BEB7FD8DD2429A3522F1DA8F61
SHA-512:	689E9B6B0DC67AC978B940525B803769C9EF70DC4691E3B110DBD98D5874C4E2EE33170F5C85DCAA716B9A3214869575B6D99E9854036FCEBD578F537FEE5CAF
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-1.c1c08300.png
Preview:	.PNG........IHDR...y...y.....$~{....PLTE.... .Q....P5.P.\F..r.q7.B..z.%..bJ...X.C..../.P.7..`<...r=.iAG..?..O.....1..+..i5......Y..../..8..^0.e..q<.E!.R)...:......'...A."...,..w..5...X.....o...\|O.V-.M$.J"{>..{J.tE......g;.......^9......y...#~._7.f6.J.N%....~....T.W..M....`.H\.~O.Rh.......tE.>.......yE....`..S\|8.........}.j.BX.>...B..q.o.G$.Z+.dt.........]+.Z.`8.T(.p....`.K.s4yI...{..o.[n.nG.\|B.(.........Ff:..i..fz..d.T.4=.Q9.n/Y2........y..d.fN.O/.4........x.f.n_.jE.m9.(...p?r+....Ui.B3.Wj..Y.xY.~X.k(.@..J.....:.X-L..;....og7IuO3.%&.......{..k.R.S.u...}n%5c#.....V$/............j.@MtG"./.....\|......i.&[....Gp..e.`3....1..(....,3.p.\...JW}0>....9..=... ..s..`..5t.7."....j.!.\|..UZ...r..l{.DC......dK.>H....t]]K:\..-"CYW..^..L.........tRNS.@.@B.....:...z.......S.G..%.IDATh..}L.e..gu...L.1AC.`.M..l{..4....NO..Ml..Bx..m$}.Rm.y....)..v......:JP.N.eN......f.........I?..=.....]......].a...s..ae)....&:;.3..x

Chrome Cache Entry: 468

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999601458747834
Encrypted:	true
SSDEEP:	24576:/3Yq7at1reoIhmNVrWJW++K2xALGGD0XZsBCAALyUxnutqBqF2cmbh:/3dat1rermN8TKAL9D0XZYCjmUxmqPci
MD5:	3E55B168217E4593872825FA3676D8D4
SHA1:	5BA25897FCD4431361DCBBBB11355ECD46F83243
SHA-256:	4E962284F78D330C49DCA987845BD1A9F1F4494696B5ABED05F3D42D6C4E6BB9
SHA-512:	B91EBC2B490D48445F1DBA0E848D89E17FC9A306622899F8844F5EA9E3C625DC221B3730D7731DA85BC759F92E17B0CBDBBC512FA913E9AFF6E759DDE7BCD43F
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:c
Preview:	zA(.D.. >7`h$Z.^..k3......e.P......&.......mV.%...e..%.....4.$..v%B.9..h....!.Ut..o...j.R....,%...+,My..B....tQ(a...&....1..3.6...$.I...A.e..-5..X..1...0..h..[.].T...F.l.I...5..Xb^..~..k.;..R.N.......(...f......H%............&.DG.........2.o....G0.>.7......&.....Y...Z...l...7.....Z.....>..g+?..J..d..^.].....j.P../.+.%.k......9..7..E..O\Hz.....<1....YUu.;.\<.Q4V.d^-....K..(.0.....v..S.No#,.e$..%.t..7..N.Z..K0.q:'........X...Mb.M^.c....H!...;7^...<...+./..y.<X.\|!........[..N.I.M..JQ.S._`2>.Ln.]3..\|#JCE...^lg.(i.+.L....."...G...\.}.n...$....Tq..-....W.e.+.^....uS$<[-...h.U..<M....b&q..:>.").M..p~A..]=..Q(.....n....."D.!=...i.......$.#....f..f \8..et...[..$..1.Wi1.F..-..U...&6.#]D..\d..6=`....j....../GA.z.2../..^.^K...<..[%t].t((...;.....i.m...-D.\|...,.A..z./.$f-S....#.#..../.....q....Q....,..z.Sd......=..Xp..W.3H.y.......uV........e.N...\..t....Z.@..`.a....}Q.\|..VI._&.q.,....".....T./W..`Z%]...K..X.G9....5Lj .....vU.E..t2R..............O...fe..

Chrome Cache Entry: 469

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 467 x 536, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	50531
Entropy (8bit):	7.966740321893992
Encrypted:	false
SSDEEP:	1536:EMVMGp73Z0dyPU23vL/zeZwWnkOmbA1a2UuJ:rVMM73qds/emWMbA1V
MD5:	8CEDD744B699C86ECC62E474026FF0C0
SHA1:	1912B7A1D5444D47E4069D85DED80B0534E6AA9F
SHA-256:	7C677F62E0BB1B84ADF3361360596B61A1277EF550597AA228945D686F127C42
SHA-512:	158F9FD16D42C99AED25C191FD72C871D1AD6AF0B0924497078982771D224F5E76CAD9DDD474F437ADCE724EE380C064FF01CD632C8F6D54C6E2CABE6F51717F
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/room-11.1e3d5127.png
Preview:	.PNG........IHDR................u....PLTE..............zzz.........RRR......................................................................................................................`\V...\YV.....d_X................................fa\......a................................WVV...je_V....W....e.....................rZY.......[..........L............z`..^][......x_].....A.................t.........\...........oid............Q.......\_a......nkK.....@..zff.......urNOR......v..U.........x......~sk..~.....q..T.........~.......g............h..P.......vjq.qbgi...^.....w........................_....p......................^........k....m...mv....}.........p..Q..U.....q..f............fT......h..\|....C.......{..a...{....a..x..6....tRNS.....8.sU)............IDATx..An.@.E'(...g..."......Mr.9.{$Vl8......7......z6f4...n.KQ.EQ.EQ........._.G.<..h....8[..Cu)L&.T....2(B......x....TN.?..U6.8.....*F.....~.x.

Chrome Cache Entry: 470

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 6410 x 1040, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	458472
Entropy (8bit):	7.907759234052355
Encrypted:	false
SSDEEP:	6144:q6ekpbHldleM4XwMxMXV1V3irLm+xAVr6xhFUDe2D8SFUeOsSEiYzCQvhLB1zR:q6/bFCNXGyr65Ve2Deu8SRSvCCQdB5R
MD5:	E401FD858AC3FC57E1A2AFF07709E145
SHA1:	76AD3FC50BC33DA72BAAD02908A6BB570BE3735A
SHA-256:	A97F46B492FAA4048454C01F323B19652C54EC9CC4F3BB4A908F180487A84897
SHA-512:	0ECFE22F481A000A096F7D6EAF5AC651BF20B383BE51F7BF5040CBF9C25A9D7852F76EB281815AEE02094A7AF8B7515753BCD76BF9FD42A0203C58B34E632524
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/preview-all.ad0b1649.png
Preview:	.PNG........IHDR.............9U./....PLTE......hf[.....................?8?.v...........}..4.pho...\|l.irX.aQq.1..YM?LGH........^V_.\|<......bYZ.7..........x.....v.r>0M6+...\|x.U5.o9s....A...UH...N.#......n=3..E.rC..x.......B...\|.......-....l...o.@\..T$..............z0.......u.......o'yI)..................................3...S5.....g...<.................~.......I.....g..g2"....e~......r...Y........W.................]...0mC8.~....k..I.w. ).........x.a.....t!.3./...gP..P......5....r...........p.r...b..o.b\a..._\|..tB- *G..PGy..\|. .....;.v[RJP..V.a....Q .^...l.....nj..~.........^pnr.........P..!..P..{.s......N...jB./2........S]wQoq....th>[.O..dB...2_Mc...+.w.h]....Q7L......c....I.....J.{..;d.....%.....Ut....<...T.. G.]..p..j.....t.......=O..5.9z....wpF.c.....HtRNS..+)GD..~d..c.....7.m...J......R..............c........k.........;B.....OIDATx.........................................................................`..@.........TUUUUUUU

Chrome Cache Entry: 472

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999487081712327
Encrypted:	true
SSDEEP:	24576:kLvxbqEY1Dzjp++brB+fK+G7hrKzlYbYoMzWuGxUjERAiNZUNRaN6z:U5O31FbrQfqDbY1WkjQN6uS
MD5:	ED6BF612F047790A8E4838903C179F54
SHA1:	6033249865E95C444D0B5F957E5ACA9568CC1BB1
SHA-256:	51C8343756E78C27DDD9D399EC8BFAF85A4EF47694F294CACEE4BB8B68300197
SHA-512:	AF724650E0EA9E38F0265E2A0AB77EC1EF137508EC7EBDC4D4B2D10B6875FB78564D7EBCE940FE401421E9B537B6FC64C777A5E6257FE94566B09185F2473207
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:6
Preview:	=l.v.....l.c,.@..K....2....OTt.6.dd.k.....d....Qc.)/...6..}r(Z..+d;...d.0..X.+w'..G...w..._.lb8...W.7.y....._...T.7...:(..;..>.....z...t.`......Y..\..."Z.........@P.......i...}.A...:3'.c.{H8^_...a.5-].I2.H.'b^..1..S.....d.Z..&vSV,..G....9..q.jr...\|z..`uW.........$.\.q..e..M...d.o..k...._6y.N.....\.`O.2n%GUj..L.c.S..H....AN.@;0.$........i..z..&.Y.....Ns.....n^.'u.......K..L.H....3w....(R.fiq..\|.6m...?^......n..!..b._.o.../I..=5..^...G.9R%....X.;.7..v.XX.......F.&.t...C. ..;.......n.".9.K.=f..`.5w..I.i#.s. 1.s.w..N.+W})..xq(~.S..Q..W......B.w....^.....m.l...\|.G/_.1..8.;..1q.^x...L.\..K..`..?i.p...!..).\|. U......p...4........iaB..{."o.+.,..L.....6g,Pu.......F0.i.\~g..J.....v.+..w.. ..4...X.`<..../....\.t....G...b,..J.....I.0.M........./.Y.?.C.!.q.KV..ID.7-M.=Ud....".;.3.>..5J...6.3x....(Y...7.J b.l.O]H.z.g+..<..%2.{:..C_...9..?...q.\|...Y"b.1..P......H...Q.w>..Go.................vV..V.D.@*}.R..l..ES..N..&..R.7...jC.~.d.2.SL....1..,.bN_

Chrome Cache Entry: 474

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 121 x 121, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11928
Entropy (8bit):	7.979219128250882
Encrypted:	false
SSDEEP:	192:2/jd2qJxm3HMTF7TNctutuR9M6ENgVtddfaf63Eq02Kor8PCacHKHJDSy8dCHhoS:a0qHm3HCTWNRPEwtTafQEkrYCappDNoc
MD5:	3D023D568DA1BC239AE899B20FC628A8
SHA1:	5397E59CA33DCC761656B612F3CAE2EF3A50051C
SHA-256:	DB08AFC5E482A6E2F40C558F064600E84006A9C6945BDAE6E2FF63CC5A464EE3
SHA-512:	17C1177A9213C5DFDF35F5FDD12A7668FF8E76AEF1FA615EF208AA6F0473ACBA5EBBF3B75AE10D0D04DF78230EDFF7FED046D19F424896118E485F74D6DE8F59
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-logo-4.2763deef.png
Preview:	.PNG........IHDR...y...y.....$~{....PLTE...19_#';Z\....28d...NR.%-P"&G#,Sh..3>d&-M.!<=Ix..3KQ.<C.H[.:Dq......;E....+;..."1,->...%'8)&4..%#%3;5C..!/0B..,-7A8F1-<,3L %E%,D.$<71?.$5#)?18Q. 8>B_)6VHS\|7Jv=N}0?j6.8IRs7>Z3Ab*/G33F-:dPX.=JlAGeMY\|4Dm@V.2:W%0NJZ.,;]Q].&-T86KHb."(L7FfCP.Tc.=O......278_F=LFS.?RtCJp...q..@[.n..U`.w..G_.a{.1AtKO.BI.4H}Sf.GMi9<i...&1[IDT:Cs+4b...jy.^m.<S.Sf.>FzEc.6W.]c........er.Ji.% ,g....Xo.\h.==S`..Z{.Yn.Tr.e..Kv..../7nQt.7H.~..O..Mj.N[.[Q_.....6?zTJY.....o.....s..r../0[...^..kz.]d....\|...jt...&.......Fn.Ab.s^k......\|.......}.._....Gk.w...\|..^i.......Q.....^x..x.jk.Z^u...Z....l..d.......@T.8d......fXg......l.......SQi...@y.P..Sw.qt.n......kKZ...`..y\|....}huT<L...eu.p}...o..Y[.O..C.....d.....w........P..Ph...........Rz.T..Eo...~yg......7G."-. .=....tRNS.?@>. ..o..>....s..g.\xg...+.IDATh..kLZg.....g.:M.....=.@.9....Vn......a T...Sg...M;...n.......%.s.R.nV...~.....i..>.9..........{....Iz.../l..QE....E1...d..;Z.6.M.

Chrome Cache Entry: 475

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Category:	downloaded
Size (bytes):	25393
Entropy (8bit):	7.975344734008277
Encrypted:	false
SSDEEP:	384:ms8YWEWWhxpiYIUvVNubHSTtMxmY1m8r3cVdnjjbeqRRI73POG8opzphDLupurpz:4op/H0H1x5micrvRRI7oaDLupkSk
MD5:	83E8B2F0F282E271EB9216F227EA0D54
SHA1:	5590E817B200BF2E27503E6C0F629F3722108E93
SHA-256:	9B1D79EA17F15878654FA4AF07696CA1D02E61C398196F26729F7ED785A080DC
SHA-512:	E796455CD041114B10BEE215224BEA29EBF673DDE5609DAAFDF74449A67F2CB9CA0085EBA26514A6851923C19677736A8FFD8FD7FA3A54DAD365E3E9B258C618
Malicious:	false
URL:	https://qq-web.cdn-go.cn//im.qq.com_new/7bce6d6d/asset/favicon.ico
Preview:	............ ..c.......PNG........IHDR.............\r.f..b.IDATx..Io.....;..w.II.T.l.}.^..f.]..l.......0<0P....#..B..=....p...w..R.T.....mDl.V.8.).J.<$...O......._.#G..9r..#G..9r..#G..9r..#G..9r..#G..9r..#G..9r..#G..9r.Xl....9>.u..M}d..s{..l2.'...}...Z..../..0.......R....p.._c...Ev.c...[.....If...4.X.[.........P..@.X.....C%..A.V..9V...g.z....C..t..A.. ~....>h9....n....tE..]........T.b..2[.T....q..`._...6.7+.}..8.o..c...".FH#.?+.YdM......n..T..J^DV..@..&..o..u.x...........`.....N.Y...!1....d..q..9.....f.!B[..&../#+.J.X.....W....~.G.....E...D.......V3....c}>$..p.l...r..k...\..>X.5.........z..<.6.B(...].OF.NF..ge?."..c?..C/..\|$ @H.j.....w.a...:.....I.........>.._G..U...n........]..r.D.`[_A.!.:..c.1...Y..mb..H.B.f.&...A..A.....M_%u.5..)........?B.......m...v..#.8r..5#....6.g..7._.O."X..+..........i....0..U......5...n..3B.$....9.\..._B.....>......D.....e<...E.<...S..#..h...\|."...,.b..n..#j....[....C..1...... ..,..;K....!..!..9x..5..A.Y.E..+..

Chrome Cache Entry: 476

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	1048576
Entropy (8bit):	7.999828186902826
Encrypted:	true
SSDEEP:	24576:dvxJLvcxZx7gPsab4SVsWLCMy/CNQ5d/QazZ/Ypfwk+hP3RTiEi:d3LvuAbvVshxT//QazlY2JhVi
MD5:	AE433125012A26AFE467EAA637304DA9
SHA1:	FA332FDCF56308FF93ACFA50E4B245F2C65CF297
SHA-256:	0506D44EB8890E0A78692DACD3BE1710C04153182119E6D2CEB20CEE6A53524B
SHA-512:	BB2946DCE39CC498804B29A5306DE8279A4FA1792114EC110BCB62C99DFB61DAD3F0DF0D2871C867244ED5FA83BF1B696BE8B54CAC1390CB76C9564A60A268FB
Malicious:	false
URL:	https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7c3ef35a3c00:11
Preview:	M!m&.~..Z..^.@Dk)Q..y..~.^.).P..@4;...Z... .........z.f.\|.vcy<.Nw..'....~=g.].......WX..pg..#. .m/..fkh.?^.3.R..G-...\|o.d.),..a.."..<.?....( O.....}.a,.X.HV.tNrK.^y)..K$.\M..0A..mu..."K....V.>...b.6...t.....cO..t.....f.......;.YI.>tp..J..7.....!11o.kYQ../..($.\|.Og'.S...>._4n....l.S..H.5..L.sT..;2.....-..c2.)L&z.../..V....}a.4X.C.....:i..`..""...m......[TZ..._.D..<e.G.)%^g+U.d.(...#.."}2_..]T3K...).l....b.'.#"r.y.".1.....dI!.q..20...q.o....u.......>.7.2"."..#!.3....`...e.e.#.......j..T.[....aq..\...g.K...q...K........K.PO.1.eM.......A.Y.f...1..My^.,y....%..t..........C..,..`\2t.E.sv..1..C..<........lS.4.......V..;r8 ..-YD.@...'XQ....B.DS4Vc.......>t...RY.#....#.a....f.".........]..X_....?E_P.H)iT.b.."^xGy.Z.b..N..5].9....\|.....R.2X..WW....9.[..R....["..V=..e.."...aM.1.....\|..n...>. t...1...W...E..NB.!...G....p....}...\|.....5..y3YY.2.P..c..y...].]...2...=_..U......Il...V.GZ...wXh....9..^..V...W..k... .Sl..l...'..=...Rg...>..V.o..d...

Chrome Cache Entry: 477

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 438 x 247, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	62227
Entropy (8bit):	7.985539475072989
Encrypted:	false
SSDEEP:	768:mhm4eCgiAhaEqHlzLnx5X6Hz/byL3nS+eA/UMZ+kIdoup5YcyxEdgn6qPoDa:mh3jNRLDS+++e9IQp5cEdCQm
MD5:	2C24916FCB318129CC24AF2A9ACA8D3D
SHA1:	F7814B79D0EDF290A36B9C3BB12EFE5E972191B1
SHA-256:	3375D3627D1022D14AED431ACC3495F376AA40F2C71A2FEB0AD1B5524615666B
SHA-512:	C7967C2BCDC955D524DCE80FBB9A1D547694B5A6085B8DB5D297EC3410DB97DA37C300ED284F73FC45127FD8079FCAF515A02D540C086A599A72F3682070C6A6
Malicious:	false
Preview:	.PNG........IHDR.............F..?....PLTE...epw....#%......(.1MV[AIM29=... $&..........................................(.0....%(#,.!$&+-.. .."!')."$/3+15........ ',/.!"9@D-4829=/6;$).#';CF6>B<EI...?GL (,!%$4<@$,0...P[`DMRBKQISYKU['/3GQW078MW]AINR]cEOUU`f...#'&NY_((...\ir.44..... ...Wbj!!.....z_mvYen6<<q}.OWY,-+my.$...~t..apz/1/alqx..dt}\|........KSW^gm..qju\|......V[[;><597...HQS...m..i........d=B@`L>.....vBGE.._x..fw.'%"s..U_a......o..[dh552n..j{.+!.FLKmqp}.......u....X1' ...82'.........bed@81...gki...QTSvywT>5iNC\C9.....7#]`^..zTK:.....MNN.........oSH......=IPM91@/(vXKHA0......HC=G4...................`SI....pa\|.........w...\|]QziI...aTMKD'29.~ewn`....i[.........m.wVb\Rj]C.xj.~WXYSTRH...........p.....cmcX.pO.th.......q=P^...2AM*9C..{J]j+=/..z...D &......Z&-..Pj~...{2=.L].h.5p.a....tRNS0.OO........A.....IDATx...k+e..z....!P[1...%.S2.8.\$...H<C...L80......8...F.....Z7n.`)B.)..!.{........%Z...o..i{...y......s........p......S...,F.?W./....]........A.......

Chrome Cache Entry: 478

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 795 x 1537, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	542510
Entropy (8bit):	7.982870793616109
Encrypted:	false
SSDEEP:	12288:ghWGsIHttizdlq40Q1XUVAAo0B+EmJK6HOiQN8PtJOx6GFiEe:g5tqXyG0B+LI4ntUFch
MD5:	01F2EF8C6EAD93573EF6B0F02174B65A
SHA1:	D96ABFC9DAE3353B67C1F442865577B14C950B4C
SHA-256:	52E9890D61E298CE3E7A68E22A7A22719AD34CDB590B60EAD170281CD9D39948
SHA-512:	5351C8BDD1F46636C49A2A08A08720C33B878B233E7C7328EB8F9BC038B3280D3E58A4A65BBD740DA06F6707DFFD91E0D6D59BF297367BA148D63ADED37C4C6E
Malicious:	false
URL:	https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/page-2.9a3b1afa.png
Preview:	.PNG........IHDR....................pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m\|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.\|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..EoIDATx..}..].Y..V......X.ZdY1..{.C.MC .[.mC...W.YB.i!.B....Y....-m.....M...4...IH!lR.w..1...,...V.wmiO......3..d[...Iw.9s...s.....".......................................................................................................................................................TUU.......b...b.....\|.M.m....O..k..i...)}.~\.o.......!..k......Y.Z{<..O.=.=w!.mxo..........j./.?...^^..q.y..~.<.32.........\|...dK` ..e#.a...").....W%E....u.qz^......F..k..A.-j..G...;....weW..M}DC.^.+.....$.2.7...\czZ.!.....k./.e.hWZv./EC...L...r.......}...G.]q'$........6m

Chrome Cache Entry: 479

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (31721)
Category:	dropped
Size (bytes):	31768
Entropy (8bit):	5.224788353742077
Encrypted:	false
SSDEEP:	384:+Sl3u9OjQjQxDBjb2F7IyUouK3wBZ8lGz+tHWSOGoDAfilZuluh+zZXQ1KbpQPUr:1ZjQjQ36uoX2pvYmsUwr7dEAZf
MD5:	78CE85CF25B73A3E634DCBF283F5C4BD
SHA1:	8970A0B36D915D86652A8E760016E41DB37CEED3
SHA-256:	1D3877307B44C0898E5EB8E51F862249958FE6411EE86F36640387F622C104AC
SHA-512:	35744F5B856DB405C875CE05DDD4BCC9253306231566D26866E0594E1C2B02D2DC6A84F75CFF0FBBCE02FD133D369A31B1DD9533A3A4E97FDA4933AFDAD8229C
Malicious:	false
Preview:	!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define("BeaconAction",e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).BeaconAction=e()}(this,(function(){"use strict";var t=function(e,n){return t=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n])},t(e,n)};var e=function(){return e=Object.assign\|\|function(t){for(var e,n=1,r=arguments.length;n<r;n++)for(var o in e=arguments[n])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},e.apply(this,arguments)};function n(t,e,n,r){return new(n\|\|(n=Promise))((function(o,i){function s(t){try{u(r.next(t))}catch(t){i(t)}}function a(t){try{u(r.throw(t))}catch(t){i(t)}}function u(t){var e;t.done?o(t.value):(e=t.value,e instanceof n?e:new n((function(t){t(e)}))).then(s,a)}u((r=r.apply(t,e\|\|[])).next())}))}function r(t,e){var n,r,o,i,s={label

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy (8bit):	7.905657310373609
TrID:	Win32 Executable (generic) a (10002005/4) 99.39% UPX compressed Win32 Executable (30571/9) 0.30% Win32 EXE Yoda's Crypter (26571/9) 0.26% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	SecuriteInfo.com.FileRepMalware.6250.26408.exe
File size:	690'176 bytes
MD5:	3402ace96c294551f3d207b10740a36a
SHA1:	3eacaa81aa48978f33e853e987ad19f749acec85
SHA256:	48f926ed55a169042c9155e2a23ac029580c5b5212b4f7deee2f9ea93e19ba4b
SHA512:	c7938a3e7d693bd2c156c74a70f2478d26ceb5671ad84c0c024ede53c9ea6d7ed359a811213d3f721e0c657ca8508e649d592410975bd529502e2a3db395a0c0
SSDEEP:	12288:Zoiuy01i3qg2pb9oJiqCU4AYYQ68wkQcRq98tOOcbyNmITp6XqmKqyCs9e:ZRuyiYqg2DoEA868wkQKvkI96Xqm96
TLSH:	FEE4236263769D54E08E6E74F8B06DA62711FC4122D03F2C1D48AD8BFDFAB504F152AB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z,..V.i...i.V.i.6se.U.i.#.g.}.i...z.{.i.4.z.B.i.V.h.2.i.`.c...i.`.b./.i...b...i...c.M.i.V.i...i...o.W.i.RichV.i................

File Icon


Icon Hash:	9eb3c18c2ceea99a

Static PE Info

General

Entrypoint:	0x78b220
Entrypoint Section:	UPX1
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x5D459335 [Sat Aug 3 13:59:17 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f2a4fded11dccddd4f6cdbb87718adbc

Entrypoint Preview

Instruction
pushad
mov esi, 006E5000h
lea edi, dword ptr [esi-002E4000h]
push edi
or ebp, FFFFFFFFh
jmp 00007FA8C0E97612h
nop
nop
nop
nop
nop
nop
mov al, byte ptr [esi]
inc esi
mov byte ptr [edi], al
inc edi
add ebx, ebx
jne 00007FA8C0E97609h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FA8C0E975EFh
mov eax, 00000001h
add ebx, ebx
jne 00007FA8C0E97609h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc eax, eax
add ebx, ebx
jnc 00007FA8C0E9760Dh
jne 00007FA8C0E9762Ah
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FA8C0E97621h
dec eax
add ebx, ebx
jne 00007FA8C0E97609h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc eax, eax
jmp 00007FA8C0E975D6h
add ebx, ebx
jne 00007FA8C0E97609h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
jmp 00007FA8C0E97654h
xor ecx, ecx
sub eax, 03h
jc 00007FA8C0E97613h
shl eax, 08h
mov al, byte ptr [esi]
inc esi
xor eax, FFFFFFFFh
je 00007FA8C0E97677h
sar eax, 1
mov ebp, eax
jmp 00007FA8C0E9760Dh
add ebx, ebx
jne 00007FA8C0E97609h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FA8C0E975CEh
inc ecx
add ebx, ebx
jne 00007FA8C0E97609h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007FA8C0E975C0h
add ebx, ebx
jne 00007FA8C0E97609h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
add ebx, ebx
jnc 00007FA8C0E975F1h
jne 00007FA8C0E9760Bh
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jnc 00007FA8C0E975E6h
add ecx, 02h
cmp ebp, FFFFFB00h
adc ecx, 02h
lea edx, dword ptr [eax+eax]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x38dad0	0x38c	.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x38c000	0x1ad0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
UPX0	0x1000	0x2e4000	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
UPX1	0x2e5000	0xa7000	0xa6400	0788f5a95174242f2d015484f9ce9d46	False	0.9852252702067669	data	7.917288540204249	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x38c000	0x2000	0x2000	a9a826d2485cd513010da958ed6afdc7	False	0.3251953125	data	3.9179429723378756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
TEXTINCLUDE	0x382bfc	0xb	data	Chinese	China	1.7272727272727273
TEXTINCLUDE	0x382c08	0x16	data	Chinese	China	1.4090909090909092
TEXTINCLUDE	0x382c20	0x151	data	Chinese	China	1.032640949554896
RT_CURSOR	0x382d74	0x134	data	Chinese	China	1.0357142857142858
RT_CURSOR	0x382ea8	0x134	data	Chinese	China	1.0357142857142858
RT_CURSOR	0x382fdc	0x134	OpenPGP Public Key	Chinese	China	1.0357142857142858
RT_CURSOR	0x383110	0xb4	data	Chinese	China	1.0611111111111111
RT_BITMAP	0x3831c4	0x248	data	Chinese	China	1.018835616438356
RT_BITMAP	0x38340c	0x144	data	Chinese	China	1.0339506172839505
RT_BITMAP	0x383550	0x158	data	Chinese	China	1.0319767441860466
RT_BITMAP	0x3836a8	0x158	data	Chinese	China	1.0319767441860466
RT_BITMAP	0x383800	0x158	data	Chinese	China	1.0319767441860466
RT_BITMAP	0x383958	0x158	data	Chinese	China	1.0319767441860466
RT_BITMAP	0x383ab0	0x158	data	Chinese	China	1.0319767441860466
RT_BITMAP	0x383c08	0x158	data	Chinese	China	1.0319767441860466
RT_BITMAP	0x383d60	0x158	data	Chinese	China	1.0319767441860466
RT_BITMAP	0x383eb8	0x158	data	Chinese	China	1.0319767441860466
RT_BITMAP	0x384010	0x5e4	data	Chinese	China	0.9946949602122016
RT_BITMAP	0x3845f4	0xb8	data	Chinese	China	1.059782608695652
RT_BITMAP	0x3846ac	0x16c	data	Chinese	China	0.9972527472527473
RT_BITMAP	0x384818	0x144	data	Chinese	China	1.0339506172839505
RT_ICON	0x38495c	0x2e8	data	Chinese	China	1.0147849462365592
RT_ICON	0x384c44	0x128	data	Chinese	China	1.037162162162162
RT_ICON	0x38cc00	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192			0.3885135135135135
RT_ICON	0x38cd2c	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640			0.33198924731182794
RT_ICON	0x38d018	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536			0.22378048780487805
RT_MENU	0x3857e4	0xc	data	Chinese	China	1.75
RT_MENU	0x3857f0	0x284	data	Chinese	China	1.0170807453416149
RT_DIALOG	0x385a74	0x98	data	Chinese	China	1.0723684210526316
RT_DIALOG	0x385b0c	0x17a	data	Chinese	China	1.029100529100529
RT_DIALOG	0x385c88	0xfa	data	Chinese	China	1.044
RT_DIALOG	0x385d84	0xea	data	Chinese	China	1.047008547008547
RT_DIALOG	0x385e70	0x8ae	data	Chinese	China	0.9810981098109811
RT_DIALOG	0x386720	0xb2	OpenPGP Public Key	Chinese	China	1.0393258426966292
RT_DIALOG	0x3867d4	0xcc	data	Chinese	China	1.053921568627451
RT_DIALOG	0x3868a0	0xb2	data	Chinese	China	1.0617977528089888
RT_DIALOG	0x386954	0xe2	data	Chinese	China	1.0398230088495575
RT_DIALOG	0x386a38	0x18c	DOS executable (COM, 0x8C-variant)	Chinese	China	1.0277777777777777
RT_STRING	0x386bc4	0x50	data	Chinese	China	1.1375
RT_STRING	0x386c14	0x2c	data	Chinese	China	1.25
RT_STRING	0x386c40	0x78	data	Chinese	China	1.0916666666666666
RT_STRING	0x386cb8	0x1c4	data	Chinese	China	1.0243362831858407
RT_STRING	0x386e7c	0x12a	zlib compressed data	Chinese	China	1.0369127516778522
RT_STRING	0x386fa8	0x146	data	Chinese	China	1.0337423312883436
RT_STRING	0x3870f0	0x40	data	Chinese	China	1.171875
RT_STRING	0x387130	0x64	data	Chinese	China	1.11
RT_STRING	0x387194	0x1d8	data	Chinese	China	1.0233050847457628
RT_STRING	0x38736c	0x114	data	Chinese	China	1.039855072463768
RT_STRING	0x387480	0x24	data	Chinese	China	1.3055555555555556
RT_GROUP_CURSOR	0x3874a4	0x14	data	Chinese	China	1.4
RT_GROUP_CURSOR	0x3874b8	0x14	data	Chinese	China	1.45
RT_GROUP_CURSOR	0x3874cc	0x22	data	Chinese	China	1.3235294117647058
RT_GROUP_ICON	0x38d684	0x30	data			0.9166666666666666
RT_GROUP_ICON	0x387520	0x14	data	Chinese	China	1.4
RT_GROUP_ICON	0x387534	0x14	data	Chinese	China	1.45
RT_VERSION	0x38d6b8	0x240	data	Chinese	China	0.5642361111111112
RT_MANIFEST	0x38d8fc	0x1d2	XML 1.0 document, ASCII text, with very long lines (466), with no line terminators			0.5879828326180258

Imports

DLL	Import
KERNEL32.DLL	LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
ADVAPI32.dll	RegCloseKey
COMCTL32.dll
comdlg32.dll	ChooseColorA
GDI32.dll	PatBlt
gdiplus.dll	GdipDeletePen
imm32.dll	ImmGetContext
ole32.dll	OleRun
OLEAUT32.dll	SysStringLen
oledlg.dll
SHELL32.dll	ShellExecuteA
shlwapi.dll	PathFileExistsA
USER32.dll	GetDC
winmm.dll	PlaySoundA
WINSPOOL.DRV	ClosePrinter
WS2_32.dll	inet_ntoa

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 20, 2024 09:21:00.008250952 CEST	49675	443	192.168.2.5	23.1.237.91
Jul 20, 2024 09:21:00.008250952 CEST	49674	443	192.168.2.5	23.1.237.91
Jul 20, 2024 09:21:00.148789883 CEST	49673	443	192.168.2.5	23.1.237.91
Jul 20, 2024 09:21:06.086719990 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:06.086756945 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:06.086844921 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:06.088766098 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:06.088781118 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:06.741564989 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:06.741657972 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:06.748327017 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:06.748349905 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:06.748640060 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:06.789419889 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:06.866986036 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:06.888062000 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:06.888106108 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:06.888190031 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:06.898253918 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:06.898271084 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:06.912492037 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.062767029 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.062825918 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.062896967 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.062978983 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.063024998 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.063057899 CEST	49707	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.063076019 CEST	443	49707	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.108315945 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.108365059 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.108454943 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.108855009 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.108870983 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.746166945 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.746354103 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.747957945 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.747989893 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.748214006 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:07.749696970 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:07.796490908 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:08.022581100 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:08.022732019 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:08.022845030 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:08.023605108 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:08.023631096 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:08.023644924 CEST	49709	443	192.168.2.5	184.28.90.27
Jul 20, 2024 09:21:08.023653984 CEST	443	49709	184.28.90.27	192.168.2.5
Jul 20, 2024 09:21:08.161407948 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.161504984 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.256716967 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.256751060 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.257719994 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.260202885 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.273199081 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.316545963 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.607872009 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.607937098 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.607973099 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.608011007 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.608027935 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.608052969 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.609821081 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.609880924 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.610348940 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.610413074 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.610426903 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.610523939 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.833772898 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.833890915 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.833904982 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.833934069 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.833952904 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.833973885 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.834017992 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.834027052 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.834760904 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.835939884 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.835995913 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.836119890 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.836170912 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.836338997 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.836385965 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:08.837275028 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:08.837340117 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.054184914 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.054279089 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.054322958 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.054385900 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.054913998 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.055001974 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.055011988 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.055028915 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.055066109 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.055087090 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.055682898 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.055751085 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.056133986 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.056197882 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.056291103 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.056350946 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.057166100 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.057245970 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.057952881 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.058027983 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.058077097 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.058146000 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.058962107 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.059046984 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.059149027 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.059214115 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.060096025 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.060173035 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.060209990 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.060267925 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.082144022 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:09.082197905 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:09.082335949 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:09.082573891 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:09.082609892 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:09.418158054 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.418292999 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.418292999 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.418323994 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.418354988 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.418370008 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.418380976 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.418433905 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.418479919 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.418529987 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.419059992 CEST	49708	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:09.419076920 CEST	443	49708	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:09.617542982 CEST	49674	443	192.168.2.5	23.1.237.91
Jul 20, 2024 09:21:09.617692947 CEST	49675	443	192.168.2.5	23.1.237.91
Jul 20, 2024 09:21:09.758157015 CEST	49673	443	192.168.2.5	23.1.237.91
Jul 20, 2024 09:21:10.038551092 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:10.038729906 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:10.042509079 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:10.042568922 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:10.042825937 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:10.042898893 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:10.043215036 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:10.088500977 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:10.586289883 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:10.586347103 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:10.586524010 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:10.586985111 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:10.587002039 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:10.599678993 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:10.599781036 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:10.601366997 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:10.601443052 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:10.601463079 CEST	443	49710	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:10.601490021 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:10.601526022 CEST	49710	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:11.399770021 CEST	443	49703	23.1.237.91	192.168.2.5
Jul 20, 2024 09:21:11.399904013 CEST	49703	443	192.168.2.5	23.1.237.91
Jul 20, 2024 09:21:11.570521116 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:11.570662022 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:11.575659037 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:11.575676918 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:11.576117992 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:11.576199055 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:11.576715946 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:11.624510050 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:12.085076094 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:12.085218906 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:12.085239887 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:12.085304976 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:12.086895943 CEST	49711	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:12.086940050 CEST	443	49711	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:12.222053051 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:12.222115040 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:12.222188950 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:12.222438097 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:12.222456932 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.061007023 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:13.061096907 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:13.061175108 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:13.061310053 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:13.061333895 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:13.061395884 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:13.061685085 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.061738968 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.061786890 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.061959028 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:13.061992884 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:13.062103033 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.062119961 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.062585115 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:13.062606096 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:13.074815035 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:13.074868917 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:13.074938059 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:13.075159073 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:13.075185061 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:13.265441895 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.265500069 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.266185999 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.266199112 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.266412973 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.266418934 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.836188078 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.836321115 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.836443901 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.836467028 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.836508989 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.836541891 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.836555958 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.836606979 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.837105036 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.837167025 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.837240934 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.837292910 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.837624073 CEST	49712	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:13.837651968 CEST	443	49712	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:13.999636889 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:13.999763012 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.000181913 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.000206947 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.000381947 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.000397921 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.040735006 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:14.040808916 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:14.041263103 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:14.041275024 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:14.041518927 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:14.041524887 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:14.057250023 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.057328939 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.057651043 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.057665110 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.057835102 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.057846069 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.302941084 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.303241968 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.306911945 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.306945086 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.307248116 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.307313919 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.307658911 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.352488995 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.727298975 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.727396965 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.727454901 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.727509975 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.727539062 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.727638006 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.727648020 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.727705002 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.727952003 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.728028059 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.728116989 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.728168964 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.728193998 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.728224039 CEST	49714	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.728244066 CEST	443	49714	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.728266001 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.728287935 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:14.728312016 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.728351116 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:14.728363991 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728372097 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.728430033 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.728468895 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728519917 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728554964 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.728571892 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728607893 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.728615046 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728627920 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.728646994 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728692055 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:14.728718042 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.728718042 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.728739977 CEST	49713	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.728754997 CEST	443	49713	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.728758097 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:14.728775978 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728802919 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:14.728840113 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.728852987 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728861094 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:14.728899002 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.728904009 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.728950024 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.729006052 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:14.729046106 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:14.730341911 CEST	49716	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:14.730370998 CEST	443	49716	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:14.734532118 CEST	49715	443	192.168.2.5	123.6.105.199
Jul 20, 2024 09:21:14.734548092 CEST	443	49715	123.6.105.199	192.168.2.5
Jul 20, 2024 09:21:14.734958887 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.734985113 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:14.735057116 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.735726118 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:14.735740900 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:15.723521948 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:15.723637104 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:15.724292994 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:15.724299908 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:15.724490881 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:15.724498034 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:16.255367994 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:16.255445957 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:16.255573034 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:16.255618095 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:16.255655050 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:16.255702972 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:16.255776882 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:16.255825996 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:16.256285906 CEST	49717	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:16.256304979 CEST	443	49717	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:16.266690016 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:16.266720057 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:16.266779900 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:16.267337084 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:16.267352104 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:17.212187052 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:17.212279081 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:17.213762045 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:17.213773012 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:17.213898897 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:17.213905096 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.367659092 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.367784023 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.369179964 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.369205952 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.369255066 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.369317055 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.369317055 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.369329929 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.369353056 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.369373083 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.369373083 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.369462967 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.462042093 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.462109089 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.462171078 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.462179899 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.462233067 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.462233067 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.463058949 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.463113070 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.463171959 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.463179111 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.463201046 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.463224888 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.586926937 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.587002039 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.587074995 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.587074995 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.587085962 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.587224007 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.636743069 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.636807919 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.636974096 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.636982918 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.637208939 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.682291985 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.682358027 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.682399988 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.682408094 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.682447910 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.682447910 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.730752945 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.730811119 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.730830908 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.730839968 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.730869055 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.730869055 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.767390966 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.767433882 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.767481089 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.767491102 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.767518044 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.767529964 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.824603081 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.824652910 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.824736118 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.824736118 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.824748993 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.824784994 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.863408089 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.863456011 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.863656998 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.863667965 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.863763094 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.909466028 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.909527063 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.909701109 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.909701109 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.909709930 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.909746885 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.957348108 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.957393885 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.957451105 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.957459927 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.957482100 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.957494020 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.997324944 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.997369051 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.997504950 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.997504950 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:18.997514009 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:18.997551918 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:19.005455971 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:19.005522013 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:19.005587101 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:19.005661964 CEST	443	49718	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:19.005718946 CEST	49718	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:19.247098923 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:19.247153044 CEST	443	49720	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:19.247246027 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:19.247442007 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:19.247461081 CEST	443	49720	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:19.254829884 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:19.254873991 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:19.254937887 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:19.255156040 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:19.255166054 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:19.260989904 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:19.260999918 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:19.261059046 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:19.261456966 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:19.261466026 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:19.447055101 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:19.447140932 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:19.447208881 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:19.447460890 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:19.447479963 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:19.677970886 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:19.678020954 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:19.678087950 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:19.678386927 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:19.678400040 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:21.122925997 CEST	443	49720	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:21.123140097 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:21.123459101 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:21.123473883 CEST	443	49720	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:21.123635054 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:21.123644114 CEST	443	49720	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:21.132829905 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:21.132965088 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.134347916 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.134355068 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:21.134870052 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:21.134988070 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.135274887 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.145904064 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:21.145946980 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:21.146140099 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:21.147129059 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:21.147142887 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:21.180533886 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:21.462821960 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:21.462899923 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:21.463915110 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:21.463999987 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:21.467775106 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:21.467787981 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:21.468123913 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:21.468242884 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:21.468604088 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:21.471122026 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.471193075 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.474944115 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.474973917 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.475382090 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.475425005 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.475789070 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.507714987 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.507798910 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.511979103 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.511987925 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.512311935 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.512389898 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.512523890 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:21.512774944 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.516519070 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.560528040 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.701935053 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:21.701951027 CEST	443	49720	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:21.702018023 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.702033043 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:21.702039003 CEST	443	49720	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:21.702049971 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:21.702146053 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:21.702178001 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.702886105 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.702927113 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:21.703094959 CEST	443	49721	203.205.136.80	192.168.2.5
Jul 20, 2024 09:21:21.703152895 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.703152895 CEST	49721	443	192.168.2.5	203.205.136.80
Jul 20, 2024 09:21:21.704056025 CEST	49720	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:21.704098940 CEST	443	49720	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:21.824403048 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.824506044 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.824522972 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.824558020 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.824568033 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.824606895 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.824610949 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.824642897 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.824680090 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.824765921 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.826512098 CEST	49724	443	192.168.2.5	43.135.106.65
Jul 20, 2024 09:21:21.826539993 CEST	443	49724	43.135.106.65	192.168.2.5
Jul 20, 2024 09:21:21.874134064 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.874341965 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.874350071 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.874444008 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.877011061 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.877194881 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.878271103 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.878353119 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.880028009 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.880120993 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:21.960520029 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:21.960678101 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:21.962414980 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:21.962420940 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:21.962749958 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:21.964472055 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:21.964577913 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.008137941 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:22.025868893 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:22.026048899 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:22.026077986 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:22.026182890 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:22.028842926 CEST	49725	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:22.028887033 CEST	443	49725	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:22.142086029 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.142179012 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.143964052 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.144032001 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.147241116 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.147305012 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.151745081 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.151891947 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.151907921 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.152017117 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.153536081 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.153637886 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.155297995 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.155394077 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.158808947 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.158960104 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.160623074 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.160819054 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.405558109 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.405761957 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.405818939 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.405965090 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.408077955 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.408149004 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.409858942 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.410130024 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.410137892 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.410532951 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.411533117 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.411689043 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.415076971 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.415117979 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.415144920 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.415153027 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.415185928 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.415185928 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.417871952 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.417912006 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.417951107 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.417958021 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.417970896 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.418152094 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.420636892 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.420861006 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.420867920 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.420977116 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.422069073 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.422138929 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.422146082 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.423111916 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.423482895 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.423556089 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.426235914 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.426305056 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.427561045 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.427741051 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.430057049 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.430114985 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.431197882 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.431277990 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.431339979 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.431339979 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.431360960 CEST	443	49722	157.255.220.168	192.168.2.5
Jul 20, 2024 09:21:22.431395054 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.431395054 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.431395054 CEST	49722	443	192.168.2.5	157.255.220.168
Jul 20, 2024 09:21:22.720976114 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:22.768505096 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.986145020 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.986212969 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.986222982 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.986258984 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.986275911 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:22.986299992 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.986315012 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.986329079 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:22.986360073 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:22.989470005 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.989670038 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:22.989677906 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.989696026 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:22.989751101 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:23.660638094 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:23.660679102 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:23.660695076 CEST	49727	443	192.168.2.5	20.114.59.183
Jul 20, 2024 09:21:23.660702944 CEST	443	49727	20.114.59.183	192.168.2.5
Jul 20, 2024 09:21:24.521401882 CEST	49739	80	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:24.521965027 CEST	49740	80	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:24.526331902 CEST	80	49739	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:24.526432991 CEST	49739	80	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:24.526598930 CEST	49739	80	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:24.526849031 CEST	80	49740	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:24.526922941 CEST	49740	80	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:24.531534910 CEST	80	49739	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:25.123255968 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:25.123364925 CEST	443	49741	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:25.123574972 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:25.168803930 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:25.168854952 CEST	443	49741	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:25.426228046 CEST	80	49739	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:25.477281094 CEST	49739	80	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:26.023937941 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.023993969 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:26.024120092 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.024344921 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.024355888 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:26.061224937 CEST	443	49741	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:26.061356068 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.061929941 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.061959028 CEST	443	49741	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:26.062249899 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.062263966 CEST	443	49741	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:26.269248009 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:26.269337893 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:26.269411087 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:26.287177086 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:26.287194014 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:26.615596056 CEST	443	49741	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:26.615679026 CEST	443	49741	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:26.615811110 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.615811110 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.616584063 CEST	49741	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:26.616630077 CEST	443	49741	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.221132040 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.221223116 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.221735001 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.221760988 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.222090006 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.222120047 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.296520948 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.296787977 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.296809912 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.297525883 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.297599077 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.298532009 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.298587084 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.299593925 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.299679041 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.299747944 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.340522051 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.352412939 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.352452993 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.400419950 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.622054100 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.622308016 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.622368097 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.622678995 CEST	49744	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:27.622698069 CEST	443	49744	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:27.774544954 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.775186062 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.775393963 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.775465965 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.775948048 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.776616096 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.776696920 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.776712894 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.777432919 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.777512074 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.777527094 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.778034925 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.779422045 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.779680014 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.996326923 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.996445894 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.996542931 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.996714115 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.997011900 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.997098923 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.997807980 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.997946024 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.998603106 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.998716116 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.999459028 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.999536037 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:27.999552965 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:27.999665022 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.000999928 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.001204967 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.001879930 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.001965046 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.002588987 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.002666950 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.042327881 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:28.042431116 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:28.042690992 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:28.042983055 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:28.043008089 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:28.055504084 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:28.055608988 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:28.055708885 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:28.059475899 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:28.059519053 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:28.216811895 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.216927052 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.217972994 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.218046904 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.218588114 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.218677044 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.220022917 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.220088959 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.220799923 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.220882893 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.222197056 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.222270012 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.222954035 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.223007917 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.223582029 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.223638058 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.224427938 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.224498034 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.226110935 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.226171017 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.226207018 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.226223946 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.226244926 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.226327896 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.227905035 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.227997065 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.228748083 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.228806973 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.228816032 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.228876114 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.437870026 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.437951088 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.438299894 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.438368082 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.439244986 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.439316034 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.440104961 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.440166950 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.441865921 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.441934109 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.442698002 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.442754984 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.442770004 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.442790985 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.442826033 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.442848921 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.444394112 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.444473028 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.445094109 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.445185900 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.445203066 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.445266962 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.446103096 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.446173906 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.447009087 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.447074890 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.447954893 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.448036909 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.448038101 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.448056936 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.448092937 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.448122025 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.448909044 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.448992968 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.449804068 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.449892044 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.450717926 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.450794935 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.450808048 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.450871944 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.451745987 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.451802969 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.452605963 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.452673912 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.453445911 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.453511000 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.453531027 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.453593969 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.454339981 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.454404116 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.455137968 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.455203056 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.465629101 CEST	49750	443	192.168.2.5	142.250.186.100
Jul 20, 2024 09:21:28.465670109 CEST	443	49750	142.250.186.100	192.168.2.5
Jul 20, 2024 09:21:28.465756893 CEST	49750	443	192.168.2.5	142.250.186.100
Jul 20, 2024 09:21:28.465964079 CEST	49750	443	192.168.2.5	142.250.186.100
Jul 20, 2024 09:21:28.465976954 CEST	443	49750	142.250.186.100	192.168.2.5
Jul 20, 2024 09:21:28.530162096 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.530241966 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.530631065 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.530700922 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.531440020 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.531536102 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.532243013 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.532305002 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.658948898 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.659038067 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.659239054 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.659297943 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.659329891 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.659363985 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.659425974 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.676769018 CEST	49745	443	192.168.2.5	129.226.103.162
Jul 20, 2024 09:21:28.676805019 CEST	443	49745	129.226.103.162	192.168.2.5
Jul 20, 2024 09:21:28.967381954 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:28.967483044 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:28.968502998 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:28.968512058 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:28.968811989 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:28.968816996 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:29.130021095 CEST	443	49750	142.250.186.100	192.168.2.5
Jul 20, 2024 09:21:29.145731926 CEST	49750	443	192.168.2.5	142.250.186.100
Jul 20, 2024 09:21:29.145766973 CEST	443	49750	142.250.186.100	192.168.2.5
Jul 20, 2024 09:21:29.149633884 CEST	443	49750	142.250.186.100	192.168.2.5
Jul 20, 2024 09:21:29.149710894 CEST	49750	443	192.168.2.5	142.250.186.100
Jul 20, 2024 09:21:29.150845051 CEST	49750	443	192.168.2.5	142.250.186.100
Jul 20, 2024 09:21:29.151026011 CEST	443	49750	142.250.186.100	192.168.2.5
Jul 20, 2024 09:21:29.199532986 CEST	49750	443	192.168.2.5	142.250.186.100
Jul 20, 2024 09:21:29.199562073 CEST	443	49750	142.250.186.100	192.168.2.5
Jul 20, 2024 09:21:29.245757103 CEST	49750	443	192.168.2.5	142.250.186.100
Jul 20, 2024 09:21:29.409878016 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.410279036 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:29.410346985 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.410742998 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.410835028 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:29.451136112 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:29.451176882 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.452644110 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:29.452811003 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:29.452820063 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.452857018 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.497947931 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:29.498034000 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.534559965 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:29.534656048 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:29.534676075 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:29.534717083 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:29.534816027 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:29.535108089 CEST	49748	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:29.535125017 CEST	443	49748	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:29.542793036 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:29.854737043 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.854902029 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.854922056 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.855071068 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:29.855171919 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:29.855171919 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:30.078753948 CEST	49749	443	192.168.2.5	43.129.115.202
Jul 20, 2024 09:21:30.078828096 CEST	443	49749	43.129.115.202	192.168.2.5
Jul 20, 2024 09:21:30.640650988 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.640737057 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.640757084 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.640803099 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.640876055 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.640911102 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.640911102 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.640940905 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.640986919 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641024113 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641063929 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.641110897 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641119957 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.641143084 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641163111 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641211987 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641230106 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.641300917 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641323090 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.641344070 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641380072 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641403913 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641412020 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.641624928 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641638994 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641659021 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.641756058 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641779900 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.641879082 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.641899109 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.642003059 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.642025948 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.642112017 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.642127037 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.642266035 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.642282009 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.642445087 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.642469883 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:30.642508030 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:30.642524004 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.281338930 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.281645060 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.281663895 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.284940958 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.285022020 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.286153078 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.286231995 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.286423922 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.286433935 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.293189049 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.294728041 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.294742107 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.294790983 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:31.294823885 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:31.295315027 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:31.295315027 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:31.295345068 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:31.296053886 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.296144962 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.296502113 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.296502113 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.296519041 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.296566963 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.299618959 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.299829960 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.299844027 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.303356886 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.303515911 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.304745913 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.304842949 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.304874897 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.304996967 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.305237055 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.305283070 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.306301117 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.306593895 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.307044983 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.307045937 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.307077885 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.307130098 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.337776899 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.337790012 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.338131905 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.348541021 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.353621960 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.353621960 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.353637934 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.353652000 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.364125967 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.364593983 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.364607096 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.366024971 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.366118908 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.366405964 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.366492987 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.366520882 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.367217064 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.367409945 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.367428064 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.368560076 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.368812084 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.369093895 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.369093895 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.369122982 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.369188070 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.373001099 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.373219013 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.373233080 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.376559019 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.376720905 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.377007961 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.377007961 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.377085924 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.384407043 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.400077105 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.400080919 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.403255939 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.403522968 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.403541088 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.406867981 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.406934977 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.407289028 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.407356024 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.407422066 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.412544012 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.415987015 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.415991068 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.415997982 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.416007042 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.431229115 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.431243896 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.448518991 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.461572886 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.461580038 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.461596966 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.461627960 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.478367090 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.509141922 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.577970028 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.578315020 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.580075979 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.590770960 CEST	49756	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.590795040 CEST	443	49756	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.688093901 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.691476107 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.691514969 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.691534996 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.691569090 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.691580057 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.691600084 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.691601992 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.691634893 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.691664934 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.691683054 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.691710949 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.741951942 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.782934904 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.782958984 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.782996893 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.783015013 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.783018112 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.783039093 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.783054113 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.783055067 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.783118963 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.783133030 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.783149004 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.783241034 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.784862041 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.784883976 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.784920931 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.784949064 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.784981012 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.784991980 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.785151958 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.785376072 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.785866976 CEST	49752	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.785887003 CEST	443	49752	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.982888937 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.982964039 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:31.983230114 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.986644030 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:31.986665010 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.214792967 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.224812031 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:32.230514050 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:32.248152018 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.270081043 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.270149946 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.295608044 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.318912029 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.326210022 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.328073978 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:32.328088999 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:32.328366041 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:32.328371048 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:32.334446907 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.363182068 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.370682001 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.388487101 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.388497114 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.388560057 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.390024900 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.405322075 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.405334949 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.423518896 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.423532009 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.423629999 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.452471018 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.507477999 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.507499933 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.507551908 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.514328003 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.514349937 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.514378071 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.514393091 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.514398098 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.514420986 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.514426947 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.514450073 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.514472008 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.514472008 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.514502048 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.555346966 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.600661993 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.600682020 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.600708008 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.600749016 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.600792885 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.600817919 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.600841045 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.600868940 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.603056908 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.603079081 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.603147030 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.603161097 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.603240967 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.686263084 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.686288118 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.686501026 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.686501026 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.686578989 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.686732054 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.687263966 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.687338114 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.687411070 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.687474966 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.687526941 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.687915087 CEST	49757	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.687951088 CEST	443	49757	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.691580057 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.691622019 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.691690922 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.691907883 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.691915989 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.706687927 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.706700087 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.706752062 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.736726046 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.737024069 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.737045050 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.740793943 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.740858078 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.741590977 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.741763115 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.741786003 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.780313015 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:32.780385971 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:32.780399084 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:32.780435085 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:32.780463934 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:32.780524015 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:32.780697107 CEST	49760	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:32.780713081 CEST	443	49760	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:32.788511992 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.788708925 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:32.788723946 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:32.835163116 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.015091896 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.017321110 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.017343998 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.017362118 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.017393112 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.017406940 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.017430067 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.017432928 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.017461061 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.017462969 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.017474890 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.017519951 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.030292034 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.030353069 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.031796932 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.031809092 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.031836033 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.031855106 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.032105923 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.032152891 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.032217026 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.032219887 CEST	443	49759	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.032267094 CEST	49759	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.069358110 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.069374084 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.069389105 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.069400072 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.069406033 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.069642067 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.069642067 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.069725037 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.089162111 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.089369059 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.105695963 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.105714083 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.105811119 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.105843067 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.105906963 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.108971119 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.109030962 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.109041929 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.109081030 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.109102011 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.109118938 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.109126091 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.109152079 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.109193087 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.109888077 CEST	49761	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.109911919 CEST	443	49761	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.116369963 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.164298058 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.164307117 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.164330006 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.164371014 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.164414883 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.164815903 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.164823055 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.164869070 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.214184046 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.214195967 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.214211941 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.214217901 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.214251995 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.214267015 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.214292049 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.214320898 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.214320898 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.214780092 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.239553928 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.239563942 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.239602089 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.239651918 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.239680052 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.239700079 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.240236998 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.240307093 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.240760088 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.240808010 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.251416922 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.251512051 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.251605988 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.251633883 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.254884958 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.273910999 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.273921967 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.273942947 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.273951054 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.273962021 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.273978949 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.274029016 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.274065971 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.288892031 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.288913012 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.335491896 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.340261936 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.340291977 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.340403080 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.340478897 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.340534925 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.381664038 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.381686926 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.381793022 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.381839991 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.382703066 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.382805109 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.384403944 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.384418964 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.384532928 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.384563923 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.384942055 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.385241985 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.385410070 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.405620098 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.405638933 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.405729055 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.405767918 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.406306028 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.416342974 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.416352034 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.416379929 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.416393995 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.416546106 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.416546106 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.416574955 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.422034979 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.422050953 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.422080040 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.422112942 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.422137022 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.422161102 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.429559946 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.429586887 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.429634094 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.429651976 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.429687023 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.430061102 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.430113077 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.430262089 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.430299997 CEST	443	49758	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.430322886 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.430358887 CEST	49758	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.456662893 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.456907034 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.456953049 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.458395958 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.458467960 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.458764076 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.458856106 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.458873034 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.470088959 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.470139980 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.470179081 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.470227957 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.470258951 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.504497051 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.508534908 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.508572102 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.514468908 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.514506102 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.514669895 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.523612976 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.547931910 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.547950983 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.547991991 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.548180103 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.548180103 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.548208952 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.548625946 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.548887968 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.548903942 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.549360037 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.551160097 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.551187038 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.551204920 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.551234007 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.551269054 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.551284075 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.553153038 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.553169966 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.553236008 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.553251982 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.553992987 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.554055929 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.554069996 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.554238081 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.554836035 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.554878950 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.554908991 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.554923058 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.554940939 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.555459023 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.555939913 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.555969954 CEST	49755	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.556004047 CEST	443	49755	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.556004047 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.556022882 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.556070089 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.556138039 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.556147099 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.557089090 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.557112932 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.557167053 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.557180882 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.558300972 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.560296059 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.560328007 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.560725927 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.560965061 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.560973883 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.569226980 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.641762972 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.641866922 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.642035961 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.642198086 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.642220020 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.727660894 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.727689028 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.727730989 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.727754116 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.727775097 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.727792978 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.740649939 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.742748976 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.742758989 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.742778063 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.742789030 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.742795944 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.742824078 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.742883921 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.742908001 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.742927074 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.742968082 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.773227930 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.773242950 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.820303917 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.837779045 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.837805033 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.837845087 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.837888002 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.837961912 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.837994099 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.838324070 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.840573072 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.840615034 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.840646029 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.840665102 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.840696096 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.841012955 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.904169083 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.904216051 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.904232979 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.904267073 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.904274940 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.904304028 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.904323101 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.904532909 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.904542923 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.904735088 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.905338049 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.905348063 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.929414988 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.929462910 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.929539919 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.929606915 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.929647923 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.929696083 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.929929018 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.930003881 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.930664062 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.930780888 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.932066917 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.932343960 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.932384968 CEST	443	49762	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.932409048 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.934250116 CEST	49762	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.950823069 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.963737965 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.963772058 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.963877916 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.963921070 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.963921070 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.963958025 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.964453936 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.964473009 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.964514017 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.964535952 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.964549065 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.964565992 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.964612961 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:33.965678930 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:33.965745926 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.040333033 CEST	49765	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:34.040371895 CEST	443	49765	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:34.042475939 CEST	49765	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:34.042697906 CEST	49765	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:34.042710066 CEST	443	49765	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:34.080554008 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.081372976 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.081479073 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.081500053 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.082068920 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.082137108 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.082145929 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.103080034 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.103199005 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.103209019 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.103543043 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.105406046 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.105458021 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.105484009 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.105494976 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.105521917 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.105537891 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.119124889 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.119165897 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.119200945 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.119209051 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.119254112 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.119525909 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.122301102 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.122309923 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.159934998 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.159993887 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.160053968 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.160064936 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.160094023 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.160350084 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.163100004 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.163590908 CEST	49753	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.163609982 CEST	443	49753	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.167248011 CEST	49766	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.167284966 CEST	443	49766	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.170588970 CEST	49766	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.170779943 CEST	49766	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.170785904 CEST	443	49766	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.571723938 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.571760893 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.571777105 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.571814060 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.571816921 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.571851969 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.571872950 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.571891069 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.572433949 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.572454929 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.572494030 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.572505951 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.572526932 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.573754072 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.573774099 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.573791981 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.573817015 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.573824883 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.573848009 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.573848963 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.573888063 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.575686932 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.577845097 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.577868938 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.578030109 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.578030109 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.579989910 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.580009937 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.580046892 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.580050945 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.580065966 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.580094099 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.580112934 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.580138922 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.580180883 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.583455086 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.583496094 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.583534002 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.583551884 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.583573103 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.584992886 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.585041046 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.585083961 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.585093975 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.585117102 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.586719036 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.586756945 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.586793900 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.586803913 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.586822987 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.586843014 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.587496996 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.587546110 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.595374107 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.595638990 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.595691919 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.596805096 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.596894026 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.597836971 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.597912073 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.598073006 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.598088980 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.629642963 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.629714966 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.629782915 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.629798889 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.629832029 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.629846096 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.635946989 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.649569988 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.674496889 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.674511909 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.675678968 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.675998926 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.676131010 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.676176071 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.698231936 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.698290110 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.698337078 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.698350906 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.698429108 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.698712111 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.698766947 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.698776960 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.698792934 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.698849916 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.698858976 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.700387955 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.700438023 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.700505972 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.700506926 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.700531006 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.700535059 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.700561047 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.700577974 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.700613022 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.700659990 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.702797890 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.702841043 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.702888012 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.702897072 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.702917099 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.725888014 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.725928068 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.726037979 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.726037979 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.726052046 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.726089954 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.726135969 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.727459908 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.727514029 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.727544069 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.727551937 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.727587938 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.729429960 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.729469061 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.729499102 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.729509115 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.729540110 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.729890108 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.778558016 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.778564930 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.783684015 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.783746958 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.783776045 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.783785105 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.783818007 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.784132004 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.784190893 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.784198999 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.784243107 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.785881042 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.785923958 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.785953045 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.785962105 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.785994053 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.786010981 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.858957052 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.861366987 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.861376047 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.861399889 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.861412048 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.861419916 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.861443043 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.861485958 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.861520052 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.861546993 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.868165970 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.868295908 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.868308067 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.868889093 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.868966103 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.868983030 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.868994951 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.869035959 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.881627083 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.881673098 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.881715059 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.881725073 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.881756067 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.881777048 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.897607088 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.897660017 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.897702932 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.897702932 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.897716999 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.897753954 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.899151087 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.899189949 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.899235964 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.899245024 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.899260044 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.906271935 CEST	443	49766	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.906533003 CEST	49766	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.906548023 CEST	443	49766	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.907692909 CEST	443	49766	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.908032894 CEST	49766	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.908174038 CEST	49766	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.908200026 CEST	443	49766	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.908417940 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.908479929 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.908497095 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.908546925 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.909493923 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.909533024 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.909569979 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.909579039 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.909600973 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.909605980 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.909631014 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.909640074 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.909677982 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.911806107 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.911844969 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.911887884 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.911896944 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.911928892 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.913501978 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.913542032 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.913578987 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.913588047 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.913621902 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.914393902 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.914433002 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.914465904 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.914475918 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.914490938 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.914496899 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.914520025 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.914526939 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.914544106 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.914576054 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.915090084 CEST	443	49754	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.915153980 CEST	49754	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.916796923 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918180943 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918206930 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918226957 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918252945 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.918262959 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918281078 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918287992 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.918306112 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918323994 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918330908 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.918353081 CEST	443	49763	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.918356895 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.918370962 CEST	49763	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.944885969 CEST	443	49765	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:34.944978952 CEST	49765	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:34.945442915 CEST	49765	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:34.945450068 CEST	443	49765	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:34.945633888 CEST	49765	443	192.168.2.5	129.226.107.134
Jul 20, 2024 09:21:34.945638895 CEST	443	49765	129.226.107.134	192.168.2.5
Jul 20, 2024 09:21:34.949928045 CEST	49766	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.953278065 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.953294992 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.953377008 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.953398943 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.953454018 CEST	49764	443	192.168.2.5	43.152.137.29
Jul 20, 2024 09:21:34.955130100 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.955143929 CEST	443	49764	43.152.137.29	192.168.2.5
Jul 20, 2024 09:21:34.955210924 CEST	49764	443	192.168.2.5	43.152.137.29

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 20, 2024 09:21:06.521264076 CEST	192.168.2.5	1.1.1.1	0xe2	Standard query (0)	xui.ptlogin2.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.071619987 CEST	192.168.2.5	1.1.1.1	0xb8dd	Standard query (0)	qq-web-legacy.cdn-go.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.073354006 CEST	192.168.2.5	1.1.1.1	0xe483	Standard query (0)	imgcache.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:10.071002960 CEST	192.168.2.5	1.1.1.1	0xb8dd	Standard query (0)	qq-web-legacy.cdn-go.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:13.065660000 CEST	192.168.2.5	1.1.1.1	0xbc99	Standard query (0)	ui.ptlogin2.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.103378057 CEST	192.168.2.5	1.1.1.1	0x2195	Standard query (0)	localhost.sec.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.104916096 CEST	192.168.2.5	1.1.1.1	0xde04	Standard query (0)	localhost.ptlogin2.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.108982086 CEST	192.168.2.5	1.1.1.1	0x4c31	Standard query (0)	report.qqweb.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.252537012 CEST	192.168.2.5	1.1.1.1	0x18e9	Standard query (0)	ssl.captcha.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.260477066 CEST	192.168.2.5	1.1.1.1	0x904f	Standard query (0)	ssl.ptlogin2.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:24.054358959 CEST	192.168.2.5	1.1.1.1	0x5da1	Standard query (0)	txz.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:24.054553032 CEST	192.168.2.5	1.1.1.1	0x8285	Standard query (0)	txz.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:25.429239035 CEST	192.168.2.5	1.1.1.1	0xc97f	Standard query (0)	txz.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:25.430028915 CEST	192.168.2.5	1.1.1.1	0xb717	Standard query (0)	txz.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:27.628293037 CEST	192.168.2.5	1.1.1.1	0x2af3	Standard query (0)	im.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:27.628830910 CEST	192.168.2.5	1.1.1.1	0xdc12	Standard query (0)	im.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:28.457010984 CEST	192.168.2.5	1.1.1.1	0xf7d8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:28.457638979 CEST	192.168.2.5	1.1.1.1	0xb2c3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:30.080240011 CEST	192.168.2.5	1.1.1.1	0x8cc1	Standard query (0)	qq-web.cdn-go.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:30.080859900 CEST	192.168.2.5	1.1.1.1	0xda7b	Standard query (0)	qq-web.cdn-go.cn	65	IN (0x0001)	false
Jul 20, 2024 09:21:31.795006037 CEST	192.168.2.5	1.1.1.1	0xf351	Standard query (0)	qq-web.cdn-go.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:31.795353889 CEST	192.168.2.5	1.1.1.1	0xdee2	Standard query (0)	qq-web.cdn-go.cn	65	IN (0x0001)	false
Jul 20, 2024 09:21:33.439568996 CEST	192.168.2.5	1.1.1.1	0x8f6d	Standard query (0)	cdn-go.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:33.440005064 CEST	192.168.2.5	1.1.1.1	0x1fc8	Standard query (0)	cdn-go.cn	65	IN (0x0001)	false
Jul 20, 2024 09:21:35.062726021 CEST	192.168.2.5	1.1.1.1	0xb250	Standard query (0)	cdn-go.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.062889099 CEST	192.168.2.5	1.1.1.1	0xeb0c	Standard query (0)	cdn-go.cn	65	IN (0x0001)	false
Jul 20, 2024 09:21:35.071335077 CEST	192.168.2.5	1.1.1.1	0xc75a	Standard query (0)	aegis.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.071623087 CEST	192.168.2.5	1.1.1.1	0x392a	Standard query (0)	aegis.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:35.526354074 CEST	192.168.2.5	1.1.1.1	0xb893	Standard query (0)	v.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.526633024 CEST	192.168.2.5	1.1.1.1	0x7b24	Standard query (0)	v.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:35.528461933 CEST	192.168.2.5	1.1.1.1	0xb9c5	Standard query (0)	beacon.cdn.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.528764009 CEST	192.168.2.5	1.1.1.1	0x6702	Standard query (0)	beacon.cdn.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:35.695736885 CEST	192.168.2.5	1.1.1.1	0x77ef	Standard query (0)	vm.gtimg.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.695844889 CEST	192.168.2.5	1.1.1.1	0x6d56	Standard query (0)	vm.gtimg.cn	65	IN (0x0001)	false
Jul 20, 2024 09:21:36.456274033 CEST	192.168.2.5	1.1.1.1	0x9124	Standard query (0)	otheve.beacon.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.456444979 CEST	192.168.2.5	1.1.1.1	0x4b04	Standard query (0)	otheve.beacon.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:36.706890106 CEST	192.168.2.5	1.1.1.1	0xa3b3	Standard query (0)	beacon.cdn.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.707066059 CEST	192.168.2.5	1.1.1.1	0xbee	Standard query (0)	beacon.cdn.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:37.566881895 CEST	192.168.2.5	1.1.1.1	0x8cf3	Standard query (0)	im.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:37.567070961 CEST	192.168.2.5	1.1.1.1	0x7b37	Standard query (0)	im.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:42.696371078 CEST	192.168.2.5	1.1.1.1	0xf182	Standard query (0)	static-res.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:42.696475029 CEST	192.168.2.5	1.1.1.1	0x2bb	Standard query (0)	static-res.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:43.654932022 CEST	192.168.2.5	1.1.1.1	0x9d7f	Standard query (0)	aegis.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:43.655113935 CEST	192.168.2.5	1.1.1.1	0x8cfe	Standard query (0)	aegis.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:44.312705994 CEST	192.168.2.5	1.1.1.1	0xff52	Standard query (0)	static-res.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:44.312875032 CEST	192.168.2.5	1.1.1.1	0xe8d0	Standard query (0)	static-res.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:44.938448906 CEST	192.168.2.5	1.1.1.1	0x763f	Standard query (0)	otheve.beacon.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:44.938584089 CEST	192.168.2.5	1.1.1.1	0x5d3a	Standard query (0)	otheve.beacon.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:59.240086079 CEST	192.168.2.5	1.1.1.1	0x8815	Standard query (0)	v.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.240225077 CEST	192.168.2.5	1.1.1.1	0x8989	Standard query (0)	v.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:21:59.403479099 CEST	192.168.2.5	1.1.1.1	0xb23c	Standard query (0)	vm.gtimg.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.403600931 CEST	192.168.2.5	1.1.1.1	0xe1e8	Standard query (0)	vm.gtimg.cn	65	IN (0x0001)	false
Jul 20, 2024 09:22:00.759533882 CEST	192.168.2.5	1.1.1.1	0x2144	Standard query (0)	h.trace.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:00.759701014 CEST	192.168.2.5	1.1.1.1	0xb15b	Standard query (0)	h.trace.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:22:02.406111002 CEST	192.168.2.5	1.1.1.1	0x6ad8	Standard query (0)	h.trace.qq.com	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:02.406111002 CEST	192.168.2.5	1.1.1.1	0x100	Standard query (0)	h.trace.qq.com	65	IN (0x0001)	false
Jul 20, 2024 09:22:06.724895000 CEST	192.168.2.5	1.1.1.1	0xc558	Standard query (0)	qzonestyle.gtimg.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:06.725040913 CEST	192.168.2.5	1.1.1.1	0xa64c	Standard query (0)	qzonestyle.gtimg.cn	65	IN (0x0001)	false
Jul 20, 2024 09:22:08.984927893 CEST	192.168.2.5	1.1.1.1	0xfa40	Standard query (0)	qzonestyle.gtimg.cn	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:08.985071898 CEST	192.168.2.5	1.1.1.1	0x23cb	Standard query (0)	qzonestyle.gtimg.cn	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 20, 2024 09:21:06.859086990 CEST	1.1.1.1	192.168.2.5	0xe2	No error (0)	xui.ptlogin2.qq.com	ins-9hkazpwd.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:06.859086990 CEST	1.1.1.1	192.168.2.5	0xe2	No error (0)	ins-9hkazpwd.ias.tencent-cloud.net		129.226.103.162	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:06.859086990 CEST	1.1.1.1	192.168.2.5	0xe2	No error (0)	ins-9hkazpwd.ias.tencent-cloud.net		129.226.107.134	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	imgcache.qq.com	luna-imgcache.qq.com.tcdn.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	luna-imgcache.qq.com.tcdn.qq.com	imgcache.qq.com.sched.legopic1.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	imgcache.qq.com.sched.legopic1.tdnsv6.com		123.6.105.199	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	imgcache.qq.com.sched.legopic1.tdnsv6.com		123.6.40.249	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	imgcache.qq.com.sched.legopic1.tdnsv6.com		180.95.234.140	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	imgcache.qq.com.sched.legopic1.tdnsv6.com		119.188.150.238	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	imgcache.qq.com.sched.legopic1.tdnsv6.com		180.95.234.204	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	imgcache.qq.com.sched.legopic1.tdnsv6.com		123.6.105.194	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:09.081392050 CEST	1.1.1.1	192.168.2.5	0xe483	No error (0)	imgcache.qq.com.sched.legopic1.tdnsv6.com		116.153.4.97	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:10.583280087 CEST	1.1.1.1	192.168.2.5	0xb8dd	No error (0)	qq-web-legacy.cdn-go.cn	any.cdn-go.cn.cloud.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:10.583280087 CEST	1.1.1.1	192.168.2.5	0xb8dd	No error (0)	any.cdn-go.cn.cloud.tc.qq.com	any.cdn-go.cn.mid.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:10.583280087 CEST	1.1.1.1	192.168.2.5	0xb8dd	No error (0)	any.cdn-go.cn.mid.tdnsv6.com	any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:10.583280087 CEST	1.1.1.1	192.168.2.5	0xb8dd	No error (0)	any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com		203.205.136.80	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:10.583353043 CEST	1.1.1.1	192.168.2.5	0xb8dd	No error (0)	qq-web-legacy.cdn-go.cn	any.cdn-go.cn.cloud.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:10.583353043 CEST	1.1.1.1	192.168.2.5	0xb8dd	No error (0)	any.cdn-go.cn.cloud.tc.qq.com	any.cdn-go.cn.mid.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:10.583353043 CEST	1.1.1.1	192.168.2.5	0xb8dd	No error (0)	any.cdn-go.cn.mid.tdnsv6.com	any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:10.583353043 CEST	1.1.1.1	192.168.2.5	0xb8dd	No error (0)	any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com		203.205.136.80	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:13.074170113 CEST	1.1.1.1	192.168.2.5	0xbc99	No error (0)	ui.ptlogin2.qq.com	ins-ojz90ij2.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:13.074170113 CEST	1.1.1.1	192.168.2.5	0xbc99	No error (0)	ins-ojz90ij2.ias.tencent-cloud.net		129.226.103.162	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:13.074170113 CEST	1.1.1.1	192.168.2.5	0xbc99	No error (0)	ins-ojz90ij2.ias.tencent-cloud.net		129.226.107.134	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.122735977 CEST	1.1.1.1	192.168.2.5	0xde04	No error (0)	localhost.ptlogin2.qq.com		127.0.0.1	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.260332108 CEST	1.1.1.1	192.168.2.5	0x18e9	No error (0)	ssl.captcha.qq.com		157.255.220.168	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.383908987 CEST	1.1.1.1	192.168.2.5	0x2195	No error (0)	localhost.sec.qq.com		0.0.0.1	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.446346045 CEST	1.1.1.1	192.168.2.5	0x4c31	No error (0)	report.qqweb.qq.com	ins-yf1um8dh.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:19.446346045 CEST	1.1.1.1	192.168.2.5	0x4c31	No error (0)	ins-yf1um8dh.ias.tencent-cloud.net		43.135.106.65	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.446346045 CEST	1.1.1.1	192.168.2.5	0x4c31	No error (0)	ins-yf1um8dh.ias.tencent-cloud.net		43.135.106.77	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.676996946 CEST	1.1.1.1	192.168.2.5	0x904f	No error (0)	ssl.ptlogin2.qq.com	ins-ck07kq9h.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:19.676996946 CEST	1.1.1.1	192.168.2.5	0x904f	No error (0)	ins-ck07kq9h.ias.tencent-cloud.net		129.226.107.134	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:19.676996946 CEST	1.1.1.1	192.168.2.5	0x904f	No error (0)	ins-ck07kq9h.ias.tencent-cloud.net		129.226.103.162	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:24.520924091 CEST	1.1.1.1	192.168.2.5	0x5da1	No error (0)	txz.qq.com	ins-swbr0hdo.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:24.520924091 CEST	1.1.1.1	192.168.2.5	0x5da1	No error (0)	ins-swbr0hdo.ias.tencent-cloud.net		129.226.103.162	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:24.520924091 CEST	1.1.1.1	192.168.2.5	0x5da1	No error (0)	ins-swbr0hdo.ias.tencent-cloud.net		129.226.107.134	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:26.023271084 CEST	1.1.1.1	192.168.2.5	0xc97f	No error (0)	txz.qq.com	ins-swbr0hdo.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:26.023271084 CEST	1.1.1.1	192.168.2.5	0xc97f	No error (0)	ins-swbr0hdo.ias.tencent-cloud.net		129.226.107.134	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:26.023271084 CEST	1.1.1.1	192.168.2.5	0xc97f	No error (0)	ins-swbr0hdo.ias.tencent-cloud.net		129.226.103.162	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:28.054744959 CEST	1.1.1.1	192.168.2.5	0x2af3	No error (0)	im.qq.com	ins-azm2llib.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:28.054744959 CEST	1.1.1.1	192.168.2.5	0x2af3	No error (0)	ins-azm2llib.ias.tencent-cloud.net		43.129.115.202	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:28.054744959 CEST	1.1.1.1	192.168.2.5	0x2af3	No error (0)	ins-azm2llib.ias.tencent-cloud.net		43.159.234.178	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:28.464292049 CEST	1.1.1.1	192.168.2.5	0xf7d8	No error (0)	www.google.com		142.250.186.100	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:28.464802027 CEST	1.1.1.1	192.168.2.5	0xb2c3	No error (0)	www.google.com			65	IN (0x0001)	false
Jul 20, 2024 09:21:30.638381958 CEST	1.1.1.1	192.168.2.5	0x8cc1	No error (0)	qq-web.cdn-go.cn	any.cdn-go.cn.tegsea.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:30.638381958 CEST	1.1.1.1	192.168.2.5	0x8cc1	No error (0)	any.cdn-go.cn.tegsea.tc.qq.com	any.cdn-go.lmtlego.sched.apdcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:30.638381958 CEST	1.1.1.1	192.168.2.5	0x8cc1	No error (0)	any.cdn-go.lmtlego.sched.apdcdn.com		43.152.137.29	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:30.638381958 CEST	1.1.1.1	192.168.2.5	0x8cc1	No error (0)	any.cdn-go.lmtlego.sched.apdcdn.com		43.152.29.15	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:30.638381958 CEST	1.1.1.1	192.168.2.5	0x8cc1	No error (0)	any.cdn-go.lmtlego.sched.apdcdn.com		43.152.29.20	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:31.980950117 CEST	1.1.1.1	192.168.2.5	0xf351	No error (0)	qq-web.cdn-go.cn	any.cdn-go.cn.tegsea.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:31.980950117 CEST	1.1.1.1	192.168.2.5	0xf351	No error (0)	any.cdn-go.cn.tegsea.tc.qq.com	any.cdn-go.lmtlego.sched.apdcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:31.980950117 CEST	1.1.1.1	192.168.2.5	0xf351	No error (0)	any.cdn-go.lmtlego.sched.apdcdn.com		43.152.137.29	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:31.980950117 CEST	1.1.1.1	192.168.2.5	0xf351	No error (0)	any.cdn-go.lmtlego.sched.apdcdn.com		43.152.29.15	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:31.980950117 CEST	1.1.1.1	192.168.2.5	0xf351	No error (0)	any.cdn-go.lmtlego.sched.apdcdn.com		43.152.29.20	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:33.641165018 CEST	1.1.1.1	192.168.2.5	0x8f6d	No error (0)	cdn-go.cn	cdn-go.cn.tegsea.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:33.641165018 CEST	1.1.1.1	192.168.2.5	0x8f6d	No error (0)	cdn-go.cn.tegsea.tc.qq.com	cdn-go.cn.lmtlego.sched.apdcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:33.641165018 CEST	1.1.1.1	192.168.2.5	0x8f6d	No error (0)	cdn-go.cn.lmtlego.sched.apdcdn.com		43.152.137.29	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:33.641165018 CEST	1.1.1.1	192.168.2.5	0x8f6d	No error (0)	cdn-go.cn.lmtlego.sched.apdcdn.com		43.152.29.15	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:33.641165018 CEST	1.1.1.1	192.168.2.5	0x8f6d	No error (0)	cdn-go.cn.lmtlego.sched.apdcdn.com		43.152.29.20	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.073030949 CEST	1.1.1.1	192.168.2.5	0xb250	No error (0)	cdn-go.cn	cdn-go.cn.tegsea.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:35.073030949 CEST	1.1.1.1	192.168.2.5	0xb250	No error (0)	cdn-go.cn.tegsea.tc.qq.com	cdn-go.cn.lmtlego.sched.apdcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:35.073030949 CEST	1.1.1.1	192.168.2.5	0xb250	No error (0)	cdn-go.cn.lmtlego.sched.apdcdn.com		43.152.29.20	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.073030949 CEST	1.1.1.1	192.168.2.5	0xb250	No error (0)	cdn-go.cn.lmtlego.sched.apdcdn.com		43.152.137.29	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.073030949 CEST	1.1.1.1	192.168.2.5	0xb250	No error (0)	cdn-go.cn.lmtlego.sched.apdcdn.com		43.152.29.15	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.083256006 CEST	1.1.1.1	192.168.2.5	0xc75a	No error (0)	aegis.qq.com		43.137.221.145	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.533808947 CEST	1.1.1.1	192.168.2.5	0xb893	No error (0)	v.qq.com	p21ovs.tcdn.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:35.533808947 CEST	1.1.1.1	192.168.2.5	0xb893	No error (0)	p21ovs.tcdn.qq.com	ssd.tcdn.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:35.533808947 CEST	1.1.1.1	192.168.2.5	0xb893	No error (0)	ssd.tcdn.qq.com		203.205.137.236	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	beacon.cdn.qq.com	beacon.cdn.qq.com.cdn.dnsv1.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	beacon.cdn.qq.com.cdn.dnsv1.com	best.ovslegodl.sched.ovscdns.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.29.77	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.142	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.154	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		101.33.11.219	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.28.41	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.58	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.29.72	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.28.43	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.221	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.80	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.137.72	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.151	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		101.33.11.246	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.29.63	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.536914110 CEST	1.1.1.1	192.168.2.5	0xb9c5	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.209	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	vm.gtimg.cn	vm.gtimg.cn.cdn.dnsv1.com.cn		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	vm.gtimg.cn.cdn.dnsv1.com.cn	301yjo64.sched.sma-dk.tdnsstic1.cn		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		42.177.83.111	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		60.221.17.244	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		112.84.131.219	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		116.153.68.72	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		119.188.149.190	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		42.177.83.87	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		211.97.81.229	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		116.153.46.40	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		119.176.27.237	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		14.205.93.60	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		58.251.127.107	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		116.153.68.116	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:35.704442024 CEST	1.1.1.1	192.168.2.5	0x77ef	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		42.177.83.214	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.466310024 CEST	1.1.1.1	192.168.2.5	0x9124	No error (0)	otheve.beacon.qq.com	ins-u4xprfqu.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:36.466310024 CEST	1.1.1.1	192.168.2.5	0x9124	No error (0)	ins-u4xprfqu.ias.tencent-cloud.net		129.226.106.210	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.466310024 CEST	1.1.1.1	192.168.2.5	0x9124	No error (0)	ins-u4xprfqu.ias.tencent-cloud.net		129.226.103.123	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	beacon.cdn.qq.com	beacon.cdn.qq.com.cdn.dnsv1.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	beacon.cdn.qq.com.cdn.dnsv1.com	best.ovslegodl.sched.ovscdns.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.209	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.29.72	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		101.33.11.219	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.28.43	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.29.63	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.142	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.29.77	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.58	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.137.72	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.154	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.151	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.80	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.26.221	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		101.33.11.246	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:36.876094103 CEST	1.1.1.1	192.168.2.5	0xa3b3	No error (0)	best.ovslegodl.sched.ovscdns.com		43.152.28.41	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:37.879502058 CEST	1.1.1.1	192.168.2.5	0x8cf3	No error (0)	im.qq.com	ins-azm2llib.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:37.879502058 CEST	1.1.1.1	192.168.2.5	0x8cf3	No error (0)	ins-azm2llib.ias.tencent-cloud.net		43.129.115.202	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:37.879502058 CEST	1.1.1.1	192.168.2.5	0x8cf3	No error (0)	ins-azm2llib.ias.tencent-cloud.net		43.159.234.178	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:42.871937037 CEST	1.1.1.1	192.168.2.5	0xf182	No error (0)	static-res.qq.com	static-res.qq.com.tegsea.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:42.871937037 CEST	1.1.1.1	192.168.2.5	0xf182	No error (0)	static-res.qq.com.tegsea.tc.qq.com	static-res.lmtlego.sched.apdcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:42.871937037 CEST	1.1.1.1	192.168.2.5	0xf182	No error (0)	static-res.lmtlego.sched.apdcdn.com		43.152.29.15	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:42.871937037 CEST	1.1.1.1	192.168.2.5	0xf182	No error (0)	static-res.lmtlego.sched.apdcdn.com		43.152.137.29	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:42.871937037 CEST	1.1.1.1	192.168.2.5	0xf182	No error (0)	static-res.lmtlego.sched.apdcdn.com		43.152.29.20	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:43.663316011 CEST	1.1.1.1	192.168.2.5	0x9d7f	No error (0)	aegis.qq.com		43.137.221.145	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:44.483115911 CEST	1.1.1.1	192.168.2.5	0xff52	No error (0)	static-res.qq.com	static-res.qq.com.tegsea.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:44.483115911 CEST	1.1.1.1	192.168.2.5	0xff52	No error (0)	static-res.qq.com.tegsea.tc.qq.com	static-res.lmtlego.sched.apdcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:44.483115911 CEST	1.1.1.1	192.168.2.5	0xff52	No error (0)	static-res.lmtlego.sched.apdcdn.com		43.152.29.20	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:44.483115911 CEST	1.1.1.1	192.168.2.5	0xff52	No error (0)	static-res.lmtlego.sched.apdcdn.com		43.152.137.29	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:44.483115911 CEST	1.1.1.1	192.168.2.5	0xff52	No error (0)	static-res.lmtlego.sched.apdcdn.com		43.152.29.15	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:44.946805954 CEST	1.1.1.1	192.168.2.5	0x763f	No error (0)	otheve.beacon.qq.com	ins-u4xprfqu.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:44.946805954 CEST	1.1.1.1	192.168.2.5	0x763f	No error (0)	ins-u4xprfqu.ias.tencent-cloud.net		129.226.106.210	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:44.946805954 CEST	1.1.1.1	192.168.2.5	0x763f	No error (0)	ins-u4xprfqu.ias.tencent-cloud.net		129.226.103.123	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.247704983 CEST	1.1.1.1	192.168.2.5	0x8815	No error (0)	v.qq.com	p21ovs.tcdn.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:59.247704983 CEST	1.1.1.1	192.168.2.5	0x8815	No error (0)	p21ovs.tcdn.qq.com	ssd.tcdn.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:59.247704983 CEST	1.1.1.1	192.168.2.5	0x8815	No error (0)	ssd.tcdn.qq.com		203.205.137.236	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	vm.gtimg.cn	vm.gtimg.cn.cdn.dnsv1.com.cn		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	vm.gtimg.cn.cdn.dnsv1.com.cn	301yjo64.sched.sma-dk.tdnsstic1.cn		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		119.176.27.237	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		116.153.68.116	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		116.153.68.72	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		116.153.46.40	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		60.221.17.244	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		112.84.131.219	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		119.188.149.190	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		42.177.83.214	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		58.251.127.107	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		42.177.83.111	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		14.205.93.60	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		42.177.83.87	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:21:59.876753092 CEST	1.1.1.1	192.168.2.5	0xb23c	No error (0)	301yjo64.sched.sma-dk.tdnsstic1.cn		211.97.81.229	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:00.767102003 CEST	1.1.1.1	192.168.2.5	0x2144	No error (0)	h.trace.qq.com	ins-diu1q33u.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:22:00.767102003 CEST	1.1.1.1	192.168.2.5	0x2144	No error (0)	ins-diu1q33u.ias.tencent-cloud.net		129.226.102.234	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:00.767102003 CEST	1.1.1.1	192.168.2.5	0x2144	No error (0)	ins-diu1q33u.ias.tencent-cloud.net		129.226.106.225	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:02.800199986 CEST	1.1.1.1	192.168.2.5	0x6ad8	No error (0)	h.trace.qq.com	ins-diu1q33u.ias.tencent-cloud.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:22:02.800199986 CEST	1.1.1.1	192.168.2.5	0x6ad8	No error (0)	ins-diu1q33u.ias.tencent-cloud.net		129.226.106.225	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:02.800199986 CEST	1.1.1.1	192.168.2.5	0x6ad8	No error (0)	ins-diu1q33u.ias.tencent-cloud.net		129.226.102.234	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:07.238971949 CEST	1.1.1.1	192.168.2.5	0xc558	No error (0)	qzonestyle.gtimg.cn	qzonestyle.gtimg.cn.cloud.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:22:07.238971949 CEST	1.1.1.1	192.168.2.5	0xc558	No error (0)	qzonestyle.gtimg.cn.cloud.tc.qq.com	qzonestyle.mid.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:22:07.238971949 CEST	1.1.1.1	192.168.2.5	0xc558	No error (0)	qzonestyle.mid.tdnsv6.com	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:22:07.238971949 CEST	1.1.1.1	192.168.2.5	0xc558	No error (0)	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com		36.250.242.247	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:07.238971949 CEST	1.1.1.1	192.168.2.5	0xc558	No error (0)	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com		36.250.242.243	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:07.238971949 CEST	1.1.1.1	192.168.2.5	0xc558	No error (0)	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com		203.205.136.80	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:09.636203051 CEST	1.1.1.1	192.168.2.5	0xfa40	No error (0)	qzonestyle.gtimg.cn	qzonestyle.gtimg.cn.cloud.tc.qq.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:22:09.636203051 CEST	1.1.1.1	192.168.2.5	0xfa40	No error (0)	qzonestyle.gtimg.cn.cloud.tc.qq.com	qzonestyle.mid.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:22:09.636203051 CEST	1.1.1.1	192.168.2.5	0xfa40	No error (0)	qzonestyle.mid.tdnsv6.com	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 20, 2024 09:22:09.636203051 CEST	1.1.1.1	192.168.2.5	0xfa40	No error (0)	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com		203.205.136.80	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:09.636203051 CEST	1.1.1.1	192.168.2.5	0xfa40	No error (0)	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com		36.250.242.243	A (IP address)	IN (0x0001)	false
Jul 20, 2024 09:22:09.636203051 CEST	1.1.1.1	192.168.2.5	0xfa40	No error (0)	qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com		36.250.242.247	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49739	129.226.103.162	80	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 20, 2024 09:21:24.526598930 CEST	471	OUT	GET /p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102 HTTP/1.1 Host: txz.qq.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jul 20, 2024 09:21:25.426228046 CEST	369	IN	HTTP/1.1 302 Moved Temporarily Server: stgw Date: Sat, 20 Jul 2024 07:21:25 GMT Content-Type: text/html Content-Length: 137 Connection: keep-alive Location: https://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>
Jul 20, 2024 09:22:10.436532974 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49796	43.129.115.202	80	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 20, 2024 09:21:37.888223886 CEST	485	OUT	GET /index/ HTTP/1.1 Host: im.qq.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac
Jul 20, 2024 09:21:38.800894022 CEST	328	IN	HTTP/1.1 302 Moved Temporarily Server: stgw Date: Sat, 20 Jul 2024 07:21:38 GMT Content-Type: text/html Content-Length: 137 Connection: keep-alive Location: https://im.qq.com/index/ Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>
Jul 20, 2024 09:22:23.810966969 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49740	129.226.103.162	80	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Jul 20, 2024 09:22:09.542309999 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49707	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:06 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-20 07:21:07 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF67) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=204528 Date: Sat, 20 Jul 2024 07:21:06 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49709	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:07 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-20 07:21:08 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=204490 Date: Sat, 20 Jul 2024 07:21:07 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-20 07:21:08 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49708	129.226.103.162	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:08 UTC	455	OUT	GET /cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info HTTP/1.1 Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: xui.ptlogin2.qq.com Connection: Keep-Alive
2024-07-20 07:21:08 UTC	1332	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:08 GMT Content-Type: text/html Content-Length: 102521 Connection: close Server: QZHTTP-2.38.41 P3P: CP="CAO PSA OUR" Cache-Control: max-age=600 Set-Cookie: pt_user_id=13178230157189251109; EXPIRES=Tue, 18-Jul-2034 07:21:08 GMT; PATH=/; DOMAIN=ui.ptlogin2.qq.com; SameSite=None; Secure Set-Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure Set-Cookie: pt_clientip=e1c0082e7b21c752; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure Set-Cookie: pt_serverip=a8f07f000001702f; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure Set-Cookie: pt_local_token=794037794; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure Set-Cookie: uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure Set-Cookie: pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; EXPIRES=Mon, 19-Aug-2024 07:21:08 GMT; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure Set-Cookie: ptui_identifier=000D5A9582EFF60171305E3A893C16426986A28E6299125B23A06C5F; PATH=/; DOMAIN=ui.ptlogin2.qq.com; SameSite=None; Secure Last-Modified: Wed, 17 Jul 2024 06:40:00 GMT Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:08 UTC	1476	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 73 63 72 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"> ...[if IE]><scr
2024-07-20 07:21:08 UTC	4096	IN	Data Raw: 6c 65 61 6e 3a 21 30 2c 6e 75 6d 62 65 72 3a 21 30 2c 75 6e 64 65 66 69 6e 65 64 3a 21 30 7d 3b 66 75 6e 63 74 69 6f 6e 20 64 28 74 2c 65 29 7b 76 61 72 20 72 2c 6f 3d 74 79 70 65 6f 66 20 74 3b 69 66 28 68 5b 6f 5d 29 72 65 74 75 72 6e 20 6f 2e 73 75 62 73 74 72 28 30 2c 33 29 2b 22 5f 22 2b 74 3b 69 66 28 6e 75 6c 6c 3d 3d 3d 74 29 72 65 74 75 72 6e 22 6e 75 6c 5f 6e 75 6c 6c 22 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 6f 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 3d 6f 29 72 65 74 75 72 6e 20 74 5b 66 5d 3f 74 5b 66 5d 3a 65 3f 28 72 3d 6c 2b 63 2b 2b 2c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3d 3d 3d 6e 2e 63 61 6c 6c 28 74 29 26 26 69 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 66 2c 7b 65 6e 75 6d 65 72 Data Ascii: lean:!0,number:!0,undefined:!0};function d(t,e){var r,o=typeof t;if(h[o])return o.substr(0,3)+"_"+t;if(null===t)return"nul_null";if("object"===o\|\|"function"===o)return t[f]?t[f]:e?(r=l+c++,"[object Object]"===n.call(t)&&i?Object.defineProperty(t,f,{enumer
2024-07-20 07:21:08 UTC	4096	IN	Data Raw: 6e 5d 2b 22 5d 22 3b 69 2e 70 75 73 68 28 74 29 2c 6f 2e 70 75 73 68 28 65 7c 7c 22 72 6f 6f 74 22 29 7d 72 65 74 75 72 6e 20 74 7d 29 2c 34 29 7c 7c 22 75 6e 64 65 66 69 6e 65 64 22 29 2e 72 65 70 6c 61 63 65 28 2f 22 2f 67 69 6d 2c 22 22 29 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 22 65 72 72 6f 72 20 68 61 70 70 65 6e 20 77 68 65 6e 20 61 65 67 69 73 20 73 74 72 69 6e 67 69 66 79 3a 20 5c 6e 20 22 2b 65 2e 6d 65 73 73 61 67 65 2b 22 20 5c 6e 20 22 2b 65 2e 73 74 61 63 6b 7d 76 61 72 20 69 2c 6f 7d 76 61 72 20 52 2c 54 2c 6e 3d 5b 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 22 2c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 22 2c 22 61 70 70 Data Ascii: n]+"]";i.push(t),o.push(e\|\|"root")}return t}),4)\|\|"undefined").replace(/"/gim,"")}catch(e){return"error happen when aegis stringify: \n "+e.message+" \n "+e.stack}var i,o}var R,T,n=["application/octet-stream","application/xhtml+xml","application/xml","app
2024-07-20 07:21:08 UTC	3040	IN	Data Raw: 22 3d 3d 74 79 70 65 6f 66 20 65 2e 6d 73 67 3f 65 2e 6d 73 67 3a 4f 28 65 2e 6d 73 67 29 2c 6c 65 76 65 6c 3a 65 2e 6c 65 76 65 6c 2c 74 72 61 63 65 3a 65 2e 74 72 61 63 65 7d 29 7d 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 65 2c 6f 3d 21 31 2c 72 3d 21 31 2c 74 3d 21 31 2c 73 3d 5b 5d 3b 69 2e 6c 69 66 65 43 79 63 6c 65 2e 6f 6e 28 22 6f 6e 43 6f 6e 66 69 67 43 68 61 6e 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 65 26 26 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 2c 65 3d 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3b 21 74 26 26 69 2e 63 6f 6e 66 69 67 26 26 28 74 3d 21 30 2c 28 65 3d 76 6f 69 64 20 30 3d 3d 3d 28 65 3d 69 2e 63 6f 6e 66 69 67 2e 77 68 69 74 65 4c 69 73 74 55 72 6c 29 3f 22 22 3a Data Ascii: "==typeof e.msg?e.msg:O(e.msg),level:e.level,trace:e.trace})},P=function(i){var e,o=!1,r=!1,t=!1,s=[];i.lifeCycle.on("onConfigChange",function(){e&&clearTimeout(e),e=setTimeout(function(){var e;!t&&i.config&&(t=!0,(e=void 0===(e=i.config.whiteListUrl)?"":
2024-07-20 07:21:08 UTC	2808	IN	Data Raw: 34 2e 32 31 22 2c 74 68 69 73 2e 62 65 61 6e 2e 61 69 64 3d 65 7c 7c 22 22 2c 72 26 26 28 74 68 69 73 2e 62 65 61 6e 2e 65 78 74 31 3d 72 29 2c 73 26 26 28 74 68 69 73 2e 62 65 61 6e 2e 65 78 74 32 3d 73 29 2c 61 26 26 28 74 68 69 73 2e 62 65 61 6e 2e 65 78 74 33 3d 61 29 2c 74 26 26 74 68 69 73 2e 6c 69 66 65 43 79 63 6c 65 2e 65 6d 69 74 28 22 6f 6e 43 6f 6e 66 69 67 43 68 61 6e 67 65 22 2c 74 68 69 73 2e 63 6f 6e 66 69 67 29 2c 74 68 69 73 2e 63 6f 6e 66 69 67 7d 2c 58 2e 75 73 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 2d 31 3d 3d 3d 58 2e 69 6e 73 74 61 6c 6c 65 64 50 6c 75 67 69 6e 73 2e 69 6e 64 65 78 4f 66 28 65 29 26 26 65 2e 61 65 67 69 73 50 6c 75 67 69 6e 26 26 58 2e 69 6e 73 74 61 6c 6c 65 64 50 6c 75 67 69 6e 73 2e 70 75 73 68 28 65 29 7d 2c Data Ascii: 4.21",this.bean.aid=e\|\|"",r&&(this.bean.ext1=r),s&&(this.bean.ext2=s),a&&(this.bean.ext3=a),t&&this.lifeCycle.emit("onConfigChange",this.config),this.config},X.use=function(e){-1===X.installedPlugins.indexOf(e)&&e.aegisPlugin&&X.installedPlugins.push(e)},
2024-07-20 07:21:08 UTC	4096	IN	Data Raw: 2e 70 72 6f 74 6f 74 79 70 65 2e 73 75 62 6d 69 74 43 75 73 74 6f 6d 54 69 6d 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 69 2c 6f 2c 72 29 7b 74 68 69 73 2e 63 75 73 74 6f 6d 54 69 6d 65 50 69 70 65 6c 69 6e 65 28 7b 6e 61 6d 65 3a 65 2c 64 75 72 61 74 69 6f 6e 3a 74 2c 65 78 74 31 3a 6e 7c 7c 74 68 69 73 2e 63 6f 6e 66 69 67 2e 65 78 74 31 2c 65 78 74 32 3a 69 7c 7c 74 68 69 73 2e 63 6f 6e 66 69 67 2e 65 78 74 32 2c 65 78 74 33 3a 6f 7c 7c 74 68 69 73 2e 63 6f 6e 66 69 67 2e 65 78 74 33 2c 66 72 6f 6d 3a 72 7c 7c 76 6f 69 64 20 30 7d 29 7d 2c 58 2e 70 72 6f 74 6f 74 79 70 65 2e 65 78 74 65 6e 64 42 65 61 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 68 69 73 2e 62 65 61 6e 5b 65 5d 3d 74 7d 2c 58 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 6e 64 Data Ascii: .prototype.submitCustomTime=function(e,t,n,i,o,r){this.customTimePipeline({name:e,duration:t,ext1:n\|\|this.config.ext1,ext2:i\|\|this.config.ext2,ext3:o\|\|this.config.ext3,from:r\|\|void 0})},X.prototype.extendBean=function(e,t){this.bean[e]=t},X.prototype.send
2024-07-20 07:21:08 UTC	116	IN	Data Raw: 70 69 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 2e 72 65 73 6f 75 72 63 65 54 79 70 65 48 61 6e 64 6c 65 72 29 3f 6e 75 6c 6c 3d 3d 3d 28 6e 3d 6f 2e 61 70 69 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6e 3f 76 6f 69 64 20 30 3a 6e 2e 72 65 73 6f 75 72 63 65 54 79 70 65 48 61 6e 64 6c 65 72 28 74 29 3a 22 22 2c 6e 3d 70 65 72 66 Data Ascii: pi)\|\|void 0===e?void 0:e.resourceTypeHandler)?null===(n=o.api)\|\|void 0===n?void 0:n.resourceTypeHandler(t):"",n=perf
2024-07-20 07:21:08 UTC	2808	IN	Data Raw: 6f 72 6d 61 6e 63 65 2e 67 65 74 45 6e 74 72 69 65 73 42 79 54 79 70 65 28 22 72 65 73 6f 75 72 63 65 22 29 2e 66 69 6e 64 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 6e 61 6d 65 3d 3d 3d 74 7d 29 2c 74 26 26 28 65 3d 7b 75 72 6c 3a 79 28 74 29 2c 73 74 61 74 75 73 3a 34 30 30 2c 64 75 72 61 74 69 6f 6e 3a 4e 75 6d 62 65 72 28 28 28 6e 75 6c 6c 3d 3d 6e 3f 76 6f 69 64 20 30 3a 6e 2e 64 75 72 61 74 69 6f 6e 29 7c 7c 30 29 2e 74 6f 46 69 78 65 64 28 32 29 29 2c 6d 65 74 68 6f 64 3a 22 67 65 74 22 2c 74 79 70 65 3a 65 7c 7c 22 73 74 61 74 69 63 22 2c 69 73 48 74 74 70 73 3a 77 28 74 29 2c 75 72 6c 51 75 65 72 79 3a 79 28 74 2c 21 30 29 2c 64 6f 6d 61 69 6e 4c 6f 6f 6b 75 70 3a 30 2c 63 6f 6e 6e 65 63 74 54 69 6d 65 3a 30 7d 2c 69 2e 70 Data Ascii: ormance.getEntriesByType("resource").find(function(e){return e.name===t}),t&&(e={url:y(t),status:400,duration:Number(((null==n?void 0:n.duration)\|\|0).toFixed(2)),method:"get",type:e\|\|"static",isHttps:w(t),urlQuery:y(t,!0),domainLookup:0,connectTime:0},i.p
2024-07-20 07:21:08 UTC	4096	IN	Data Raw: 54 2e 43 55 53 54 4f 4d 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 34 30 33 20 66 6f 72 62 69 64 64 65 6e 22 3d 3d 3d 65 26 26 72 2e 64 65 73 74 72 6f 79 28 29 7d 29 7d 5d 29 2c 74 68 69 73 2e 63 6f 6e 66 69 67 3d 28 74 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2c 76 6f 69 64 20 30 3d 3d 3d 28 65 3d 65 2e 68 6f 73 74 55 72 6c 29 26 26 28 65 3d 22 68 74 74 70 73 3a 2f 2f 61 65 67 69 73 2e 71 71 2e 63 6f 6d 22 29 2c 74 2e 75 72 6c 3d 74 2e 75 72 6c 7c 7c 65 2b 22 2f 63 6f 6c 6c 65 63 74 22 2c 74 2e 6f 66 66 6c 69 6e 65 55 72 6c 3d 74 2e 6f 66 66 6c 69 6e 65 55 72 6c 7c 7c 65 2b 22 2f 6f 66 66 6c 69 6e 65 22 2c 74 2e 77 68 69 74 65 4c 69 73 74 55 72 6c 3d 74 2e 77 68 69 74 65 4c 69 73 74 55 72 6c 7c 7c 65 2b 22 2f 63 6f 6c Data Ascii: T.CUSTOM},function(){},function(e){"403 forbidden"===e&&r.destroy()})}]),this.config=(t=this.config,void 0===(e=e.hostUrl)&&(e="https://aegis.qq.com"),t.url=t.url\|\|e+"/collect",t.offlineUrl=t.offlineUrl\|\|e+"/offline",t.whiteListUrl=t.whiteListUrl\|\|e+"/col
2024-07-20 07:21:08 UTC	4096	IN	Data Raw: 29 7b 74 3d 7b 75 72 6c 3a 6e 2c 69 73 48 74 74 70 73 3a 77 28 6e 29 2c 6d 65 74 68 6f 64 3a 28 6e 75 6c 6c 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 6d 65 74 68 6f 64 29 7c 7c 22 67 65 74 22 2c 64 75 72 61 74 69 6f 6e 3a 74 2c 74 79 70 65 3a 22 66 65 74 63 68 22 2c 73 74 61 74 75 73 3a 36 30 30 7d 3b 64 2e 70 75 62 6c 69 73 68 53 70 65 65 64 28 74 29 7d 7d 3b 74 68 69 73 2e 68 61 63 6b 46 65 74 63 68 4f 70 74 69 6f 6e 73 3d 65 2c 47 28 74 68 69 73 2e 68 61 63 6b 46 65 74 63 68 4f 70 74 69 6f 6e 73 29 7d 2c 67 65 74 52 65 71 75 65 73 74 54 79 70 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 69 2c 6f 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 75 6c 6c 3d 3d 3d 28 69 3d 65 2e 61 70 69 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d Data Ascii: ){t={url:n,isHttps:w(n),method:(null==i?void 0:i.method)\|\|"get",duration:t,type:"fetch",status:600};d.publishSpeed(t)}};this.hackFetchOptions=e,G(this.hackFetchOptions)},getRequestType:function(e,t,n){var i,o="function"==typeof(null===(i=e.api)\|\|void 0===

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49710	123.6.105.199	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:10 UTC	525	OUT	GET /ptlogin/v4/style/40/images/logo.png HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: imgcache.qq.com Connection: Keep-Alive
2024-07-20 07:21:10 UTC	742	IN	HTTP/1.1 200 OK Last-Modified: Thu, 03 Nov 2022 03:14:50 GMT Content-Type: image/png X-DataSrc: 9 X-ReqGue: 0 Cache-Control: max-age=2592000 Age: 687466 Content-Length: 1190 Accept-Ranges: bytes X-NWS-LOG-UUID: 14151659408081841535 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:10 GMT X-Cache-Lookup: Cache Hit Timing-Allow-Origin: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com Access-Control-Allow-Origin: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com Vary: Accept
2024-07-20 07:21:10 UTC	1190	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 0d 08 03 00 00 00 aa f7 7f 70 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 03 26 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e Data Ascii: PNGIHDRpgAMAasRGB&iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49711	203.205.136.80	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:11 UTC	560	OUT	GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/theme/theme_0.css HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: qq-web-legacy.cdn-go.cn Connection: Keep-Alive
2024-07-20 07:21:12 UTC	624	IN	HTTP/1.1 200 OK Last-Modified: Wed, 17 Jul 2024 06:41:14 GMT Etag: "410e0d065899b7a313a1b47fe1d4bb9f" Content-Type: text/css Date: Wed, 17 Jul 2024 07:15:09 GMT Server: tencent-cos x-cos-hash-crc64ecma: 6070193590626324689 x-cos-request-id: NjY5NzZmN2RfYzhkMGU5MDlfMTQ4ZGFfYjlhYTdk x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjI4NzUyMzQ2MDQyNjg Content-Length: 121 Accept-Ranges: bytes X-NWS-LOG-UUID: 15537872418543453240 Connection: close X-Cache-Lookup: Cache Hit Access-Control-Allow-Origin: * Vary: User-Agent,Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:12 UTC	121	IN	Data Raw: 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 7d 2e 71 6c 6f 67 69 6e 20 2e 66 61 63 65 20 2e 6e 69 63 6b 2c 2e 71 6c 6f 67 69 6e 5f 6c 69 73 74 20 2e 72 65 74 75 72 6e 7b 77 69 64 74 68 3a 31 30 30 25 7d 2e 71 6c 6f 67 69 6e 20 2e 71 72 5f 31 20 2e 71 72 5f 69 6e 76 61 6c 69 64 5f 74 69 70 73 7b 63 6f 6c 6f 72 3a 23 46 46 46 7d Data Ascii: body{background-color:#FFF}.qlogin .face .nick,.qlogin_list .return{width:100%}.qlogin .qr_1 .qr_invalid_tips{color:#FFF}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49712	123.6.105.199	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:13 UTC	532	OUT	GET /ptlogin/v4/style/40/images/icon_3_tiny.png HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: imgcache.qq.com Connection: Keep-Alive
2024-07-20 07:21:13 UTC	742	IN	HTTP/1.1 200 OK Last-Modified: Wed, 02 Nov 2022 19:59:03 GMT Content-Type: image/png X-DataSrc: 9 X-ReqGue: 0 Cache-Control: max-age=2592000 Age: 861010 Content-Length: 10711 Accept-Ranges: bytes X-NWS-LOG-UUID: 4439758127927214434 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:13 GMT X-Cache-Lookup: Cache Hit Timing-Allow-Origin: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com Access-Control-Allow-Origin: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com Vary: Accept
2024-07-20 07:21:13 UTC	10711	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 12 00 00 02 b9 08 03 00 00 00 44 da 51 a1 00 00 03 00 50 4c 54 45 00 00 00 81 c2 ff ef ef ef 81 c2 ff 98 c8 f5 81 c2 ff 80 c2 ff 72 ba ff 71 ba ff 72 bb ff 81 c2 ff f2 f1 f1 ea ea ea 05 02 02 04 00 00 a7 c6 e2 33 34 32 4a 4f 45 da d9 d3 e7 e6 e2 e9 2d 03 e9 2a 02 e9 2a 00 ea 26 04 e9 24 00 88 88 88 ea 25 03 ea 26 04 7c bf fd e9 e9 e9 f2 f2 f2 dd 59 0f d0 d0 ce 7f c1 ff e9 24 00 e9 24 00 ea 2b 0a ea 2b 0b bd bd b7 ea 25 02 ea 25 03 ea 27 05 ba ba ba fc fc fc ba ba ba bc bd be dd de de e9 24 00 e7 e7 e7 ed ed ed e3 e3 e3 f0 f0 f0 83 c3 ff e9 e9 e9 81 c2 ff b4 b4 b4 fa fa fa c5 c5 c5 e9 e8 e8 f9 f9 f9 ec ec ec b4 b4 b4 8a 8a 8a f7 ed ec ff ff ff e4 cb 57 c4 c4 c4 dd dd dd 8a c6 ff b4 b4 b4 b4 b4 b4 be Data Ascii: PNGIHDRDQPLTErqr342JOE-**&$%&\|Y$$++%%'$W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49714	203.205.136.80	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:13 UTC	567	OUT	GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/go_left_ie.png HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: qq-web-legacy.cdn-go.cn Connection: Keep-Alive
2024-07-20 07:21:14 UTC	621	IN	HTTP/1.1 200 OK Last-Modified: Wed, 17 Jul 2024 06:41:15 GMT Etag: "dc7fd3bb66140c9fb9312c190befeacd" Content-Type: image/png Date: Wed, 17 Jul 2024 07:15:49 GMT Server: tencent-cos x-cos-hash-crc64ecma: 1634144184227043324 x-cos-request-id: NjY5NzZmYTVfMjlmNzRjMGJfNjNkX2I5OTQ2Mg== x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjI4NzUyMzQ0NDI4MDk Content-Length: 488 Accept-Ranges: bytes X-NWS-LOG-UUID: 9162616984082712673 Connection: close X-Cache-Lookup: Cache Hit Access-Control-Allow-Origin: * Vary: User-Agent,Origin Cache-Control: max-age=666 Is-Immutable-In-The-Future: false
2024-07-20 07:21:14 UTC	488	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 15 08 06 00 00 00 72 ac 0f b4 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 a2 49 44 41 54 38 4f 95 53 bb 6a 1b 41 14 3d 77 76 b3 20 04 71 93 26 9d 8d 83 83 21 c6 ee fc 05 b6 8b f8 51 58 c1 04 84 40 8d 46 91 8c 0a 55 2a f5 0f 62 35 33 2b a9 37 a8 71 13 48 21 30 38 0a f8 51 a6 c9 1f a8 48 40 d8 44 24 82 91 c6 ac d8 15 b6 b3 5a 29 53 de 7b 0f 73 ef 79 10 16 78 42 88 65 c6 d8 2e e7 dc a3 79 f3 4a a9 55 00 5f 01 bc 06 70 1a 0b f0 3c 6f cd 18 f3 0d c0 2b 00 df b5 d6 bb 33 01 cd 66 f3 dd 68 34 ea 02 58 02 70 3d 1c 0e 0f 4a a5 d2 cf 48 40 ab d5 da d4 5a df 02 78 01 a0 db ef f7 f7 2b 95 ca 9d bf fe 3f 00 a5 d4 36 80 ab e0 b6 0b ad f5 61 b1 58 fc 1d de fa 04 e0 79 de 9e 31 e6 4b d0 fc 3c 18 0c Data Ascii: PNGIHDRrsRGBIDAT8OSjA=wv q&!QX@FU*b53+7qH!08QH@D$Z)S{syxBe.yJU_p<o+3fh4Xp=JH@Zx+?6aXy1K<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49715	123.6.105.199	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:14 UTC	532	OUT	GET /ptlogin/v4/style/40/images/onekey_tips.png HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: imgcache.qq.com Connection: Keep-Alive
2024-07-20 07:21:14 UTC	741	IN	HTTP/1.1 200 OK Last-Modified: Tue, 01 Nov 2022 22:23:30 GMT Content-Type: image/png X-DataSrc: 9 X-ReqGue: 0 Cache-Control: max-age=2592000 Age: 860696 Content-Length: 4223 Accept-Ranges: bytes X-NWS-LOG-UUID: 8970381092671210490 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:14 GMT X-Cache-Lookup: Cache Hit Timing-Allow-Origin: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com Access-Control-Allow-Origin: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com Vary: Accept
2024-07-20 07:21:14 UTC	4223	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a0 00 00 00 c6 08 03 00 00 00 62 bc 7b 58 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 ea 50 4c 54 45 4c 69 71 e6 e6 e6 f5 f5 f5 59 59 59 0e 0e 0e 0b 0b 0b 06 06 06 01 01 01 00 00 00 02 02 02 89 89 89 c1 c1 c1 e9 e9 e9 a6 a6 a6 b1 b1 b1 ce ce ce e8 e8 e8 de de de 7e 7e 7e f7 f7 f9 ff ff ff 1d b9 f2 11 b6 f5 f9 fa fc d2 d2 d3 f6 f6 f8 0b b5 f5 ff fb f9 87 d9 f8 f2 f1 f3 e6 e6 e8 ec ec ee fd fd fe df df e2 d9 d9 da 72 d3 f7 c7 ee fc 2a bd f4 bb e7 f9 8f dc fa 54 cb f6 cb ca cc 3a c3 f6 c2 c1 c3 cf ce d1 bc bc be a3 e2 f8 47 c6 f6 c6 c6 c8 15 Data Ascii: PNGIHDRb{XgAMAasRGBtEXtSoftwareAdobe ImageReadyqe<PLTELiqYYY~~~r*T:G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49713	203.205.136.80	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:14 UTC	570	OUT	GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/error_icon_ie.png HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: qq-web-legacy.cdn-go.cn Connection: Keep-Alive
2024-07-20 07:21:14 UTC	623	IN	HTTP/1.1 200 OK Last-Modified: Wed, 17 Jul 2024 06:41:15 GMT Etag: "dd6f19337dd5a7ec79fb3566167d3100" Content-Type: image/png Date: Wed, 17 Jul 2024 07:20:28 GMT Server: tencent-cos x-cos-hash-crc64ecma: 12908737476952392719 x-cos-request-id: NjY5NzcwYmNfNGRjZDMwMGJfZTZiYl9iOWY5N2M= x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjI4NzUyMzQ0NDQyMTQ Content-Length: 394 Accept-Ranges: bytes X-NWS-LOG-UUID: 12395258658516838691 Connection: close X-Cache-Lookup: Cache Hit Access-Control-Allow-Origin: * Vary: User-Agent,Origin Cache-Control: max-age=666 Is-Immutable-In-The-Future: false
2024-07-20 07:21:14 UTC	394	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 44 49 44 41 54 38 4f 9d 93 3d 4b 03 41 10 86 9f b9 8b e2 cf b0 b0 54 c8 4f 08 18 2b b1 b5 10 cc 07 88 18 83 60 13 b0 52 6c 6c 52 fa 71 a2 c1 9c 58 5b 89 5d 82 f9 07 22 da c5 c2 9f 21 78 9b 91 64 a3 5e 92 bd 1c b8 dd ce ce 3c 33 2f fb 8e 30 76 34 b7 b9 48 c6 ab 02 79 60 7e f8 fc 81 d2 a1 e7 9f c9 d3 cd 4b bc 44 7e 2e 9a 2b cd e1 13 20 94 c6 a1 23 77 d5 06 46 f6 a4 13 7e f6 e3 03 c0 a0 38 a3 0f 20 fd ae e9 47 b5 85 91 b5 3e c4 02 96 4b cd d4 ce 13 5a 35 94 f6 6d 59 74 65 23 8b ce 3e 3b db 3e 5e d9 f0 ea b6 7b aa c8 2c 89 2e 17 af 11 d9 72 66 dc 9f 82 31 b0 be 9f 24 eb 52 34 5f e8 82 b7 e0 cc 68 9e 80 ef 41 e1 20 Data Ascii: PNGIHDRasRGBDIDAT8O=KATO+`RllRqX[]"!xd^<3/0v4Hy`~KD~.+ #wF~8 G>KZ5mYte#>;>^{,.rf1$R4_hA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49716	129.226.103.162	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:14 UTC	847	OUT	GET /style/11/images/icon_24_c_3.png HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ui.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10
2024-07-20 07:21:14 UTC	270	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:14 GMT Content-Type: image/png Content-Length: 9532 Connection: close Server: QZHTTP-2.38.41 Last-Modified: Wed, 17 Jul 2024 06:41:12 GMT Cache-Control: public; max-age=86400 Expires: Sun, 21 Jul 2024 07:21:14 GMT
2024-07-20 07:21:14 UTC	1134	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 12 00 00 01 63 08 03 00 00 00 c6 97 74 75 00 00 03 00 50 4c 54 45 9c 9c 9c 88 88 88 eb e7 e7 88 88 88 8b 8b 84 d2 b5 2c 9f ce fc d8 84 00 6d b8 26 3c 97 15 85 85 85 de 83 07 d1 d1 d1 9c c9 f5 d4 d4 d4 de aa 33 d6 d6 d6 d0 85 08 88 88 88 cc cd ce 67 b9 22 cb b2 21 d6 b8 2c 9b c4 ec 6c c1 24 e8 e8 e8 e7 d5 7f db c9 75 81 c2 ff df a9 1b d6 cd 8a e5 cd 5c b1 b1 b1 de 9c 10 c2 c2 c2 84 c3 ff ef e3 e1 df cd 78 7d 7e 7e bd b3 21 e6 e6 e6 5a b0 1e ed d4 d0 e4 e9 ee b9 b9 b9 dc dc dc e5 e5 e5 da db db ee ed ec 83 83 83 ca c7 bc e1 e1 e1 aa aa aa b8 b8 b6 bd b9 b6 b6 b6 b6 81 c2 ff bb bb b9 c1 be af b3 b3 b3 81 c2 ff ea 26 03 ea 28 04 ea 27 03 e9 24 00 ea 25 01 ea 27 04 bb bb b6 e8 24 01 ea 27 03 dd 22 00 dc Data Ascii: PNGIHDRctuPLTE,m&<3g"!,l$u\x}~~!Z&('$%'$'"
2024-07-20 07:21:14 UTC	4096	IN	Data Raw: 82 24 48 82 24 48 82 24 48 62 97 90 c4 48 82 17 66 99 5f 98 e5 eb 40 13 4d 44 bd 7c 0f 7c c9 55 8c 95 f4 e1 a5 c0 66 95 81 a2 28 b1 58 1c 23 c5 62 04 03 ca 88 47 24 38 96 c0 48 63 c1 48 3c a6 94 c5 e2 c1 c4 50 34 3a 8e 8d 47 a3 43 89 60 3c 56 46 44 5a 6a 1e 60 ac 9a 16 62 52 16 49 6c de d9 0b 18 ab 77 e7 e6 44 a4 2c 38 54 93 00 4c 2d 51 33 14 2c 1b 8b 3e 00 2c db 83 e8 58 59 02 49 f2 49 12 65 89 71 24 c9 25 19 47 12 24 41 12 24 41 12 24 41 12 24 b1 47 48 82 24 48 82 24 48 82 24 48 82 24 76 09 49 90 04 49 90 04 49 90 04 49 90 c4 2e 21 09 92 20 09 92 20 49 b1 48 f0 62 0a c3 c5 14 78 c9 8d e1 92 1b bc 30 cb 70 61 16 bb 7c 0f 4d 34 11 76 f9 5e 3c 98 d8 8c 17 79 aa d5 6c 4e 04 e3 fc 52 60 bc 12 98 a5 5e 0a ac c4 e2 78 c1 38 6f 4c bd 60 1c 00 ff 56 41 de df 2b Data Ascii: $H$H$HbHf_@MD\|\|Uf(X#bG$8HcH<P4:GC`<VFDZj`bRIlwD,8TL-Q3,>,XYIIeq$%G$A$A$A$GH$H$H$H$vIIII.! IHbx0pa\|M4v^<ylNR`^x8oL`VA+
2024-07-20 07:21:14 UTC	1520	IN	Data Raw: b6 e0 36 cd b0 6b 55 2b 95 8a 9d 67 4f 1d 49 a9 88 c5 b4 13 aa b5 c0 da 5b 9e f4 c4 2d 51 3c 9e 4a 45 ad a9 c0 9b 06 d0 16 14 7a df 89 bb cd a6 15 54 27 2e 4d 29 85 cd d1 e9 20 81 94 06 6f 4d e3 d2 0a 69 60 39 68 85 82 a1 10 81 50 c9 64 32 15 8d 8e 2b 14 7d 34 17 b3 ab 4f 37 07 94 02 33 dc 4c 6b a8 39 7c da 93 ac fb 48 4a a5 43 34 6e db d5 ea a0 f9 90 e5 f1 04 2d 90 50 a5 64 81 57 a6 1e 80 26 7b ae 50 45 ca 45 41 eb 9e 2d dd 69 3a 6c f5 50 1b 14 c4 4f 2b 14 f7 91 1c 1e 02 09 16 45 63 da 49 0d 4d 5a 9e a9 45 38 84 ee 88 1b 26 68 d1 d0 7c c9 d6 a1 b9 e9 2c 87 99 c3 da 98 88 3c 3a 53 91 d0 39 4d 24 54 26 93 c1 86 7b a4 a3 6b 2b a1 05 2b 34 e5 59 0c 85 94 89 22 b1 89 40 d1 f1 75 e7 f1 6d 78 b5 7d 98 94 09 ae 66 30 90 c9 28 ad a1 e3 3a 92 8c 68 87 1b 82 e1 26 Data Ascii: 6kU+gOI[-Q<JEzT'.M) oMi`9hPd2+}4O73Lk9\|HJC4n-PdW&{PEEA-i:lPO+EcIMZE8&h\|,<:S9M$T&{k++4Y"@umx}f0(:h&
2024-07-20 07:21:14 UTC	2782	IN	Data Raw: 5d 92 84 4d 72 89 1c 4c 92 84 c2 48 2d f9 7c 7d 5e 88 18 24 93 e9 74 3a 57 a0 62 69 5a a2 06 22 b5 b2 fc 68 d3 e9 6c 16 5f 2d a5 cb f8 c5 4d b9 8a 3b 11 5c 6a 16 e4 91 18 52 17 ed c5 c5 28 af 50 d0 88 24 cb c4 d3 12 3a 6e 20 d9 dc dc de 3e d8 de de 26 99 b7 dc 80 0a d6 03 60 c1 66 32 a9 30 b4 81 c9 7a 39 77 14 e7 e9 2f 0e a6 de ac 1d 07 c2 d1 66 24 21 20 c9 e7 88 84 ca a5 cb 14 a0 d0 4f 3a 18 8b 14 74 c8 53 ab 96 b3 44 a5 f1 44 67 65 d0 b0 85 c1 e8 32 e6 14 84 5f 2c af 99 45 b3 0e 1e e8 10 71 11 c9 ab 57 2f 37 37 5f 6e 02 c9 b6 2d 52 e1 c2 db c9 64 b3 4d e0 93 d0 54 70 d6 6f 2b 1c 8e fb e1 91 56 24 e3 69 74 1f 4c 12 50 2e 56 ae a6 73 79 1c e3 00 81 88 e4 b4 97 28 24 76 f6 12 38 7b aa 96 63 99 1c a3 0b 3c e0 8b 02 78 c9 9a 2b 48 ee d0 4c 03 1e 58 b5 e1 18 Data Ascii: ]MrLH-\|}^$t:WbiZ"hl_-M;\jR(P$:n >&`f20z9w/f$! O:tSDDge2_,EqW/77_n-RdMTpo+V$itLP.Vsy($v8{c<x+HLX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49717	203.205.136.80	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:15 UTC	568	OUT	GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/40/images/go_right_ie.png HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: qq-web-legacy.cdn-go.cn Connection: Keep-Alive
2024-07-20 07:21:16 UTC	623	IN	HTTP/1.1 200 OK Last-Modified: Wed, 17 Jul 2024 06:41:15 GMT Etag: "faa4acec8888ecc3f7517cdf0b58530c" Content-Type: image/png Date: Wed, 17 Jul 2024 07:15:49 GMT Server: tencent-cos x-cos-hash-crc64ecma: 17143823528256864237 x-cos-request-id: NjY5NzZmYTVfODk4ZDFiMDlfMjFjYjVfYmEyYTJh x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjI4NzUyMzQ0MzM2MzU Content-Length: 494 Accept-Ranges: bytes X-NWS-LOG-UUID: 13759241321020206895 Connection: close X-Cache-Lookup: Cache Hit Access-Control-Allow-Origin: * Vary: User-Agent,Origin Cache-Control: max-age=666 Is-Immutable-In-The-Future: false
2024-07-20 07:21:16 UTC	494	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 15 08 06 00 00 00 72 ac 0f b4 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 a8 49 44 41 54 38 4f 8d 93 41 6b 1a 41 14 c7 ff 6f 77 c1 16 43 8a d0 1e fc 1a 85 36 81 d8 43 c1 83 d0 8b 17 41 c8 49 d4 9d 59 17 c1 8f e0 d1 93 82 a0 3b e3 a1 82 08 a5 b4 3d 34 6d 0e f9 06 f5 50 68 69 2f 2d ed 37 c8 25 10 11 36 3a 13 66 71 43 9a e8 da b9 bd f9 bf 1f 8f f7 fe ef 11 00 04 41 70 6c 59 d6 17 c6 d8 5f 13 27 3d 12 42 54 88 e8 35 80 73 22 3a 72 5d f7 77 22 d0 ef f7 9f a4 52 a9 4f 00 0e 00 5c d8 b6 9d ab d5 6a 3f b7 41 64 84 4e a7 f3 28 93 c9 7c 06 90 03 70 e5 38 ce b3 6a b5 fa 7d 13 14 01 e6 0d 06 83 3d c7 71 4e 00 bc 5c 7f 1d 32 c6 66 77 a1 1b c0 08 dd 6e f7 61 3a 9d 7e 07 e0 95 89 89 a8 e0 ba ee d9 Data Ascii: PNGIHDRrsRGBIDAT8OAkAowC6CAIY;=4mPhi/-7%6:fqCAplY_'=BT5s":r]w"RO\j?AdN(\|p8j}=qN\2fwna:~

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49718	203.205.136.80	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:17 UTC	549	OUT	GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/js/c_login_2.js HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: qq-web-legacy.cdn-go.cn Connection: Keep-Alive
2024-07-20 07:21:18 UTC	649	IN	HTTP/1.1 200 OK Last-Modified: Wed, 17 Jul 2024 06:41:14 GMT Etag: "6fcb24d509e189ac5d3e9cbe21222478" Content-Type: application/javascript Date: Wed, 17 Jul 2024 07:15:10 GMT Server: tencent-cos x-cos-hash-crc64ecma: 5054172993416104004 x-cos-request-id: NjY5NzZmN2VfYzVkMmIyMDlfOTUzOV8xMWMzODZh x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjI4NzUyMzQ3MjAxNzc Content-Length: 217912 Accept-Ranges: bytes X-NWS-LOG-UUID: 12548308652433995172 Connection: close X-Cache-Lookup: Cache Refresh Hit Access-Control-Allow-Origin: * Vary: User-Agent,Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 6f 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 69 66 28 6f 5b 74 5d 29 72 65 74 75 72 6e 20 6f 5b 74 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 65 3d 6f 5b 74 5d 3d 7b 22 69 22 3a 74 2c 22 6c 22 3a 21 31 2c 22 65 78 70 6f 72 74 73 22 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 6e 5b 74 5d 2e 63 61 6c 6c 28 65 2e 65 78 70 6f 72 74 73 2c 65 2c 65 2e 65 78 70 6f 72 74 73 2c 69 29 2c 65 2e 6c 3d 21 30 2c 65 2e 65 78 70 6f 72 74 73 7d 69 2e 6d 3d 6e 2c 69 2e 63 3d 6f 2c 69 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 69 2e 6f 28 74 2c 65 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 65 2c 7b 22 65 6e 75 6d 65 72 61 62 6c 65 22 3a 21 30 2c 22 67 65 74 22 3a 6e 7d Data Ascii: !function(n){var o={};function i(t){if(o[t])return o[t].exports;var e=o[t]={"i":t,"l":!1,"exports":{}};return n[t].call(e.exports,e,e.exports,i),e.l=!0,e.exports}i.m=n,i.c=o,i.d=function(t,e,n){i.o(t,e)\|\|Object.defineProperty(t,e,{"enumerable":!0,"get":n}
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 65 78 4f 66 28 22 6d 73 69 65 22 29 26 26 22 42 61 63 6b 43 6f 6d 70 61 74 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 63 6f 6d 70 61 74 4d 6f 64 65 7c 7c 28 64 3d 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3f 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 6e 2c 6e 75 6c 6c 29 3a 6e 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 2c 75 3d 6f 2e 77 69 64 74 68 7c 7c 30 3d 3d 6f 2e 77 69 64 74 68 3f 70 61 72 73 65 49 6e 74 28 6f 2e 77 69 64 74 68 29 3a 6e 75 6c 6c 2c 63 3d 6f 2e 68 65 69 67 68 74 7c 7c 30 3d 3d 6f 2e 68 65 69 67 68 74 3f 70 61 72 73 65 49 6e 74 28 6f 2e 68 65 69 67 68 74 29 3a 6e 75 6c 6c 2c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 75 26 26 28 6c 2e 70 75 73 68 28 Data Ascii: exOf("msie")&&"BackCompat"==document.compatMode\|\|(d=document.defaultView?document.defaultView.getComputedStyle(n,null):n.currentStyle,u=o.width\|\|0==o.width?parseInt(o.width):null,c=o.height\|\|0==o.height?parseInt(o.height):null,"number"==typeof u&&(l.push(
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 65 3d 28 6e 7c 7c 70 2e 70 61 72 73 65 29 28 65 29 29 2c 6f 5b 74 5d 3d 65 3b 62 72 65 61 6b 3b 63 61 73 65 22 70 6f 72 74 22 3a 6f 5b 74 5d 3d 65 2c 66 28 65 2c 6f 2e 70 72 6f 74 6f 63 6f 6c 29 3f 65 26 26 28 6f 2e 68 6f 73 74 3d 6f 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 65 29 3a 28 6f 2e 68 6f 73 74 3d 6f 2e 68 6f 73 74 6e 61 6d 65 2c 6f 5b 74 5d 3d 22 22 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 68 6f 73 74 6e 61 6d 65 22 3a 6f 5b 74 5d 3d 65 2c 6f 2e 70 6f 72 74 26 26 28 65 2b 3d 22 3a 22 2b 6f 2e 70 6f 72 74 29 2c 6f 2e 68 6f 73 74 3d 65 3b 62 72 65 61 6b 3b 63 61 73 65 22 68 6f 73 74 22 3a 6f 5b 74 5d 3d 65 2c 75 2e 74 65 73 74 28 65 29 3f 28 65 3d 65 2e 73 70 6c 69 74 28 22 3a 22 29 2c 6f 2e 70 6f 72 74 3d 65 2e 70 6f 70 28 29 2c 6f 2e 68 6f 73 74 Data Ascii: e=(n\|\|p.parse)(e)),o[t]=e;break;case"port":o[t]=e,f(e,o.protocol)?e&&(o.host=o.hostname+":"+e):(o.host=o.hostname,o[t]="");break;case"hostname":o[t]=e,o.port&&(e+=":"+o.port),o.host=e;break;case"host":o[t]=e,u.test(e)?(e=e.split(":"),o.port=e.pop(),o.host
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 65 72 28 74 5b 6e 5d 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 3b 31 3d 3d 6f 2e 6c 65 6e 67 74 68 26 26 28 6f 3d 22 30 22 2b 6f 29 2c 65 2b 3d 6f 7d 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 79 28 74 29 7b 69 3d 6e 65 77 20 41 72 72 61 79 28 38 29 2c 75 3d 6e 65 77 20 41 72 72 61 79 28 38 29 2c 73 3d 63 3d 30 2c 70 3d 21 30 2c 61 3d 30 3b 76 61 72 20 65 3d 74 2e 6c 65 6e 67 74 68 2c 6e 3d 30 3b 30 21 3d 28 61 3d 28 65 2b 31 30 29 25 38 29 26 26 28 61 3d 38 2d 61 29 2c 64 3d 6e 65 77 20 41 72 72 61 79 28 65 2b 61 2b 31 30 29 2c 69 5b 30 5d 3d 32 35 35 26 28 32 34 38 26 68 28 29 7c 61 29 3b 66 6f 72 28 76 61 72 20 6f 3d 31 3b 6f 3c 3d 61 3b 6f 2b 2b 29 69 5b 6f 5d 3d 32 35 35 26 68 28 29 3b 61 2b 2b 3b 66 6f 72 28 6f 3d 30 3b 6f 3c 38 3b 6f 2b Data Ascii: er(t[n]).toString(16);1==o.length&&(o="0"+o),e+=o}return e}function y(t){i=new Array(8),u=new Array(8),s=c=0,p=!0,a=0;var e=t.length,n=0;0!=(a=(e+10)%8)&&(a=8-a),d=new Array(e+a+10),i[0]=255&(248&h()\|a);for(var o=1;o<=a;o++)i[o]=255&h();a++;for(o=0;o<8;o+
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 5d 2e 63 68 65 63 6b 2e 69 73 4d 61 69 6c 28 74 29 29 72 65 74 75 72 6e 21 30 3b 69 66 28 53 5b 22 64 65 66 61 75 6c 74 22 5d 2e 63 68 65 63 6b 2e 69 73 50 68 6f 6e 65 28 74 29 29 72 65 74 75 72 6e 20 45 2e 61 74 5f 61 63 63 6f 75 6e 74 3d 22 40 22 2b 74 2e 72 65 70 6c 61 63 65 28 2f 5e 28 38 36 7c 38 38 36 29 2f 2c 22 22 29 2c 21 30 3b 69 66 28 53 5b 22 64 65 66 61 75 6c 74 22 5d 2e 63 68 65 63 6b 2e 69 73 4e 69 63 6b 28 74 29 29 72 65 74 75 72 6e 28 30 2c 53 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 75 22 29 2e 76 61 6c 75 65 3d 74 2b 22 40 71 71 2e 63 6f 6d 22 2c 45 2e 61 63 63 6f 75 6e 74 3d 74 2b 22 40 71 71 2e 63 6f 6d 22 2c 45 2e 61 74 5f 61 63 63 6f 75 6e 74 3d 74 2b 22 40 71 71 2e 63 6f 6d 22 2c 21 30 7d 72 65 74 75 72 6e 20 53 5b 22 64 65 66 61 Data Ascii: ].check.isMail(t))return!0;if(S["default"].check.isPhone(t))return E.at_account="@"+t.replace(/^(86\|886)/,""),!0;if(S["default"].check.isNick(t))return(0,S["default"])("u").value=t+"@qq.com",E.account=t+"@qq.com",E.at_account=t+"@qq.com",!0}return S["defa
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 28 22 67 65 74 22 2c 74 29 2c 6e 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 34 3d 3d 6e 2e 72 65 61 64 79 53 74 61 74 65 29 69 66 28 32 30 30 3c 3d 6e 2e 73 74 61 74 75 73 26 26 6e 2e 73 74 61 74 75 73 3c 33 30 30 7c 7c 33 30 34 3d 3d 3d 6e 2e 73 74 61 74 75 73 7c 7c 31 32 32 33 3d 3d 3d 6e 2e 73 74 61 74 75 73 7c 7c 30 3d 3d 3d 6e 2e 73 74 61 74 75 73 29 7b 74 72 79 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 6e 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 2c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2e 61 70 70 65 Data Ascii: ("get",t),n.onreadystatechange=function(){if(4==n.readyState)if(200<=n.status&&n.status<300\|\|304===n.status\|\|1223===n.status\|\|0===n.status){try{var t=document.createElement("script");t.innerHTML=n.responseText,document.getElementsByTagName("head")[0].appe
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 75 72 6c 2b 22 23 22 3b 66 6f 72 28 65 20 69 6e 20 74 29 6e 2b 3d 65 2b 22 3d 22 2b 74 5b 65 5d 2b 22 26 22 3b 28 30 2c 53 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 70 72 6f 78 79 22 29 26 26 28 28 30 2c 53 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 70 72 6f 78 79 22 29 2e 69 6e 6e 65 72 48 54 4d 4c 3d 27 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 27 2b 65 6e 63 6f 64 65 55 52 49 28 6e 29 2b 27 22 3e 3c 2f 69 66 72 61 6d 65 3e 27 29 7d 65 6c 73 65 20 74 72 79 7b 6e 61 76 69 67 61 74 6f 72 2e 70 74 6c 6f 67 69 6e 5f 63 61 6c 6c 62 61 63 6b 26 26 6e 61 76 69 67 61 74 6f 72 2e 70 74 6c 6f 67 69 6e 5f 63 61 6c 6c 62 61 63 6b 28 53 5b 22 64 65 66 61 75 6c 74 22 5d 2e 73 74 72 2e 6a 73 6f 6e 32 73 74 72 28 74 29 29 7d 63 61 74 63 68 28 6f 29 7b 53 5b 22 64 65 66 61 Data Ascii: url+"#";for(e in t)n+=e+"="+t[e]+"&";(0,S["default"])("proxy")&&((0,S["default"])("proxy").innerHTML='<iframe src="'+encodeURI(n)+'"></iframe>')}else try{navigator.ptlogin_callback&&navigator.ptlogin_callback(S["default"].str.json2str(t))}catch(o){S["defa
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 61 2e 5f 69 6d 6d 65 64 69 61 74 65 46 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 2e 5f 68 61 6e 64 6c 65 64 7c 7c 61 2e 5f 75 6e 68 61 6e 64 6c 65 64 52 65 6a 65 63 74 69 6f 6e 46 6e 28 74 2e 5f 76 61 6c 75 65 29 7d 29 3b 66 6f 72 28 76 61 72 20 65 3d 30 2c 6e 3d 74 2e 5f 64 65 66 65 72 72 65 64 73 2e 6c 65 6e 67 74 68 3b 65 3c 6e 3b 65 2b 2b 29 72 28 74 2c 74 2e 5f 64 65 66 65 72 72 65 64 73 5b 65 5d 29 3b 74 2e 5f 64 65 66 65 72 72 65 64 73 3d 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 64 28 74 2c 65 2c 6e 29 7b 74 68 69 73 2e 6f 6e 46 75 6c 66 69 6c 6c 65 64 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 3f 74 3a 6e 75 6c 6c 2c 74 68 69 73 2e 6f 6e 52 65 6a 65 63 74 65 64 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 3f Data Ascii: a._immediateFn(function(){t._handled\|\|a._unhandledRejectionFn(t._value)});for(var e=0,n=t._deferreds.length;e<n;e++)r(t,t._deferreds[e]);t._deferreds=null}function d(t,e,n){this.onFulfilled="function"==typeof t?t:null,this.onRejected="function"==typeof e?
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 6f 72 74 2e 6d 6f 6e 69 74 6f 72 28 34 39 32 38 30 34 2c 2e 30 35 29 7d 2c 30 29 7d 2c 69 74 3d 66 75 6e 63 74 69 6f 6e 20 69 74 28 29 7b 63 2e 6c 6f 67 67 65 72 2e 6c 6f 67 28 22 72 65 6d 6f 76 65 41 6c 6c 43 68 69 6c 64 72 65 6e 45 78 63 65 70 74 51 52 43 6f 64 65 20 63 68 69 6c 64 20 6c 65 6e 67 74 68 20 69 73 3d 22 2c 28 30 2c 6b 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 71 6c 6f 67 69 6e 5f 6c 69 73 74 22 29 2e 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 29 3b 66 6f 72 28 76 61 72 20 74 3d 28 30 2c 6b 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 71 6c 6f 67 69 6e 5f 6c 69 73 74 22 29 2e 63 68 69 6c 64 4e 6f 64 65 73 2c 65 3d 30 3b 65 3c 74 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 6e 3d 74 5b 65 5d 3b 22 71 72 5f 61 72 65 61 22 21 3d 3d Data Ascii: ort.monitor(492804,.05)},0)},it=function it(){c.logger.log("removeAllChildrenExceptQRCode child length is=",(0,k["default"])("qlogin_list").childNodes.length);for(var t=(0,k["default"])("qlogin_list").childNodes,e=0;e<t.length;e++){var n=t[e];"qr_area"!==
2024-07-20 07:21:18 UTC	16384	IN	Data Raw: 6e 22 62 72 65 61 6b 22 3d 3d 3d 74 2e 74 79 70 65 7c 7c 22 63 6f 6e 74 69 6e 75 65 22 3d 3d 3d 74 2e 74 79 70 65 3f 74 68 69 73 2e 6e 65 78 74 3d 74 2e 61 72 67 3a 22 72 65 74 75 72 6e 22 3d 3d 3d 74 2e 74 79 70 65 3f 28 74 68 69 73 2e 72 76 61 6c 3d 74 68 69 73 2e 61 72 67 3d 74 2e 61 72 67 2c 74 68 69 73 2e 6d 65 74 68 6f 64 3d 22 72 65 74 75 72 6e 22 2c 74 68 69 73 2e 6e 65 78 74 3d 22 65 6e 64 22 29 3a 22 6e 6f 72 6d 61 6c 22 3d 3d 3d 74 2e 74 79 70 65 26 26 65 26 26 28 74 68 69 73 2e 6e 65 78 74 3d 65 29 2c 67 7d 2c 22 66 69 6e 69 73 68 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 74 68 69 73 2e 74 72 79 45 6e 74 72 69 65 73 2e 6c 65 6e 67 74 68 2d 31 3b 30 3c 3d 65 3b 2d 2d 65 29 7b 76 61 72 20 6e 3d 74 68 69 73 2e 74 72 Data Ascii: n"break"===t.type\|\|"continue"===t.type?this.next=t.arg:"return"===t.type?(this.rval=this.arg=t.arg,this.method="return",this.next="end"):"normal"===t.type&&e&&(this.next=e),g},"finish":function(t){for(var e=this.tryEntries.length-1;0<=e;--e){var n=this.tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49720	129.226.103.162	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:21 UTC	874	OUT	GET /style/0/images/load.gif HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ui.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:21 UTC	269	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:21 GMT Content-Type: image/gif Content-Length: 771 Connection: close Server: QZHTTP-2.38.41 Last-Modified: Tue, 18 Oct 2022 10:20:43 GMT Cache-Control: public; max-age=86400 Expires: Sun, 21 Jul 2024 07:21:21 GMT
2024-07-20 07:21:21 UTC	771	IN	Data Raw: 47 49 46 38 39 61 10 00 10 00 b3 0c 00 aa a8 a0 91 8e 86 9d 9b 93 b7 b5 ad 9d 9b 92 b7 b5 ac 90 8f 86 aa a8 9f c3 c1 b9 d0 ce c5 77 75 6c 84 82 79 ff ff ff 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 05 00 00 0c 00 2c 00 00 00 00 10 00 10 00 00 04 4f 90 c9 c9 8c a1 98 06 7b b3 14 04 b3 59 cc b2 60 02 18 92 a6 49 a5 44 38 b5 e7 2b 53 ee 04 00 de a4 28 8c 83 f0 d0 fb fd 86 44 8f 11 28 ec 49 7e 94 c2 20 93 48 60 0a d2 e9 a4 5a 8d 66 19 08 04 83 6b 8d 4e c3 e1 71 d9 83 16 3b 27 e9 4c 04 00 21 f9 04 05 00 00 0c 00 2c 00 00 00 00 10 00 10 00 00 04 4e 90 c9 c9 04 a1 98 0a 7b b3 04 40 c5 31 86 81 1d e8 51 5d 41 69 4e a9 3a b5 e5 29 53 f5 54 0c de b4 2c 8c c2 8e e7 f9 fd 84 03 62 c6 08 dc f5 24 3f 0a 02 91 51 28 30 Data Ascii: GIF89awuly!NETSCAPE2.0!,O{Y`ID8+S(D(I~ H`ZfkNq;'L!,N{@1Q]AiN:)ST,b$?Q(0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49721	203.205.136.80	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:21 UTC	573	OUT	GET /any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/20/images/shouQ_v2/qr_tips.png HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: qq-web-legacy.cdn-go.cn Connection: Keep-Alive
2024-07-20 07:21:21 UTC	588	IN	HTTP/1.1 404 Not Found Content-Type: application/xml Date: Sat, 20 Jul 2024 07:20:25 GMT Server: tencent-cos x-cos-request-id: NjY5YjY1MzlfOGI3OTQwYV81YjczXzg3N2U5MQ== x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWRlZDk5YzgyOTg0ZTg2ODA1ODFjOGY0MWFhYWFhOTdmZWZiMTE1MDY5YzA1ZGY5MzIyY2I1OTg3YjI4MDViMDI= Content-Length: 507 X-NWS-LOG-UUID: 898460393527192638 Connection: close X-Cache-Lookup: Cache Hit Access-Control-Allow-Origin: * Vary: User-Agent,Origin Cache-Control: max-age=666 Is-Immutable-In-The-Future: false
2024-07-20 07:21:21 UTC	507	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 75 74 66 2d 38 27 20 3f 3e 0a 3c 45 72 72 6f 72 3e 0a 09 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 0a 09 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 0a 09 3c 52 65 73 6f 75 72 63 65 3e 2f 71 71 2d 77 65 62 2d 6c 65 67 61 63 79 2f 61 6e 79 2e 70 74 6c 6f 67 69 6e 32 2e 71 71 2e 63 6f 6d 2f 76 31 2e 35 35 2e 30 2f 70 74 6c 6f 67 69 6e 2f 76 34 2f 73 74 79 6c 65 2f 32 30 2f 69 6d 61 67 65 73 2f 73 68 6f 75 51 5f 76 32 2f 71 72 5f 74 69 70 73 2e 70 6e 67 3c 2f 52 65 73 6f 75 72 63 65 3e 0a 09 3c 52 65 71 75 65 73 74 49 64 3e 4e 6a 59 35 Data Ascii: <?xml version='1.0' encoding='utf-8' ?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Resource>/qq-web-legacy/any.ptlogin2.qq.com/v1.55.0/ptlogin/v4/style/20/images/shouQ_v2/qr_tips.png</Resource><RequestId>NjY5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49725	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:21 UTC	982	OUT	GET /ptqrshow?appid=1006102&e=2&l=M&s=3&d=72&v=4&t=0.9210375481365429&daid=1&pt_3rd_aid=0&u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:22 UTC	465	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:21 GMT Content-Length: 444 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 P3P: CP=CAO PSA OUR Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000 Set-Cookie: qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52;Path=/;Domain=ptlogin2.qq.com;Secure;SameSite=None;
2024-07-20 07:21:22 UTC	444	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6f 00 00 00 6f 01 00 00 00 00 ca be a3 cd 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 01 6e 49 44 41 54 38 8d b5 d5 31 8e c3 20 10 05 d0 b1 5c d0 d9 17 40 e2 1a 74 5c c9 5c 00 9c 0b 38 57 a2 e3 1a 48 be 80 d3 51 a0 cc 7e 92 dd 95 b6 58 8f 8b dd 28 45 5e a4 84 e1 33 83 89 7f bc e8 0f d9 88 34 d9 36 d9 b2 10 45 89 91 75 50 3a d6 e2 b9 89 5c 94 59 5d 5f e4 91 f4 05 ea 99 0b 91 b9 46 73 e0 73 25 7f 81 91 cd aa 50 7f fb 2a f2 8c d8 af cf fd fd bd fd df 89 da 5b cc 8d 1c fe e4 1d ec 09 db 62 c7 cd 99 d5 36 5f 4b 94 18 88 0f c2 2a fb ad 1a 96 88 2d 3c b8 c7 4e 54 a2 40 5e dd 7e 10 3f 32 3f ad cc 0d 31 e6 7d 55 66 b3 4d 62 1b 72 f1 89 26 87 2d ef 2c 10 f5 13 29 bd 58 1d c8 48 6c 01 Data Ascii: PNGIHDRoopHYsnIDAT81 \@t\\8WHQ~X(E^346EuP:\Y]_Fss%P[b6_K-<NT@^~?2?1}UfMbr&-,)XHl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49724	43.135.106.65	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:21 UTC	650	OUT	GET /report/007?app=qfingerprint-device-id&url=device-id%2Funsupport&type=1&httpcode=undefined&retcode=9999&cost=10086 HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: report.qqweb.qq.com Connection: Keep-Alive Cookie: _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:21 UTC	264	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:21 GMT Content-Type: application/json; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: TSW/Node.js Server: TSW/1.4.3 Cache-Control: no-cache Mod-Map: report_007 Cache-Offline: false
2024-07-20 07:21:21 UTC	32	IN	Data Raw: 31 61 0d 0a 7b 22 63 6f 64 65 22 3a 30 2c 22 6d 73 67 22 3a 22 73 75 63 63 65 73 73 22 7d 0d 0a Data Ascii: 1a{"code":0,"msg":"success"}
2024-07-20 07:21:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49722	157.255.220.168	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:21 UTC	547	OUT	GET /TCaptcha.js HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.captcha.qq.com Connection: Keep-Alive Cookie: _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:21 UTC	249	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:21 GMT Content-Type: text/javascript Content-Length: 91558 Connection: close P3P: CP=CAO PSA OUR Server: Trpc httpd Server: tencent http server Accept-Ranges: bytes Cache-Control: max-age=600
2024-07-20 07:21:21 UTC	1156	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 28 72 29 7b 69 66 28 74 5b 72 5d 29 72 65 74 75 72 6e 20 74 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 6e 3d 74 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 5f 5f 65 73 4d 6f 64 75 6c 65 3a 20 75 6e 64 65 66 69 6e 65 64 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 2e 63 61 6c 6c 28 6e 2e 65 78 70 6f 72 74 73 2c 6e 2c 6e 2e 65 78 70 6f 72 74 73 2c 69 29 2c 6e 2e 6c 3d 21 30 2c 6e 2e 65 78 70 6f 72 74 73 7d 69 2e 6d 3d 65 2c 69 2e 63 3d 74 2c 69 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 69 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c Data Ascii: !function(e){var t={};function i(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{__esModule: undefined}};return e[r].call(n.exports,n,n.exports,i),n.l=!0,n.exports}i.m=e,i.c=t,i.d=function(e,t,r){i.o(e,t)\|\|Object.defineProperty(e,t,{enumerabl
2024-07-20 07:21:21 UTC	4096	IN	Data Raw: 64 26 26 28 72 3d 69 29 2c 65 5b 72 5d 3d 74 5b 69 5d 7d 29 2c 6e 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 65 78 70 6f 72 74 53 74 61 72 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 69 20 69 6e 20 65 29 22 64 65 66 61 75 6c 74 22 3d 3d 3d 69 7c 7c 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 74 2c 69 29 7c 7c 72 28 74 2c 65 2c 69 29 7d 3b 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3d 21 30 2c 6e 28 69 28 31 29 2c 74 29 2c 6e 28 69 28 34 29 2c 74 29 2c 6e 28 69 28 33 29 2c 74 29 2c 6e 28 69 28 31 33 29 2c 74 29 2c 6e 28 69 28 31 34 29 2c 74 29 2c 6e 28 69 28 31 35 29 2c 74 29 2c 6e 28 69 28 32 29 2c 74 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 69 29 7b 22 75 73 65 Data Ascii: d&&(r=i),e[r]=t[i]}),n=this&&this.__exportStar\|\|function(e,t){for(var i in e)"default"===i\|\|Object.prototype.hasOwnProperty.call(t,i)\|\|r(t,e,i)};t.__esModule=!0,n(i(1),t),n(i(4),t),n(i(3),t),n(i(13),t),n(i(14),t),n(i(15),t),n(i(2),t)},function(e,t,i){"use
2024-07-20 07:21:21 UTC	4096	IN	Data Raw: 6e 22 2c 22 74 72 75 65 22 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 2c 75 6e 68 69 64 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 61 72 69 61 2d 68 69 64 64 65 6e 22 2c 22 66 61 6c 73 65 22 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 7d 2c 74 2e 73 65 74 56 6f 69 63 65 4f 76 65 72 46 6f 63 75 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65 78 22 2c 22 30 22 29 2c 65 2e 62 6c 75 72 28 29 3b 76 61 72 20 74 3d 30 2c 69 3d 77 69 6e 64 6f 77 2e 73 65 74 49 6e 74 65 72 76 61 6c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 66 6f 63 75 73 28 29 2c 28 74 2b 3d 31 29 3e 3d 31 30 26 26 77 69 6e 64 6f 77 2e 63 6c 65 61 72 49 Data Ascii: n","true")}catch(e){}},unhide:function(){try{document.body.setAttribute("aria-hidden","false")}catch(e){}}},t.setVoiceOverFocus=function(e){e.setAttribute("tabindex","0"),e.blur();var t=0,i=window.setInterval(function(){e.focus(),(t+=1)>=10&&window.clearI
2024-07-20 07:21:21 UTC	1776	IN	Data Raw: 6f 72 2e 75 73 65 72 41 67 65 6e 74 3b 69 66 28 65 2e 6d 61 74 63 68 28 2f 61 6e 64 72 6f 69 64 2f 69 29 29 7b 76 61 72 20 74 3d 65 2e 6d 61 74 63 68 28 2f 51 51 5c 2f 28 5c 64 2b 5c 2e 5c 64 2b 5c 2e 5c 64 2b 29 2f 29 3b 69 66 28 74 26 26 32 3d 3d 3d 74 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 69 3d 74 5b 31 5d 2c 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 69 29 7b 72 65 74 75 72 6e 20 65 5b 69 5d 7c 7c 74 5b 69 5d 3f 65 5b 69 5d 3d 3d 3d 74 5b 69 5d 3f 72 28 65 2c 74 2c 69 2b 31 29 3a 4e 75 6d 62 65 72 28 65 5b 69 5d 29 2d 4e 75 6d 62 65 72 28 74 5b 69 5d 29 3a 30 7d 3b 69 66 28 72 28 69 2e 73 70 6c 69 74 28 22 2e 22 29 2c 22 38 2e 39 2e 32 38 22 2e 73 70 6c 69 74 28 22 2e 22 29 2c 30 29 3c 3d 30 29 72 65 74 75 72 6e 21 30 7d 7d 72 65 74 75 72 6e 21 31 Data Ascii: or.userAgent;if(e.match(/android/i)){var t=e.match(/QQ\/(\d+\.\d+\.\d+)/);if(t&&2===t.length){var i=t[1],r=function(e,t,i){return e[i]\|\|t[i]?e[i]===t[i]?r(e,t,i+1):Number(e[i])-Number(t[i]):0};if(r(i.split("."),"8.9.28".split("."),0)<=0)return!0}}return!1
2024-07-20 07:21:21 UTC	2848	IN	Data Raw: 6e 63 74 69 6f 6e 28 74 29 7b 65 2e 65 78 70 6f 72 74 73 3d 74 7d 29 2e 63 61 6c 6c 28 74 68 69 73 2c 7b 7d 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 69 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 6e 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2c 61 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 2c 6f 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 3f 41 72 72 61 79 2e 69 73 41 72 Data Ascii: nction(t){e.exports=t}).call(this,{})},function(e,t,i){"use strict";var r=Object.prototype.hasOwnProperty,n=Object.prototype.toString,a=Object.defineProperty,o=Object.getOwnPropertyDescriptor,s=function(e){return"function"==typeof Array.isArray?Array.isAr
2024-07-20 07:21:22 UTC	1424	IN	Data Raw: 2c 6e 29 26 26 28 65 5b 6e 5d 3d 74 5b 6e 5d 29 3b 72 65 74 75 72 6e 20 65 7d 29 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7d 3b 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3d 21 30 2c 74 2e 69 73 49 6f 73 3d 74 2e 67 65 74 49 45 56 65 72 73 69 6f 6e 3d 74 2e 69 73 4c 6f 77 49 45 3d 74 2e 68 65 78 54 6f 52 67 62 3d 74 2e 73 65 74 49 6d 61 67 65 55 72 6c 3d 74 2e 67 65 74 53 70 72 69 74 65 45 6c 3d 74 2e 73 65 74 53 70 72 69 74 65 55 72 6c 3d 74 2e 67 65 74 53 70 72 69 74 65 53 74 79 6c 65 53 74 72 3d 74 2e 67 65 74 53 70 72 69 74 65 53 74 79 6c 65 3d 76 6f 69 64 20 30 3b 76 61 72 20 6e 3d 69 28 31 29 3b 66 75 6e 63 74 69 6f 6e 20 61 28 65 2c 74 29 7b 76 61 72 20 69 3d 65 2e 73 69 7a 65 5f 32 64 2c 72 3d 65 2e 73 70 72 69 74 65 5f 70 6f 73 Data Ascii: ,n)&&(e[n]=t[n]);return e}).apply(this,arguments)};t.__esModule=!0,t.isIos=t.getIEVersion=t.isLowIE=t.hexToRgb=t.setImageUrl=t.getSpriteEl=t.setSpriteUrl=t.getSpriteStyleStr=t.getSpriteStyle=void 0;var n=i(1);function a(e,t){var i=e.size_2d,r=e.sprite_pos
2024-07-20 07:21:22 UTC	2848	IN	Data Raw: 73 65 74 43 73 73 28 6c 2c 7b 7a 49 6e 64 65 78 3a 22 22 2b 63 7d 29 2c 6c 7d 74 2e 67 65 74 53 70 72 69 74 65 53 74 79 6c 65 3d 61 2c 74 2e 67 65 74 53 70 72 69 74 65 53 74 79 6c 65 53 74 72 3d 6f 2c 74 2e 73 65 74 53 70 72 69 74 65 55 72 6c 3d 73 2c 74 2e 67 65 74 53 70 72 69 74 65 45 6c 3d 73 2c 74 2e 73 65 74 49 6d 61 67 65 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 69 2c 72 29 7b 24 28 65 29 2e 63 68 69 6c 64 72 65 6e 28 29 2e 72 65 6d 6f 76 65 28 29 3b 76 61 72 20 61 3d 6e 2e 73 75 70 70 6f 72 74 73 43 53 53 28 22 62 61 63 6b 67 72 6f 75 6e 64 53 69 7a 65 22 2c 22 31 30 70 78 20 31 30 70 78 22 29 2c 6f 3d 22 22 2b 77 69 6e 64 6f 77 2e 54 43 61 70 74 63 68 61 41 70 69 44 6f 6d 61 69 6e 2b 69 3b 69 66 28 2d 31 21 3d 3d 69 2e 69 6e 64 65 78 4f Data Ascii: setCss(l,{zIndex:""+c}),l}t.getSpriteStyle=a,t.getSpriteStyleStr=o,t.setSpriteUrl=s,t.getSpriteEl=s,t.setImageUrl=function(e,t,i,r){$(e).children().remove();var a=n.supportsCSS("backgroundSize","10px 10px"),o=""+window.TCaptchaApiDomain+i;if(-1!==i.indexO
2024-07-20 07:21:22 UTC	4096	IN	Data Raw: 2d 66 65 65 64 62 61 63 6b 22 2c 22 61 72 69 61 2d 72 65 66 72 65 73 68 22 2c 22 6e 6f 74 65 2d 69 6d 67 2d 6c 6f 61 64 2d 66 61 69 6c 65 64 22 2c 22 6e 6f 74 65 2d 76 65 72 69 66 79 2d 73 75 63 63 65 73 73 22 2c 22 6e 6f 74 65 2d 76 65 72 69 66 79 2d 74 69 6d 65 6f 75 74 22 2c 22 6e 6f 74 65 2d 76 65 72 69 66 79 2d 66 61 69 6c 65 64 22 2c 22 6e 6f 74 65 2d 76 65 72 69 66 79 2d 65 72 72 6f 72 22 2c 22 6e 6f 74 65 2d 76 65 72 69 66 79 2d 66 61 69 6c 65 64 2d 6d 61 78 22 2c 22 6e 6f 74 65 2d 76 65 72 69 66 79 2d 64 65 66 61 75 6c 74 22 2c 22 6e 6f 74 65 2d 61 70 70 69 64 2d 72 65 67 69 6f 6e 2d 77 72 6f 6e 67 22 5d 3b 76 61 72 20 72 3d 7b 22 7a 68 2d 63 6e 22 3a 5b 22 5c 75 35 62 38 39 5c 75 35 31 36 38 5c 75 39 61 38 63 5c 75 38 62 63 31 22 2c 22 5c 75 38 Data Ascii: -feedback","aria-refresh","note-img-load-failed","note-verify-success","note-verify-timeout","note-verify-failed","note-verify-error","note-verify-failed-max","note-verify-default","note-appid-region-wrong"];var r={"zh-cn":["\u5b89\u5168\u9a8c\u8bc1","\u8
2024-07-20 07:21:22 UTC	4096	IN	Data Raw: 62 22 2c 22 5c 75 33 30 62 37 5c 75 33 30 66 33 5c 75 33 30 64 37 5c 75 33 30 65 62 5c 75 33 30 65 32 5c 75 33 30 66 63 5c 75 33 30 63 39 5c 75 33 30 36 62 5c 75 35 32 30 37 5c 75 33 30 38 61 5c 75 36 36 66 66 5c 75 33 30 34 38 5c 75 33 30 37 65 5c 75 33 30 35 39 22 2c 22 5c 75 33 30 64 35 5c 75 33 30 61 33 5c 75 33 30 66 63 5c 75 33 30 63 39 5c 75 33 30 64 30 5c 75 33 30 63 33 5c 75 33 30 61 66 22 2c 22 5c 75 35 31 38 64 5c 75 38 61 61 64 5c 75 33 30 37 66 5c 75 38 66 62 63 5c 75 33 30 37 66 22 2c 22 5c 75 37 35 33 62 5c 75 35 30 63 66 5c 75 33 30 36 65 5c 75 38 61 61 64 5c 75 33 30 37 66 5c 75 38 66 62 63 5c 75 33 30 37 66 5c 75 33 30 36 62 5c 75 35 39 33 31 5c 75 36 35 35 37 5c 75 33 30 35 37 5c 75 33 30 37 65 5c 75 33 30 35 37 5c 75 33 30 35 66 5c 75 Data Ascii: b","\u30b7\u30f3\u30d7\u30eb\u30e2\u30fc\u30c9\u306b\u5207\u308a\u66ff\u3048\u307e\u3059","\u30d5\u30a3\u30fc\u30c9\u30d0\u30c3\u30af","\u518d\u8aad\u307f\u8fbc\u307f","\u753b\u50cf\u306e\u8aad\u307f\u8fbc\u307f\u306b\u5931\u6557\u3057\u307e\u3057\u305f\u
2024-07-20 07:21:22 UTC	352	IN	Data Raw: 22 2c 22 5c 75 30 36 33 31 5c 75 30 36 32 63 5c 75 30 36 34 38 5c 75 30 36 33 39 22 2c 22 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 34 38 5c 75 30 36 33 36 5c 75 30 36 33 39 20 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 32 38 5c 75 30 36 33 33 5c 75 30 36 34 61 5c 75 30 36 33 37 22 2c 22 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 34 38 5c 75 30 36 33 36 5c 75 30 36 33 39 20 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 34 32 5c 75 30 36 34 61 5c 75 30 36 32 37 5c 75 30 36 33 33 5c 75 30 36 34 61 22 2c 22 5c 75 30 36 32 64 5c 75 30 36 33 33 5c 75 30 36 34 36 5c 75 30 36 34 62 5c 75 30 36 32 37 22 2c 22 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 36 34 38 5c 75 30 36 33 36 5c 75 30 36 33 39 20 5c 75 30 36 32 37 5c 75 30 36 34 34 5c 75 30 Data Ascii: ","\u0631\u062c\u0648\u0639","\u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0628\u0633\u064a\u0637","\u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0642\u064a\u0627\u0633\u064a","\u062d\u0633\u0646\u064b\u0627","\u0627\u0644\u0648\u0636\u0639 \u0627\u0644\u0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49727	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:22 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=CfV8weymZlKYm7u&MD=wmB1VrEy HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-07-20 07:21:22 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: c95b5313-0d63-4caf-b274-250cc2a632c2 MS-RequestId: a86a609b-ef8c-4c1d-84c8-2dceb1f755ee MS-CV: 0YBIDv843UiJfqBC.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 20 Jul 2024 07:21:22 GMT Connection: close Content-Length: 24490
2024-07-20 07:21:22 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-07-20 07:21:22 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49741	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:26 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460084247&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:26 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:26 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:26 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49745	129.226.103.162	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:27 UTC	997	OUT	GET /js/c_login_2.js?v=v1.55.0 HTTP/1.1 Accept: / Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: xui.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:27 UTC	287	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:27 GMT Content-Type: application/x-javascript Content-Length: 217912 Connection: close Server: QZHTTP-2.38.41 Last-Modified: Wed, 17 Jul 2024 06:41:10 GMT Cache-Control: public; max-age=86400 Expires: Sun, 21 Jul 2024 07:21:27 GMT
2024-07-20 07:21:27 UTC	1117	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 6f 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 69 66 28 6f 5b 74 5d 29 72 65 74 75 72 6e 20 6f 5b 74 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 65 3d 6f 5b 74 5d 3d 7b 22 69 22 3a 74 2c 22 6c 22 3a 21 31 2c 22 65 78 70 6f 72 74 73 22 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 6e 5b 74 5d 2e 63 61 6c 6c 28 65 2e 65 78 70 6f 72 74 73 2c 65 2c 65 2e 65 78 70 6f 72 74 73 2c 69 29 2c 65 2e 6c 3d 21 30 2c 65 2e 65 78 70 6f 72 74 73 7d 69 2e 6d 3d 6e 2c 69 2e 63 3d 6f 2c 69 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 69 2e 6f 28 74 2c 65 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 65 2c 7b 22 65 6e 75 6d 65 72 61 62 6c 65 22 3a 21 30 2c 22 67 65 74 22 3a 6e 7d Data Ascii: !function(n){var o={};function i(t){if(o[t])return o[t].exports;var e=o[t]={"i":t,"l":!1,"exports":{}};return n[t].call(e.exports,e,e.exports,i),e.l=!0,e.exports}i.m=n,i.c=o,i.d=function(t,e,n){i.o(t,e)\|\|Object.defineProperty(t,e,{"enumerable":!0,"get":n}
2024-07-20 07:21:27 UTC	4096	IN	Data Raw: 65 5f 5f 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 22 76 61 6c 75 65 22 3a 21 30 7d 29 2c 65 78 70 6f 72 74 73 5b 22 64 65 66 61 75 6c 74 22 5d 3d 76 6f 69 64 20 30 2c 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 7c 7c 28 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 3d 7b 22 6c 6f 67 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 22 77 61 72 6e 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 22 65 72 72 6f 72 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 7d 29 3b 76 61 72 20 24 3d 66 75 6e 63 74 69 6f 6e 20 24 28 74 29 7b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 3f 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c Data Ascii: e__){"use strict";Object.defineProperty(exports,"__esModule",{"value":!0}),exports["default"]=void 0,window.console\|\|(window.console={"log":function(){},"warn":function(){},"error":function(){}});var $=function $(t){return"string"==typeof t?document.getEl
2024-07-20 07:21:27 UTC	2924	IN	Data Raw: 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 65 29 3a 74 26 26 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 29 2c 77 69 6e 64 6f 77 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 74 68 69 73 2e 72 65 63 65 69 76 65 4d 65 73 73 61 67 65 46 72 6f 6d 49 66 72 61 6d 65 50 61 67 65 2c 21 31 29 7d 7d 7d 2c 24 2e 75 72 6c 3d 7b 22 67 65 74 50 61 72 61 6d 22 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 65 3d 65 7c 7c 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3b 74 3d 6e 65 77 20 52 65 67 45 78 70 28 22 28 5c 5c 3f 7c 23 7c 26 29 22 2b 74 2b 22 3d 28 2e 2a 3f 29 28 26 7c 23 7c 24 29 22 29 2c 74 3d 65 2e 6d 61 74 63 68 28 74 29 3b 72 65 74 75 72 6e Data Ascii: ent.body.removeChild(e):t&&document.body.removeChild(t),window.removeEventListener("message",this.receiveMessageFromIframePage,!1)}}},$.url={"getParam":function(t,e){e=e\|\|window.location.href;t=new RegExp("(\\?\|#\|&)"+t+"=(.*?)(&\|#\|$)"),t=e.match(t);return
2024-07-20 07:21:27 UTC	1404	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 65 76 65 6e 74 2e 63 61 6e 63 65 6c 42 75 62 62 6c 65 3d 21 30 7d 2c 22 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 65 76 65 6e 74 2e 72 65 74 75 72 6e 56 61 6c 75 65 3d 21 31 7d 7d 3b 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 6c 6c 3f 6e 2e 63 61 6c 6c 28 65 2c 74 29 3a 28 65 2e 5f 63 75 72 72 65 6e 74 48 61 6e 64 6c 65 72 3d 6e 2c 65 2e 5f 63 75 72 72 65 6e 74 48 61 6e 64 6c 65 72 28 74 29 2c 65 2e 5f 63 75 72 72 65 6e 74 48 61 6e 64 6c 65 72 3d 6e 75 6c 6c 29 7d 2c 65 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 74 2c 6f 29 2c 69 3d 7b 22 65 6c 65 6d 65 6e 74 22 3a 65 2c 22 65 76 65 6e 74 54 79 70 65 22 3a 74 2c 22 68 Data Ascii: function(){this._event.cancelBubble=!0},"preventDefault":function(){this._event.returnValue=!1}};Function.prototype.call?n.call(e,t):(e._currentHandler=n,e._currentHandler(t),e._currentHandler=null)},e.attachEvent("on"+t,o),i={"element":e,"eventType":t,"h
2024-07-20 07:21:27 UTC	2808	IN	Data Raw: 72 74 2c 62 6c 75 72 2c 63 68 61 6e 67 65 2c 65 72 72 6f 72 2c 66 6f 63 75 73 2c 6c 6f 61 64 2c 72 65 73 65 74 2c 72 65 73 69 7a 65 2c 73 63 72 6f 6c 6c 2c 73 65 6c 65 63 74 2c 73 75 62 6d 69 74 2c 75 6e 6c 6f 61 64 22 2c 22 55 49 45 65 76 65 6e 74 73 22 3a 22 6b 65 79 64 6f 77 6e 2c 6b 65 79 70 72 65 73 73 2c 6b 65 79 75 70 22 2c 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 3a 22 63 6c 69 63 6b 2c 6d 6f 75 73 65 64 6f 77 6e 2c 6d 6f 75 73 65 6d 6f 76 65 2c 6d 6f 75 73 65 6f 75 74 2c 6d 6f 75 73 65 6f 76 65 72 2c 6d 6f 75 73 65 75 70 22 7d 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 29 7b 76 61 72 20 6f 2c 69 3d 22 22 3b 66 6f 72 28 6f 20 69 6e 22 6d 6f 75 73 65 6c 65 61 76 65 22 3d 3d 65 26 26 28 65 3d 22 6d 6f 75 73 65 6f 75 74 22 Data Ascii: rt,blur,change,error,focus,load,reset,resize,scroll,select,submit,unload","UIEevents":"keydown,keypress,keyup","MouseEvents":"click,mousedown,mousemove,mouseout,mouseover,mouseup"};if(document.createEvent){var o,i="";for(o in"mouseleave"==e&&(e="mouseout"
2024-07-20 07:21:27 UTC	1404	IN	Data Raw: 74 68 3b 69 2b 3d 32 29 61 72 72 2e 70 75 73 68 28 65 76 61 6c 28 22 27 5c 5c 78 22 2b 73 74 72 2e 63 68 61 72 41 74 28 69 29 2b 73 74 72 2e 63 68 61 72 41 74 28 69 2b 31 29 2b 22 27 22 29 29 3b 72 65 74 75 72 6e 20 61 72 72 2e 6a 6f 69 6e 28 22 22 29 7d 2c 22 75 74 66 38 54 6f 55 69 6e 63 6f 64 65 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 22 3b 74 72 79 7b 76 61 72 20 6e 3d 74 2e 6c 65 6e 67 74 68 2c 6f 3d 5b 5d 3b 66 6f 72 28 69 3d 30 3b 69 3c 6e 3b 69 2b 3d 32 29 6f 2e 70 75 73 68 28 22 25 22 2b 74 2e 73 75 62 73 74 72 28 69 2c 32 29 29 3b 65 3d 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6f 2e 6a 6f 69 6e 28 22 22 29 29 2c 65 3d 24 2e 73 74 72 2e 64 65 63 6f 64 65 48 74 6d 6c 28 65 29 7d 63 61 74 63 68 28 72 29 7b 65 Data Ascii: th;i+=2)arr.push(eval("'\\x"+str.charAt(i)+str.charAt(i+1)+"'"));return arr.join("")},"utf8ToUincode":function(t){var e="";try{var n=t.length,o=[];for(i=0;i<n;i+=2)o.push("%"+t.substr(i,2));e=decodeURIComponent(o.join("")),e=$.str.decodeHtml(e)}catch(r){e
2024-07-20 07:21:27 UTC	4096	IN	Data Raw: 4f 66 66 73 65 74 50 6f 73 69 74 69 6f 6e 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 3d 24 28 74 29 3b 76 61 72 20 65 3d 30 2c 6e 3d 30 3b 69 66 28 47 63 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 26 26 74 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 29 76 61 72 20 6f 3d 74 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2c 69 3d 47 63 2e 63 6c 69 65 6e 74 54 6f 70 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 69 65 6e 74 54 6f 70 7c 7c 30 2c 72 3d 47 63 2e 63 6c 69 65 6e 74 4c 65 66 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 69 65 6e 74 4c 65 66 74 7c 7c 30 2c 65 3d 6f 2e 74 6f 70 2b 74 68 69 73 2e 67 65 74 50 61 67 65 53 63 72 6f 6c 6c 54 6f 70 28 29 2d 69 2c 6e Data Ascii: OffsetPosition":function(t){t=$(t);var e=0,n=0;if(Gc.getBoundingClientRect&&t.getBoundingClientRect)var o=t.getBoundingClientRect(),i=Gc.clientTop\|\|document.body.clientTop\|\|0,r=Gc.clientLeft\|\|document.body.clientLeft\|\|0,e=o.top+this.getPageScrollTop()-i,n
2024-07-20 07:21:27 UTC	116	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 68 74 74 70 73 3a 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 7d 2c 22 69 73 53 73 6c 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 3b 72 65 74 75 72 6e 2f 5e 73 73 6c 2e 2f Data Ascii: function(){return"https:"==document.location.protocol},"isSsl":function(){var t=document.location.host;return/^ssl./
2024-07-20 07:21:27 UTC	2808	IN	Data Raw: 69 2e 74 65 73 74 28 74 29 7d 2c 22 69 73 49 70 61 64 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 2f 69 70 61 64 2f 69 2e 74 65 73 74 28 74 29 7d 2c 22 69 73 51 51 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 2f 5e 5b 31 2d 39 5d 7b 31 7d 5c 64 7b 34 2c 39 7d 24 2f 2e 74 65 73 74 28 74 29 7d 2c 22 69 73 51 51 4d 61 69 6c 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 2f 5e 5b 31 2d 39 5d 7b 31 7d 5c 64 7b 34 2c 39 7d 40 71 71 5c 2e 63 6f 6d 24 2f 2e 74 65 73 74 28 74 29 7d 2c 22 69 73 4e 75 6c 6c 51 51 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 2f 5e 5c 64 7b 31 2c 34 7d 24 2f 2e Data Ascii: i.test(t)},"isIpad":function(){var t=navigator.userAgent.toLowerCase();return/ipad/i.test(t)},"isQQ":function(t){return/^[1-9]{1}\d{4,9}$/.test(t)},"isQQMail":function(t){return/^[1-9]{1}\d{4,9}@qq\.com$/.test(t)},"isNullQQ":function(t){return/^\d{1,4}$/.
2024-07-20 07:21:27 UTC	1404	IN	Data Raw: 6a 65 63 74 26 26 24 2e 72 65 70 6f 72 74 2e 6e 6c 6f 67 28 22 61 63 74 69 76 65 6f 62 6a 65 63 74 20 e5 88 a4 e6 96 ad e6 9c 89 e9 97 ae e9 a2 98 22 29 29 3a 74 3d 21 31 7d 63 61 74 63 68 28 65 29 7b 74 3d 21 31 7d 72 65 74 75 72 6e 20 74 7d 2c 24 2e 67 65 74 4c 6f 67 69 6e 51 51 4e 75 6d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 74 3d 30 3b 69 66 28 24 2e 73 75 70 6f 72 74 41 63 74 69 76 65 28 29 29 7b 24 2e 70 6c 75 67 69 6e 5f 69 73 64 5f 66 6c 61 67 3d 22 66 6c 61 67 31 3d 37 38 30 38 26 66 6c 61 67 32 3d 31 26 66 6c 61 67 33 3d 32 30 22 2c 24 2e 72 65 70 6f 72 74 2e 73 65 74 42 61 73 65 50 6f 69 6e 74 28 24 2e 70 6c 75 67 69 6e 5f 69 73 64 5f 66 6c 61 67 2c 6e 65 77 20 44 61 74 65 29 3b 76 61 72 20 65 3d 6e 65 77 20 41 63 74 69 76 Data Ascii: ject&&$.report.nlog("activeobject ")):t=!1}catch(e){t=!1}return t},$.getLoginQQNum=function(){try{var t=0;if($.suportActive()){$.plugin_isd_flag="flag1=7808&flag2=1&flag3=20",$.report.setBasePoint($.plugin_isd_flag,new Date);var e=new Activ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49744	129.226.107.134	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:27 UTC	699	OUT	GET /p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102 HTTP/1.1 Host: txz.qq.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:27 UTC	189	IN	HTTP/1.1 302 Moved Temporarily Server: stgw Date: Sat, 20 Jul 2024 07:21:27 GMT Content-Type: text/html Content-Length: 137 Connection: close Location: https://im.qq.com/mobileqq/
2024-07-20 07:21:27 UTC	137	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49748	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:28 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460087248&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:29 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:29 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:29 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49749	43.129.115.202	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:29 UTC	661	OUT	GET /mobileqq/ HTTP/1.1 Host: im.qq.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:29 UTC	393	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:29 GMT Content-Type: text/html Content-Length: 4387 Connection: close Set-Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac; Expires=Sat, 20-Jul-2024 07:51:29 GMT; Path=/ Vary: Accept-Encoding Last-Modified: Mon, 15 Jul 2024 09:27:35 GMT ETag: "6694eb87-1123" Cache-Control: max-age=600 Accept-Ranges: bytes Server: TAPISIX/2.2.2
2024-07-20 07:21:29 UTC	1132	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 43 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 54 65 6e 63 65 6e 74 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 51 51 32 30 32 33 e6 96 b0 e7 89 88 2c 51 51 32 30 32 33 e5 ae 98 e6 96 b9 e4 b8 8b e8 bd bd 2c 51 51 32 34 e5 91 a8 e5 b9 b4 2c 51 51 39 e9 a2 84 e7 ba a6 2c e6 89 8b e6 9c ba 51 51 e5 ae 98 e6 96 b9 e6 9c 80 Data Ascii: <!doctype html><html lang=""><head><meta charset="utf-8"/><meta name="Copyright" content="Tencent"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><meta name="keywords" content="QQ2023,QQ2023,QQ24,QQ9,QQ
2024-07-20 07:21:29 UTC	3255	IN	Data Raw: 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 78 35 2d 70 61 67 65 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 70 74 70 61 67 65 22 2f 3e 3c 74 69 74 6c 65 3e 51 51 2d e8 bd bb e6 9d be e5 81 9a e8 87 aa e5 b7 b1 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 48 61 6e 64 68 65 6c 64 46 Data Ascii: dth=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no,viewport-fit=cover"/><meta name="x5-pagetype" content="optpage"/><title>QQ-</title><meta name="format-detection" content="telephone=no"/><meta name="HandheldF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49759	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:31 UTC	574	OUT	GET /im.qq.com_new/f2ff7664/css/other-chunk.08167b84.css HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:32 UTC	823	IN	HTTP/1.1 200 OK Etag: "031d4f327f45d359fc22dd29a007f8f2" Content-Type: text/css Date: Fri, 19 Jul 2024 13:44:18 GMT Server: tencent-cos x-cos-hash-crc64ecma: 5141950028304292549 x-cos-request-id: NjY5YTZkYjJfOGRjZjNiMGJfMTNkMWJfZDI1YTVh x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjMwMzgwNTE5NzMwNzU X-Cache-Lookup: Cache Hit X-Cache-Lookup: Hit From Inner Cluster x-sername: cdn-go.cn Access-Control-Allow-Origin: * X-Cache-Lookup: Cache Miss X-Cache-Lookup: Hit From Inner Cluster Last-Modified: Mon, 15 Jul 2024 09:27:37 GMT Content-Length: 14224 Accept-Ranges: bytes X-NWS-LOG-UUID: 3299643179218473525 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:32 UTC	4096	IN	Data Raw: 2e 71 2d 73 68 61 72 65 2d 70 69 63 74 75 72 65 7b 63 6f 6c 6f 72 3a 23 36 36 36 7d 2e 71 2d 73 68 61 72 65 2d 70 69 63 74 75 72 65 5f 5f 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 32 35 33 70 78 7d 2e 71 2d 73 68 61 72 65 2d 70 69 63 74 75 72 65 5f 5f 70 61 6e 65 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 62 67 5f 74 6f 70 5f 6c 69 67 68 74 2c 23 66 66 66 29 7d 2e 71 2d 73 68 61 72 65 2d 70 69 63 74 75 72 65 5f 5f 74 69 74 6c 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 31 36 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 Data Ascii: .q-share-picture{color:#666}.q-share-picture__img{position:absolute;width:253px}.q-share-picture__panel{background-color:var(--bg_top_light,#fff)}.q-share-picture__title{display:flex;justify-content:space-between;align-items:center;padding:16px;padding-ri
2024-07-20 07:21:33 UTC	2896	IN	Data Raw: 6e 65 2d 68 65 69 67 68 74 3a 32 32 70 78 3b 6d 61 78 2d 77 69 64 74 68 3a 38 30 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 7d 2e 71 2d 74 6f 61 73 74 5f 5f 61 63 74 69 6f 6e 2d 74 69 70 2e 63 6c 69 63 6b 61 62 6c 65 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 36 70 78 7d 2e 71 2d 74 6f 61 73 74 2e 63 6c 69 63 6b 61 62 6c 65 7b 74 6f 70 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 32 70 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 62 6f 74 74 6f 6d 3a 63 6f 6e 73 74 61 6e 74 28 73 61 66 65 2d 61 72 65 Data Ascii: ne-height:22px;max-width:80px;margin-left:auto;overflow:hidden;white-space:nowrap;text-overflow:ellipsis}.q-toast__action-tip.clickable{margin-left:16px}.q-toast.clickable{top:unset;margin-bottom:12px;justify-content:space-between;bottom:constant(safe-are
2024-07-20 07:21:33 UTC	7232	IN	Data Raw: 32 64 3b 2d 2d 6f 72 61 6e 67 65 2d 39 3a 23 39 31 35 30 32 34 3b 2d 2d 6f 72 61 6e 67 65 2d 31 30 3a 23 37 33 33 66 31 64 3b 2d 2d 79 65 6c 6c 6f 77 2d 31 3a 23 66 66 66 37 65 36 3b 2d 2d 79 65 6c 6c 6f 77 2d 32 3a 23 66 66 65 64 63 32 3b 2d 2d 79 65 6c 6c 6f 77 2d 33 3a 23 66 66 64 65 39 31 3b 2d 2d 79 65 6c 6c 6f 77 2d 34 3a 23 66 66 63 66 35 65 3b 2d 2d 79 65 6c 6c 6f 77 2d 35 3a 23 66 66 63 31 32 65 3b 2d 2d 79 65 6c 6c 6f 77 2d 36 3a 23 66 66 62 33 30 30 3b 2d 2d 79 65 6c 6c 6f 77 2d 37 3a 23 64 39 39 38 30 30 3b 2d 2d 79 65 6c 6c 6f 77 2d 38 3a 23 62 35 37 66 30 30 3b 2d 2d 79 65 6c 6c 6f 77 2d 39 3a 23 39 31 36 36 30 30 3b 2d 2d 79 65 6c 6c 6f 77 2d 31 30 3a 23 37 33 35 31 30 30 7d 2e 64 61 72 6b 2c 2e 64 65 66 61 75 6c 74 2d 64 61 72 6b 2c 2e 73 Data Ascii: 2d;--orange-9:#915024;--orange-10:#733f1d;--yellow-1:#fff7e6;--yellow-2:#ffedc2;--yellow-3:#ffde91;--yellow-4:#ffcf5e;--yellow-5:#ffc12e;--yellow-6:#ffb300;--yellow-7:#d99800;--yellow-8:#b57f00;--yellow-9:#916600;--yellow-10:#735100}.dark,.default-dark,.s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49756	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:31 UTC	576	OUT	GET /im.qq.com_new/f2ff7664/css/chunk-vendors.120b3a4b.css HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:31 UTC	754	IN	HTTP/1.1 200 OK Etag: "c9c32c67140933f154457f782efe24c6" Content-Type: text/css Date: Wed, 10 Jul 2024 10:40:58 GMT Server: tencent-cos x-cos-hash-crc64ecma: 5234318059817338875 x-cos-request-id: NjY4ZTY1M2FfNWJjOTQwYV8xM2ZiMF8yZDI2Ng== x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjM0Nzc0NjAyODc4Mjk x-sername: cdn-go.cn Access-Control-Allow-Origin: * X-Cache-Lookup: Cache Hit X-Cache-Lookup: Hit From Inner Cluster Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Content-Length: 884 Accept-Ranges: bytes X-NWS-LOG-UUID: 10263557695410470353 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:31 UTC	884	IN	Data Raw: 61 2c 61 64 64 72 65 73 73 2c 62 2c 62 6c 6f 63 6b 71 75 6f 74 65 2c 62 6f 64 79 2c 64 69 76 2c 65 6d 2c 66 69 65 6c 64 73 65 74 2c 66 6f 72 6d 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 68 74 6d 6c 2c 69 2c 69 66 72 61 6d 65 2c 69 6d 67 2c 6c 61 62 65 6c 2c 6c 65 67 65 6e 64 2c 6c 69 2c 6f 6c 2c 70 2c 73 2c 73 70 61 6e 2c 74 61 62 6c 65 2c 74 62 6f 64 79 2c 74 64 2c 74 66 6f 6f 74 2c 74 68 2c 74 68 65 61 64 2c 74 72 2c 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 Data Ascii: a,address,b,blockquote,body,div,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,label,legend,li,ol,p,s,span,table,tbody,td,tfoot,th,thead,tr,ul{margin:0;padding:0;border:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:-apple-syste

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49753	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:31 UTC	580	OUT	GET /im.qq.com_new/f2ff7664/js/vue-chunk.bc9c2585.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://im.qq.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:32 UTC	1054	IN	HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 20 Jul 2024 07:21:32 GMT ETag: "4f1a32738e3ba3090ba80ef6787116f4" Server: tencent-cos x-cos-hash-crc64ecma: 15297443766163540877 x-cos-request-id: NjY5YjY1N2NfMTI1NGMyMWVfZGFkYl84ODM1Yzk= x-cos-storage-class: MAZ_STANDARD x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4MzZkMTZiZDQxYTg4MzRiMzIwYzRkYTRjMWFkNDM3YjQ= x-cos-version-id: MTg0NDUwMjMwMzgwNTExMDUxMDg X-Cache-Lookup: Cache Miss X-Cache-Lookup: Hit From Inner Cluster x-sername: cdn-go.cn X-Cache-Lookup: Cache Miss X-Cache-Lookup: Hit From Inner Cluster Last-Modified: Mon, 15 Jul 2024 09:27:38 GMT Content-Length: 139706 Accept-Ranges: bytes X-NWS-LOG-UUID: 5711439689731469028 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Timing-Allow-Origin: * Access-Control-Allow-Origin: * Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:32 UTC	4096	IN	Data Raw: 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 37 37 5d 2c 7b 39 36 36 32 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 36 31 34 29 2c 6f 3d 65 28 36 33 33 30 29 2c 69 3d 54 79 70 65 45 72 72 6f 72 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 6e 28 74 29 29 72 65 74 75 72 6e 20 74 3b 74 68 72 6f 77 20 69 28 6f 28 74 29 2b 22 20 69 73 20 6e 6f 74 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 7d 7d 2c 39 34 38 33 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 34 34 31 31 29 2c 6f 3d 65 28 36 33 33 Data Ascii: (self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[277],{9662:function(t,r,e){var n=e(614),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a function")}},9483:function(t,r,e){var n=e(4411),o=e(633
2024-07-20 07:21:33 UTC	1448	IN	Data Raw: 5b 31 5d 3c 3c 38 7c 74 5b 30 5d 7d 2c 24 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 7a 28 74 2c 32 33 2c 34 29 7d 2c 59 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 7a 28 74 2c 35 32 2c 38 29 7d 2c 4b 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 62 28 74 2e 70 72 6f 74 6f 74 79 70 65 2c 72 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 52 28 74 68 69 73 29 5b 72 5d 7d 7d 29 7d 2c 4a 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 2c 6e 29 7b 76 61 72 20 6f 3d 76 28 65 29 2c 69 3d 52 28 74 29 3b 69 66 28 6f 2b 72 3e 69 2e 62 79 74 65 4c 65 6e 67 74 68 29 74 68 72 6f 77 20 44 28 6a 29 3b 76 61 72 20 75 3d 52 28 69 2e 62 75 66 66 65 72 29 2e 62 79 74 65 73 2c 61 3d 6f 2b 69 2e 62 79 74 65 4f 66 66 73 65 Data Ascii: [1]<<8\|t[0]},$=function(t){return z(t,23,4)},Y=function(t){return z(t,52,8)},K=function(t,r){b(t.prototype,r,{get:function(){return R(this)[r]}})},J=function(t,r,e,n){var o=v(e),i=R(t);if(o+r>i.byteLength)throw D(j);var u=R(i.buffer).bytes,a=o+i.byteOffse
2024-07-20 07:21:33 UTC	8760	IN	Data Raw: 74 68 22 29 2c 4b 28 43 2c 22 62 79 74 65 4f 66 66 73 65 74 22 29 29 2c 73 28 4d 2c 7b 67 65 74 49 6e 74 38 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4a 28 74 68 69 73 2c 31 2c 74 29 5b 30 5d 3c 3c 32 34 3e 3e 32 34 7d 2c 67 65 74 55 69 6e 74 38 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4a 28 74 68 69 73 2c 31 2c 74 29 5b 30 5d 7d 2c 67 65 74 49 6e 74 31 36 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 3d 4a 28 74 68 69 73 2c 32 2c 74 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 76 6f 69 64 20 30 29 3b 72 65 74 75 72 6e 28 72 5b 31 5d 3c 3c 38 7c 72 5b 30 5d 29 3c 3c 31 36 3e 3e 31 36 7d 2c 67 65 74 55 69 6e 74 31 36 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 Data Ascii: th"),K(C,"byteOffset")),s(M,{getInt8:function(t){return J(this,1,t)[0]<<24>>24},getUint8:function(t){return J(this,1,t)[0]},getInt16:function(t){var r=J(this,2,t,arguments.length>1?arguments[1]:void 0);return(r[1]<<8\|r[0])<<16>>16},getUint16:function(t){v
2024-07-20 07:21:33 UTC	4272	IN	Data Raw: 65 74 75 72 6e 20 6d 28 74 68 69 73 2c 30 3d 3d 3d 74 3f 30 3a 74 2c 72 29 7d 7d 3a 7b 61 64 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6d 28 74 68 69 73 2c 74 3d 30 3d 3d 3d 74 3f 30 3a 74 2c 74 29 7d 7d 29 2c 68 26 26 6e 28 70 2c 22 73 69 7a 65 22 2c 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 64 28 74 68 69 73 29 2e 73 69 7a 65 7d 7d 29 2c 6c 7d 2c 73 65 74 53 74 72 6f 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 72 2b 22 20 49 74 65 72 61 74 6f 72 22 2c 6f 3d 79 28 72 29 2c 69 3d 79 28 6e 29 3b 66 28 74 2c 72 2c 28 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 67 28 74 68 69 73 2c 7b 74 79 70 65 3a 6e 2c 74 61 72 67 65 74 3a 74 2c 73 74 61 74 65 3a 6f 28 74 29 2c 6b 69 6e 64 3a 72 Data Ascii: eturn m(this,0===t?0:t,r)}}:{add:function(t){return m(this,t=0===t?0:t,t)}}),h&&n(p,"size",{get:function(){return d(this).size}}),l},setStrong:function(t,r,e){var n=r+" Iterator",o=y(r),i=y(n);f(t,r,(function(t,r){g(this,{type:n,target:t,state:o(t),kind:r
2024-07-20 07:21:33 UTC	1460	IN	Data Raw: 61 3d 7b 7d 29 3b 76 61 72 20 63 3d 61 2e 65 6e 75 6d 65 72 61 62 6c 65 2c 73 3d 76 6f 69 64 20 30 21 3d 3d 61 2e 6e 61 6d 65 3f 61 2e 6e 61 6d 65 3a 72 3b 69 66 28 6e 28 65 29 26 26 69 28 65 2c 73 2c 61 29 2c 61 2e 67 6c 6f 62 61 6c 29 63 3f 74 5b 72 5d 3d 65 3a 75 28 72 2c 65 29 3b 65 6c 73 65 7b 74 72 79 7b 61 2e 75 6e 73 61 66 65 3f 74 5b 72 5d 26 26 28 63 3d 21 30 29 3a 64 65 6c 65 74 65 20 74 5b 72 5d 7d 63 61 74 63 68 28 66 29 7b 7d 63 3f 74 5b 72 5d 3d 65 3a 6f 2e 66 28 74 2c 72 2c 7b 76 61 6c 75 65 3a 65 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 31 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 61 2e 6e 6f 6e 43 6f 6e 66 69 67 75 72 61 62 6c 65 2c 77 72 69 74 61 62 6c 65 3a 21 61 2e 6e 6f 6e 57 72 69 74 61 62 6c 65 7d 29 7d 72 65 74 75 72 6e 20 74 7d Data Ascii: a={});var c=a.enumerable,s=void 0!==a.name?a.name:r;if(n(e)&&i(e,s,a),a.global)c?t[r]=e:u(r,e);else{try{a.unsafe?t[r]&&(c=!0):delete t[r]}catch(f){}c?t[r]=e:o.f(t,r,{value:e,enumerable:!1,configurable:!a.nonConfigurable,writable:!a.nonWritable})}return t}
2024-07-20 07:21:33 UTC	5780	IN	Data Raw: 48 41 52 41 43 54 45 52 5f 45 52 52 22 2c 63 3a 35 2c 6d 3a 31 7d 2c 4e 6f 44 61 74 61 41 6c 6c 6f 77 65 64 45 72 72 6f 72 3a 7b 73 3a 22 4e 4f 5f 44 41 54 41 5f 41 4c 4c 4f 57 45 44 5f 45 52 52 22 2c 63 3a 36 2c 6d 3a 30 7d 2c 4e 6f 4d 6f 64 69 66 69 63 61 74 69 6f 6e 41 6c 6c 6f 77 65 64 45 72 72 6f 72 3a 7b 73 3a 22 4e 4f 5f 4d 4f 44 49 46 49 43 41 54 49 4f 4e 5f 41 4c 4c 4f 57 45 44 5f 45 52 52 22 2c 63 3a 37 2c 6d 3a 31 7d 2c 4e 6f 74 46 6f 75 6e 64 45 72 72 6f 72 3a 7b 73 3a 22 4e 4f 54 5f 46 4f 55 4e 44 5f 45 52 52 22 2c 63 3a 38 2c 6d 3a 31 7d 2c 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 72 72 6f 72 3a 7b 73 3a 22 4e 4f 54 5f 53 55 50 50 4f 52 54 45 44 5f 45 52 52 22 2c 63 3a 39 2c 6d 3a 31 7d 2c 49 6e 55 73 65 41 74 74 72 69 62 75 74 65 45 72 72 6f Data Ascii: HARACTER_ERR",c:5,m:1},NoDataAllowedError:{s:"NO_DATA_ALLOWED_ERR",c:6,m:0},NoModificationAllowedError:{s:"NO_MODIFICATION_ALLOWED_ERR",c:7,m:1},NotFoundError:{s:"NOT_FOUND_ERR",c:8,m:1},NotSupportedError:{s:"NOT_SUPPORTED_ERR",c:9,m:1},InUseAttributeErro
2024-07-20 07:21:33 UTC	11680	IN	Data Raw: 6e 73 74 61 6e 63 65 6f 66 20 75 3f 68 28 72 2c 65 2e 6c 65 6e 67 74 68 2c 65 29 3a 72 2e 61 70 70 6c 79 28 74 2c 65 29 7d 3b 72 65 74 75 72 6e 20 69 28 65 29 26 26 28 75 2e 70 72 6f 74 6f 74 79 70 65 3d 65 29 2c 75 7d 7d 2c 36 39 31 36 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 34 33 37 34 29 2c 6f 3d 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 6c 6c 3b 74 2e 65 78 70 6f 72 74 73 3d 6e 3f 6f 2e 62 69 6e 64 28 6f 29 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 2e 61 70 70 6c 79 28 6f 2c 61 72 67 75 6d 65 6e 74 73 29 7d 7d 2c 36 35 33 30 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 39 37 38 31 29 2c 6f 3d 65 28 32 35 39 37 29 2c 69 3d 46 75 6e 63 74 69 6f 6e 2e Data Ascii: nstanceof u?h(r,e.length,e):r.apply(t,e)};return i(e)&&(u.prototype=e),u}},6916:function(t,r,e){var n=e(4374),o=Function.prototype.call;t.exports=n?o.bind(o):function(){return o.apply(o,arguments)}},6530:function(t,r,e){var n=e(9781),o=e(2597),i=Function.
2024-07-20 07:21:33 UTC	1352	IN	Data Raw: 72 2c 65 29 7b 76 61 72 20 6e 2c 6f 2c 69 2c 75 2c 61 2c 63 2c 73 2c 66 2c 6c 3d 65 28 37 38 35 34 29 2c 70 3d 65 28 39 39 37 34 29 2c 68 3d 65 28 31 32 33 36 29 2e 66 2c 76 3d 65 28 32 36 31 29 2e 73 65 74 2c 64 3d 65 28 36 38 33 33 29 2c 67 3d 65 28 31 35 32 38 29 2c 79 3d 65 28 31 30 33 36 29 2c 6d 3d 65 28 35 32 36 38 29 2c 62 3d 6c 2e 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 7c 7c 6c 2e 57 65 62 4b 69 74 4d 75 74 61 74 69 6f 6e 4f 62 73 65 72 76 65 72 2c 78 3d 6c 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 6c 2e 70 72 6f 63 65 73 73 2c 45 3d 6c 2e 50 72 6f 6d 69 73 65 2c 41 3d 68 28 6c 2c 22 71 75 65 75 65 4d 69 63 72 6f 74 61 73 6b 22 29 2c 53 3d 41 26 26 41 2e 76 61 6c 75 65 3b 53 7c 7c 28 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 72 Data Ascii: r,e){var n,o,i,u,a,c,s,f,l=e(7854),p=e(9974),h=e(1236).f,v=e(261).set,d=e(6833),g=e(1528),y=e(1036),m=e(5268),b=l.MutationObserver\|\|l.WebKitMutationObserver,x=l.document,w=l.process,E=l.Promise,A=h(l,"queueMicrotask"),S=A&&A.value;S\|\|(n=function(){var t,r
2024-07-20 07:21:33 UTC	10220	IN	Data Raw: 6c 3d 6e 2e 53 79 6d 62 6f 6c 2c 70 3d 6c 26 26 6c 2e 69 74 65 72 61 74 6f 72 2c 68 3d 31 2f 66 28 63 2b 22 2d 30 22 29 21 3d 2d 31 2f 30 7c 7c 70 26 26 21 6f 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 28 4f 62 6a 65 63 74 28 70 29 29 7d 29 29 3b 74 2e 65 78 70 6f 72 74 73 3d 68 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 3d 61 28 75 28 74 29 29 2c 65 3d 66 28 72 29 3b 72 65 74 75 72 6e 20 30 3d 3d 3d 65 26 26 22 2d 22 3d 3d 73 28 72 2c 30 29 3f 2d 30 3a 65 7d 3a 66 7d 2c 33 30 30 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 37 38 35 34 29 2c 6f 3d 65 28 37 32 39 33 29 2c 69 3d 65 28 31 37 30 32 29 2c 75 3d 65 28 31 33 34 30 29 2c 61 3d 65 28 33 31 31 31 29 2e 74 72 69 6d 2c 63 3d 65 28 31 33 36 31 29 2c 73 3d 6e Data Ascii: l=n.Symbol,p=l&&l.iterator,h=1/f(c+"-0")!=-1/0\|\|p&&!o((function(){f(Object(p))}));t.exports=h?function(t){var r=a(u(t)),e=f(r);return 0===e&&"-"==s(r,0)?-0:e}:f},3009:function(t,r,e){var n=e(7854),o=e(7293),i=e(1702),u=e(1340),a=e(3111).trim,c=e(1361),s=n
2024-07-20 07:21:33 UTC	1364	IN	Data Raw: 75 72 6e 20 74 68 69 73 7d 7d 29 7d 7d 2c 38 30 30 33 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 33 30 37 30 29 2e 66 2c 6f 3d 65 28 32 35 39 37 29 2c 69 3d 65 28 35 31 31 32 29 28 22 74 6f 53 74 72 69 6e 67 54 61 67 22 29 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 74 26 26 21 65 26 26 28 74 3d 74 2e 70 72 6f 74 6f 74 79 70 65 29 2c 74 26 26 21 6f 28 74 2c 69 29 26 26 6e 28 74 2c 69 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 72 7d 29 7d 7d 2c 36 32 30 30 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 32 33 30 39 29 2c 6f 3d 65 28 39 37 31 31 29 2c 69 3d 6e 28 22 6b 65 79 73 22 29 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 Data Ascii: urn this}})}},8003:function(t,r,e){var n=e(3070).f,o=e(2597),i=e(5112)("toStringTag");t.exports=function(t,r,e){t&&!e&&(t=t.prototype),t&&!o(t,i)&&n(t,i,{configurable:!0,value:r})}},6200:function(t,r,e){var n=e(2309),o=e(9711),i=n("keys");t.exports=functi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49755	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:31 UTC	582	OUT	GET /im.qq.com_new/f2ff7664/js/other-chunk.ddf042d1.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://im.qq.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:32 UTC	1011	IN	HTTP/1.1 200 OK Etag: "0f0c9e1eddaee7bb222d26ef9f59951a" Content-Type: application/javascript Date: Wed, 10 Jul 2024 07:36:15 GMT Server: tencent-cos x-cos-hash-crc64ecma: 6782063533890546559 x-cos-request-id: NjY4ZTM5ZWVfOTJmMzRjMGJfMTAzMmJfNTQ0NzI= x-cos-storage-class: MAZ_STANDARD x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4MzZkMTZiZDQxYTg4MzRiMzIwYzRkYTRjMWFkNDM3YjQ= x-cos-version-id: MTg0NDUwMjM0Nzc0NjAyMjczMDY X-Cache-Lookup: Cache Hit X-Cache-Lookup: Hit From Inner Cluster x-sername: cdn-go.cn X-Cache-Lookup: Cache Miss Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Content-Length: 164836 Accept-Ranges: bytes X-NWS-LOG-UUID: 941704851734444468 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Timing-Allow-Origin: * Access-Control-Allow-Origin: * Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:32 UTC	4096	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6f 74 68 65 72 2d 63 68 75 6e 6b 2e 64 64 66 30 34 32 64 31 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 35 36 5d 2c 7b 37 32 36 38 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 34 30 32 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 65 2c 7b 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 7d 29 3b 76 61 72 20 72 3d 22 71 22 7d 2c 33 39 Data Ascii: /! For license information please see other-chunk.ddf042d1.js.LICENSE.txt /(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[256],{7268:function(){},402:function(t,e,n){"use strict";n.d(e,{p:function(){return r}});var r="q"},39
2024-07-20 07:21:33 UTC	14480	IN	Data Raw: 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 74 2c 65 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 29 2c 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 72 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 75 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 31 3b 65 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 6e 3d 6e 75 6c 6c 21 3d 61 72 67 75 6d 65 6e 74 73 5b 65 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 65 5d 3a 7b 7d 3b 65 25 32 3f 63 28 4f 62 6a 65 63 74 28 6e 29 2c 21 30 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 28 30 2c 72 2e 5a 29 28 74 2c 65 2c 6e 5b 65 5d 29 7d 29 29 3a 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f Data Ascii: getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function u(t){for(var e=1;e<arguments.length;e++){var n=null!=arguments[e]?arguments[e]:{};e%2?c(Object(n),!0).forEach((function(e){(0,r.Z)(t,e,n[e])})):Object.getOwnPropertyDescripto
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 74 75 72 6e 20 65 2e 65 6d 69 74 28 22 63 6c 69 63 6b 22 2c 74 29 7d 7d 7d 7d 29 3b 64 2e 69 6e 73 74 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 63 6f 6d 70 6f 6e 65 6e 74 28 64 2e 6e 61 6d 65 2c 64 29 7d 3b 76 61 72 20 70 3d 5b 28 30 2c 69 2e 5f 29 28 22 73 76 67 22 2c 7b 77 69 64 74 68 3a 22 31 65 6d 22 2c 68 65 69 67 68 74 3a 22 31 65 6d 22 2c 76 69 65 77 42 6f 78 3a 22 30 20 30 20 34 38 20 34 38 22 2c 66 69 6c 6c 3a 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 2c 78 6d 6c 6e 73 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 7d 2c 5b 28 30 2c 69 2e 5f 29 28 22 70 61 74 68 22 2c 7b 22 66 69 6c 6c 2d 72 75 6c 65 22 3a 22 65 76 65 6e 6f 64 64 22 2c 22 63 6c 69 70 2d 72 75 6c 65 22 3a 22 65 76 65 6e 6f 64 64 Data Ascii: turn e.emit("click",t)}}}});d.install=function(t){t.component(d.name,d)};var p=[(0,i._)("svg",{width:"1em",height:"1em",viewBox:"0 0 48 48",fill:"currentColor",xmlns:"http://www.w3.org/2000/svg"},[(0,i._)("path",{"fill-rule":"evenodd","clip-rule":"evenodd
2024-07-20 07:21:33 UTC	12576	IN	Data Raw: 65 2c 6e 29 7b 72 65 74 75 72 6e 20 74 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d 7d 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 26 26 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 74 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 65 7d 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 20 69 6e 20 65 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c 6e 29 26 26 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 7d 2c 74 28 65 2c 6e 29 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 2c 6e 3d 31 2c Data Ascii: e,n){return t=Object.setPrototypeOf\|\|{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}\|\|function(t,e){for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n])},t(e,n)},e=function(){return e=Object.assign\|\|function(t){for(var e,n=1,
2024-07-20 07:21:33 UTC	5792	IN	Data Raw: 72 2e 72 65 73 75 6c 74 2e 76 61 6c 75 65 3b 69 2e 70 75 73 68 28 6e 29 2c 72 2e 72 65 73 75 6c 74 2e 63 6f 6e 74 69 6e 75 65 28 29 7d 65 6c 73 65 20 65 28 69 29 7d 2c 72 2e 6f 6e 65 72 72 6f 72 3d 6e 7d 29 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 44 61 74 61 52 61 6e 67 65 42 79 49 6e 64 65 78 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 2c 72 2c 69 29 7b 76 61 72 20 6f 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 66 75 6e 63 74 69 6f 6e 28 61 2c 73 29 7b 76 61 72 20 6c 3d 6f 2e 67 65 74 53 74 6f 72 65 28 29 2e 69 6e 64 65 78 28 74 29 2c 63 3d 49 44 42 4b 65 79 52 61 6e 67 65 2e 62 6f 75 6e 64 28 65 2c 6e 2c 72 2c 69 29 2c 75 3d 5b 5d 2c 64 3d 6c 2e 6f 70 65 6e 43 75 72 73 6f 72 28 63 29 3b 64 2e 6f 6e 73 75 Data Ascii: r.result.value;i.push(n),r.result.continue()}else e(i)},r.onerror=n}))},t.prototype.getDataRangeByIndex=function(t,e,n,r,i){var o=this;return new Promise((function(a,s){var l=o.getStore().index(t),c=IDBKeyRange.bound(e,n,r,i),u=[],d=l.openCursor(c);d.onsu
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 69 74 28 22 3f 22 29 5b 30 5d 2c 64 3d 5b 5d 2c 70 3d 4e 28 6f 7c 7c 63 2c 65 29 2c 68 3d 54 28 54 28 7b 7d 2c 78 28 6e 29 2e 71 75 65 72 79 29 2c 69 29 3b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 6b 65 79 73 28 68 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 4e 28 74 2c 65 29 2c 72 3d 4e 28 68 5b 74 5d 2c 65 29 3b 6e 75 6c 6c 21 3d 3d 6e 26 26 6e 75 6c 6c 21 3d 3d 72 26 26 64 2e 70 75 73 68 28 6e 2b 22 3d 22 2b 72 29 7d 29 29 2c 75 2b 28 64 2e 6c 65 6e 67 74 68 3f 22 3f 22 2b 64 2e 6a 6f 69 6e 28 22 26 22 29 3a 22 22 29 2b 28 70 3f 22 23 22 2b 70 3a 22 22 29 7d 66 75 6e 63 74 69 6f 6e 20 42 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 72 29 7b 69 Data Ascii: it("?")[0],d=[],p=N(o\|\|c,e),h=T(T({},x(n).query),i);return Object.keys(h).forEach((function(t){var n=N(t,e),r=N(h[t],e);null!==n&&null!==r&&d.push(n+"="+r)})),u+(d.length?"?"+d.join("&"):"")+(p?"#"+p:"")}function B(t,e){return new Promise((function(n,r){i
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 61 63 6f 6e 2e 6f 6e 44 69 72 65 63 74 55 73 65 72 41 63 74 69 6f 6e 3f 74 68 69 73 2e 62 65 61 63 6f 6e 2e 6f 6e 44 69 72 65 63 74 55 73 65 72 41 63 74 69 6f 6e 28 74 2e 65 76 65 6e 74 4e 61 6d 65 2c 6e 29 3a 74 68 69 73 2e 62 65 61 63 6f 6e 2e 6f 6e 55 73 65 72 41 63 74 69 6f 6e 26 26 74 68 69 73 2e 62 65 61 63 6f 6e 2e 6f 6e 55 73 65 72 41 63 74 69 6f 6e 28 74 2e 65 76 65 6e 74 4e 61 6d 65 2c 6e 29 7d 7d 2c 74 7d 28 29 3b 66 75 6e 63 74 69 6f 6e 20 76 74 28 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 66 74 28 74 29 7d 76 61 72 20 67 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 69 66 28 74 68 69 73 2e 74 79 70 65 3d 54 2e 41 50 50 2c 74 68 69 73 2e 62 65 61 63 6f 6e 52 65 70 6f 72 74 50 6f 6f 6c 3d 5b 5d 2c 21 6c 74 28 Data Ascii: acon.onDirectUserAction?this.beacon.onDirectUserAction(t.eventName,n):this.beacon.onUserAction&&this.beacon.onUserAction(t.eventName,n)}},t}();function vt(t){return new ft(t)}var gt=function(){function t(t){if(this.type=T.APP,this.beaconReportPool=[],!lt(
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 77 69 6e 64 6f 77 4e 6f 64 65 3d 65 2c 65 7d 2c 74 2e 67 65 74 4e 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 73 74 6f 72 65 5b 65 5b 74 2e 73 65 73 73 69 6f 6e 44 6f 6d 4b 65 79 5d 5d 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 75 70 64 61 74 65 44 61 74 61 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 72 29 7b 76 61 72 20 69 3d 74 68 69 73 2c 6f 3d 65 2e 61 74 74 72 69 62 75 74 65 73 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 6f 5b 74 2e 6e 61 6d 65 5d 3b 69 66 28 6e 29 72 65 74 75 72 6e 20 74 2e 66 75 6e 63 2e 63 61 6c 6c 28 69 2c 6e 2e 76 61 6c 75 65 2c 65 29 7d 2c 73 3d 74 2e 67 6c 6f 62 61 6c 4e 6f 64 65 43 6f 6e 66 69 67 2c 6c 3d 21 31 3b 69 66 28 74 68 69 73 2e 73 74 6f 70 42 75 62 62 6c 65 46 6c 61 67 Data Ascii: windowNode=e,e},t.getNode=function(e){return t.store[e[t.sessionDomKey]]},t.prototype.updateData=function(e,n,r){var i=this,o=e.attributes,a=function(t){var n=o[t.name];if(n)return t.func.call(i,n.value,e)},s=t.globalNodeConfig,l=!1;if(this.stopBubbleFlag
2024-07-20 07:21:33 UTC	14560	IN	Data Raw: 5b 32 5d 29 7d 63 61 74 63 68 28 53 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 53 2e 6d 65 73 73 61 67 65 2b 22 3a 20 22 2b 61 5b 32 5d 2b 22 20 76 61 6c 75 65 20 73 68 6f 75 6c 64 20 62 65 20 65 6e 63 6f 64 65 64 22 29 7d 7d 72 65 74 75 72 6e 20 65 7d 28 74 29 3a 74 3b 76 61 72 20 61 3d 21 31 3b 69 66 28 22 64 74 2d 70 61 72 61 6d 73 22 3d 3d 3d 65 29 7b 76 61 72 20 73 3d 74 68 69 73 2e 64 61 74 61 2e 72 65 75 73 65 49 64 65 6e 74 69 66 69 65 72 3b 73 26 26 74 68 69 73 2e 64 61 74 61 5b 73 5d 21 3d 3d 6e 5b 73 5d 26 26 74 68 69 73 2e 76 69 73 69 62 6c 65 26 26 28 61 3d 21 30 29 7d 72 65 74 75 72 6e 20 74 68 69 73 2e 64 61 74 61 5b 72 5d 3d 6e 7c 7c 7b 7d 2c 61 26 26 74 68 69 73 2e 65 6d 69 74 28 71 2e 45 58 50 4f 53 45 29 2c 21 30 7d 29 3b 76 61 72 20 Data Ascii: [2])}catch(S){console.warn(S.message+": "+a[2]+" value should be encoded")}}return e}(t):t;var a=!1;if("dt-params"===e){var s=this.data.reuseIdentifier;s&&this.data[s]!==n[s]&&this.visible&&(a=!0)}return this.data[r]=n\|\|{},a&&this.emit(q.EXPOSE),!0});var
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 6d 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 3d 74 3b 76 61 72 20 69 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 6d 61 74 63 68 28 65 5b 74 5d 29 3b 72 65 74 75 72 6e 20 69 26 26 32 3d 3d 3d 69 2e 6c 65 6e 67 74 68 26 26 28 72 3d 69 5b 31 5d 29 2c 69 7d 29 29 3f 6e 3a 22 22 2c 73 63 65 6e 65 56 65 72 73 69 6f 6e 3a 72 7d 7d 28 74 2e 73 63 65 6e 65 50 6c 61 74 29 3b 74 68 69 73 2e 73 65 74 28 61 28 61 28 7b 7d 2c 74 2e 70 75 62 6c 69 63 50 61 72 61 6d 73 29 2c 7b 77 65 62 5f 76 65 72 73 69 6f 6e 3a 74 2e 76 65 72 73 69 6f 6e 7c 7c 22 22 2c 73 63 65 6e 65 73 5f 70 6c 61 74 3a 65 2e 73 63 65 6e 65 50 6c 61 74 2c 73 63 65 6e 65 73 5f 76 65 72 73 69 6f 6e 3a 65 2e 73 63 65 6e 65 56 65 72 73 69 6f 6e 7d 29 2c 22 70 75 62 6c 69 63 50 61 Data Ascii: me((function(t){n=t;var i=navigator.userAgent.match(e[t]);return i&&2===i.length&&(r=i[1]),i}))?n:"",sceneVersion:r}}(t.scenePlat);this.set(a(a({},t.publicParams),{web_version:t.version\|\|"",scenes_plat:e.scenePlat,scenes_version:e.sceneVersion}),"publicPa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49754	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:31 UTC	584	OUT	GET /im.qq.com_new/f2ff7664/js/chunk-vendors.952b5fa2.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://im.qq.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:33 UTC	1019	IN	HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 20 Jul 2024 07:21:33 GMT ETag: "e0e514c85c4187923718073deea44c15" Server: tencent-cos x-cos-hash-crc64ecma: 6315703082362094858 x-cos-request-id: NjY5YjY1N2RfMzBkNjU4MGJfMmQ0MGNfMTA3ZDY5OQ== x-cos-storage-class: MAZ_STANDARD x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4MzZkMTZiZDQxYTg4MzRiMzIwYzRkYTRjMWFkNDM3YjQ= x-cos-version-id: MTg0NDUwMjMwMzgwNTExNTk2Njc X-Cache-Lookup: Cache Miss x-sername: cdn-go.cn X-Cache-Lookup: Cache Miss X-Cache-Lookup: Hit From Inner Cluster Last-Modified: Mon, 15 Jul 2024 09:27:38 GMT Content-Length: 1023552 Accept-Ranges: bytes X-NWS-LOG-UUID: 17989702713202800844 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Timing-Allow-Origin: * Access-Control-Allow-Origin: * Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:33 UTC	4096	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 63 68 75 6e 6b 2d 76 65 6e 64 6f 72 73 2e 39 35 32 62 35 66 61 32 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 39 39 38 5d 2c 7b 37 34 33 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 43 51 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 79 7d 2c 49 56 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 43 7d 2c 4c 4a 3a 66 75 Data Ascii: /! For license information please see chunk-vendors.952b5fa2.js.LICENSE.txt /(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[998],{7434:function(e,t,n){"use strict";n.d(t,{CQ:function(){return y},IV:function(){return C},LJ:fu
2024-07-20 07:21:34 UTC	11680	IN	Data Raw: 2b 29 2f 69 2c 71 7a 6f 6e 65 3a 2f 51 5a 4f 4e 45 4a 53 53 44 4b 5c 2f 28 5b 5c 64 2e 5d 2b 29 2f 69 2c 6d 71 71 62 72 6f 77 73 65 72 3a 2f 6d 71 71 62 72 6f 77 73 65 72 5c 2f 28 5b 5c 64 2e 5d 2b 29 2f 69 2c 71 71 62 72 6f 77 73 65 72 3a 2f 5b 5e 6d 5d 51 51 42 72 6f 77 73 65 72 5c 2f 28 5b 5c 64 2e 5d 2b 29 2f 69 2c 78 35 3a 2f 74 62 73 5c 2f 28 5c 64 2b 29 2f 69 2c 75 63 3a 2f 55 43 42 72 6f 77 73 65 72 5c 2f 28 5b 5c 64 2e 5d 2b 29 2f 69 2c 73 61 66 61 72 69 3a 2f 56 65 72 73 69 6f 6e 5c 2f 28 5b 5c 64 2e 5d 2b 29 28 20 4d 6f 62 69 6c 65 5c 53 2a 29 3f 20 53 61 66 61 72 69 5c 2f 28 5b 5c 64 2e 5d 2b 29 2f 69 2c 66 69 72 65 66 6f 78 3a 2f 46 69 72 65 66 6f 78 5c 2f 28 5b 5c 64 2e 5d 2b 29 2f 69 2c 6f 70 65 72 61 3a 2f 4f 50 52 5c 2f 28 5b 5c 64 2e 5d Data Ascii: +)/i,qzone:/QZONEJSSDK\/([\d.]+)/i,mqqbrowser:/mqqbrowser\/([\d.]+)/i,qqbrowser:/[^m]QQBrowser\/([\d.]+)/i,x5:/tbs\/(\d+)/i,uc:/UCBrowser\/([\d.]+)/i,safari:/Version\/([\d.]+)( Mobile\S*)? Safari\/([\d.]+)/i,firefox:/Firefox\/([\d.]+)/i,opera:/OPR\/([\d.]
2024-07-20 07:21:34 UTC	4704	IN	Data Raw: 6f 72 2b 22 2e 22 2b 74 68 69 73 2e 70 61 74 63 68 7d 2c 65 7d 28 29 3b 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 72 65 74 75 72 6e 28 76 6f 69 64 20 30 3d 3d 3d 61 2e 64 65 66 61 75 6c 74 2e 6e 61 76 69 67 61 74 6f 72 7c 7c 21 61 2e 64 65 66 61 75 6c 74 2e 6e 61 76 69 67 61 74 6f 72 2e 74 65 73 74 4d 6f 63 6b 29 26 26 76 6f 69 64 20 30 21 3d 3d 61 2e 64 65 66 61 75 6c 74 2e 70 72 6f 63 65 73 73 26 26 6e 75 6c 6c 21 3d 3d 61 2e 64 65 66 61 75 6c 74 2e 70 72 6f 63 65 73 73 2e 76 65 72 73 69 6f 6e 73 26 26 76 6f 69 64 20 30 21 3d 3d 61 2e 64 65 66 61 75 6c 74 2e 70 72 6f 63 65 73 73 2e 76 65 72 73 69 6f 6e 73 2e 6e 6f 64 65 7d 66 75 6e 63 74 69 6f 6e 20 66 28 29 7b 72 65 74 75 72 6e 20 63 2e 68 6f 6f 6b 4d 61 70 2e 75 73 65 72 41 67 65 6e 74 47 65 74 74 65 72 Data Ascii: or+"."+this.patch},e}();function d(){return(void 0===a.default.navigator\|\|!a.default.navigator.testMock)&&void 0!==a.default.process&&null!==a.default.process.versions&&void 0!==a.default.process.versions.node}function f(){return c.hookMap.userAgentGetter
2024-07-20 07:21:34 UTC	8760	IN	Data Raw: 65 2c 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 6e 3f 74 3a 6e 65 77 20 6e 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 28 74 29 7d 29 29 29 2e 74 68 65 6e 28 61 2c 73 29 7d 6c 28 28 72 3d 72 2e 61 70 70 6c 79 28 65 2c 74 7c 7c 5b 5d 29 29 2e 6e 65 78 74 28 29 29 7d 29 29 7d 2c 6f 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 67 65 6e 65 72 61 74 6f 72 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 6f 2c 69 2c 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 31 26 6f 5b 30 5d 29 74 68 72 6f 77 20 6f 5b 31 5d 3b 72 65 74 75 72 6e 20 6f 5b 31 5d 7d 2c 74 72 79 73 3a 5b 5d 2c 6f 70 73 3a 5b 5d 7d 3b 72 65 74 75 72 6e 20 69 3d 7b 6e 65 78 74 3a 73 28 30 29 2c 74 68 72 6f 77 3a 73 28 31 29 2c 72 65 74 Data Ascii: e,t instanceof n?t:new n((function(e){e(t)}))).then(a,s)}l((r=r.apply(e,t\|\|[])).next())}))},o=this&&this.__generator\|\|function(e,t){var n,r,o,i,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:s(0),throw:s(1),ret
2024-07-20 07:21:34 UTC	7624	IN	Data Raw: 6e 28 65 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 6c 28 29 29 2c 63 28 65 29 2e 70 61 72 61 6d 73 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 68 6f 6f 6b 73 3d 74 2e 67 6c 6f 62 61 6c 54 68 69 73 3d 74 2e 6d 73 67 3d 74 2e 73 74 72 69 6e 67 3d 74 2e 78 73 73 3d 74 2e 75 74 69 6c 3d 74 2e 75 73 65 72 3d 74 2e 75 72 6c 3d 74 2e 73 63 68 65 6d 61 3d 74 2e 62 72 6f 77 73 65 72 3d 74 2e 63 6f 6f 6b 69 65 3d 76 6f 69 64 20 30 3b 76 61 72 20 72 3d 6e 28 30 29 3b 74 2e 62 72 6f 77 73 65 72 3d 72 3b 76 61 72 20 6f 3d 6e 28 36 29 3b Data Ascii: n(e){return void 0===e&&(e=l()),c(e).params}},function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.hooks=t.globalThis=t.msg=t.string=t.xss=t.util=t.user=t.url=t.schema=t.browser=t.cookie=void 0;var r=n(0);t.browser=r;var o=n(6);
2024-07-20 07:21:34 UTC	16060	IN	Data Raw: 2e 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c 74 29 7d 2c 6e 2e 70 3d 22 22 2c 6e 28 6e 2e 73 3d 31 35 29 7d 28 5b 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 76 61 72 20 72 3d 74 5b 6e 5d 3b 72 2e 65 6e 75 6d 65 72 61 62 6c 65 3d 72 2e 65 6e 75 6d 65 72 61 62 6c 65 7c 7c 21 31 2c 72 2e 63 6f 6e 66 69 67 75 72 61 62 6c 65 3d 21 30 2c 22 76 61 6c 75 65 22 69 6e 20 72 26 26 28 72 2e 77 72 69 74 61 62 6c 65 3d 21 30 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 Data Ascii: .o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=15)}([function(e,t,n){function r(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable\|\|!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty
2024-07-20 07:21:34 UTC	324	IN	Data Raw: 72 2b 3d 63 3f 63 2e 74 6f 53 74 72 69 6e 67 28 29 3a 68 28 66 28 6c 2c 74 2c 75 29 2c 73 2c 61 29 2c 69 3d 69 2e 73 75 62 73 74 72 28 6e 2e 69 6e 64 65 78 2b 6e 5b 30 5d 2e 6c 65 6e 67 74 68 29 7d 72 65 74 75 72 6e 20 72 7d 7d 76 61 72 20 5f 3d 7b 6d 65 73 73 61 67 65 50 61 73 73 54 68 72 6f 75 67 68 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 67 7d 2c 62 61 73 69 63 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 7d 2c 63 6f 6c 6f 72 65 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 68 7d 2c 63 6f 6c 6f 75 72 65 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 68 7d 2c 70 61 74 74 65 72 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 41 28 65 26 26 65 2e 70 61 74 74 65 72 6e 2c 65 26 26 65 Data Ascii: r+=c?c.toString():h(f(l,t,u),s,a),i=i.substr(n.index+n[0].length)}return r}}var _={messagePassThrough:function(){return g},basic:function(){return f},colored:function(){return h},coloured:function(){return h},pattern:function(e){return A(e&&e.pattern,e&&e
2024-07-20 07:21:34 UTC	16060	IN	Data Raw: 65 50 61 73 73 54 68 72 6f 75 67 68 4c 61 79 6f 75 74 3a 67 2c 70 61 74 74 65 72 6e 4c 61 79 6f 75 74 3a 41 2c 63 6f 6c 6f 75 72 65 64 4c 61 79 6f 75 74 3a 68 2c 63 6f 6c 6f 72 65 64 4c 61 79 6f 75 74 3a 68 2c 64 75 6d 6d 79 4c 61 79 6f 75 74 3a 76 2c 61 64 64 4c 61 79 6f 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 5f 5b 65 5d 3d 74 7d 2c 6c 61 79 6f 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 5f 5b 65 5d 26 26 5f 5b 65 5d 28 74 29 7d 7d 7d 29 2e 63 61 6c 6c 28 74 68 69 73 2c 6e 28 32 29 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 72 65 74 75 72 6e 28 6e 3d 22 66 75 6e 63 74 69 6f 6e 22 3d Data Ascii: ePassThroughLayout:g,patternLayout:A,colouredLayout:h,coloredLayout:h,dummyLayout:v,addLayout:function(e,t){_[e]=t},layout:function(e,t){return _[e]&&_[e](t)}}}).call(this,n(2))},function(e,t,n){"use strict";(function(t){function n(e){return(n="function"=
2024-07-20 07:21:34 UTC	324	IN	Data Raw: 5b 6c 5d 3d 6e 65 77 20 44 61 74 65 28 75 29 3b 65 6c 73 65 20 69 66 28 75 20 69 6e 73 74 61 6e 63 65 6f 66 20 4d 61 70 29 73 5b 6c 5d 3d 6e 65 77 20 4d 61 70 28 69 28 41 72 72 61 79 2e 66 72 6f 6d 28 75 29 2c 65 29 29 3b 65 6c 73 65 20 69 66 28 75 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 65 74 29 73 5b 6c 5d 3d 6e 65 77 20 53 65 74 28 69 28 41 72 72 61 79 2e 66 72 6f 6d 28 75 29 2c 65 29 29 3b 65 6c 73 65 20 69 66 28 41 72 72 61 79 42 75 66 66 65 72 2e 69 73 56 69 65 77 28 75 29 29 73 5b 6c 5d 3d 6f 28 75 29 3b 65 6c 73 65 7b 76 61 72 20 63 3d 74 2e 69 6e 64 65 78 4f 66 28 75 29 3b 73 5b 6c 5d 3d 2d 31 21 3d 3d 63 3f 6e 5b 63 5d 3a 65 28 75 29 7d 7d 72 65 74 75 72 6e 20 74 2e 70 6f 70 28 29 2c 6e 2e 70 6f 70 28 29 2c 73 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 Data Ascii: [l]=new Date(u);else if(u instanceof Map)s[l]=new Map(i(Array.from(u),e));else if(u instanceof Set)s[l]=new Set(i(Array.from(u),e));else if(ArrayBuffer.isView(u))s[l]=o(u);else{var c=t.indexOf(u);s[l]=-1!==c?n[c]:e(u)}}return t.pop(),n.pop(),s};function i
2024-07-20 07:21:34 UTC	16060	IN	Data Raw: 2b 2b 29 7b 76 61 72 20 75 3d 61 5b 6c 5d 2c 63 3d 65 5b 75 5d 3b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 72 28 63 29 7c 7c 6e 75 6c 6c 3d 3d 3d 63 29 73 5b 75 5d 3d 63 3b 65 6c 73 65 20 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 44 61 74 65 29 73 5b 75 5d 3d 6e 65 77 20 44 61 74 65 28 63 29 3b 65 6c 73 65 20 69 66 28 41 72 72 61 79 42 75 66 66 65 72 2e 69 73 56 69 65 77 28 63 29 29 73 5b 75 5d 3d 6f 28 63 29 3b 65 6c 73 65 7b 76 61 72 20 70 3d 74 2e 69 6e 64 65 78 4f 66 28 63 29 3b 73 5b 75 5d 3d 2d 31 21 3d 3d 70 3f 6e 5b 70 5d 3a 69 28 63 29 7d 7d 72 65 74 75 72 6e 20 73 7d 7d 28 65 29 3a 65 2e 70 72 6f 74 6f 3f 66 75 6e 63 74 69 6f 6e 20 65 28 6e 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 72 28 6e 29 7c 7c 6e 75 6c 6c 3d 3d 3d 6e 29 72 65 Data Ascii: ++){var u=a[l],c=e[u];if("object"!==r(c)\|\|null===c)s[u]=c;else if(c instanceof Date)s[u]=new Date(c);else if(ArrayBuffer.isView(c))s[u]=o(c);else{var p=t.indexOf(c);s[u]=-1!==p?n[p]:i(c)}}return s}}(e):e.proto?function e(n){if("object"!==r(n)\|\|null===n)re

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49758	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:31 UTC	569	OUT	GET /im.qq.com_new/f2ff7664/css/mobile.73b646b1.css HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:32 UTC	820	IN	HTTP/1.1 200 OK Etag: "1185d0fdb994c3df53ff11a4768907f5" Content-Type: text/css Date: Wed, 10 Jul 2024 07:54:33 GMT Server: tencent-cos x-cos-hash-crc64ecma: 5191373061027337724 x-cos-request-id: NjY4ZTNlMzlfNmY1ZDQxZV81NTIyXzU5ZDU= x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjM0Nzc0NjAyODg5NzU X-Cache-Lookup: Cache Hit X-Cache-Lookup: Hit From Inner Cluster x-sername: cdn-go.cn Access-Control-Allow-Origin: * X-Cache-Lookup: Cache Miss X-Cache-Lookup: Hit From Inner Cluster Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Content-Length: 89643 Accept-Ranges: bytes X-NWS-LOG-UUID: 11654322213148570217 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:32 UTC	4096	IN	Data Raw: 2e 68 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 68 65 69 67 68 74 3a 2e 37 36 72 65 6d 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 2e 30 31 72 65 6d 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 68 65 61 64 65 72 5f 5f 6c 6f 67 6f 7b 6d 61 72 67 69 6e 3a 2e 32 72 65 6d 20 61 75 74 6f 3b 77 69 64 74 68 3a 2e 36 37 35 72 65 6d 3b 68 65 69 67 68 74 3a 2e 33 36 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 61 75 74 6f 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 Data Ascii: .header{position:relative;height:.76rem;z-index:1000;border-bottom:.01rem solid rgba(0,0,0,.1)}.header__logo{margin:.2rem auto;width:.675rem;height:.36rem;background-size:100% auto;background-repeat:no-repeat;background-position:50%;background-image:url(d
2024-07-20 07:21:33 UTC	2896	IN	Data Raw: 37 4b 31 42 45 33 61 73 2b 35 50 53 61 4b 35 39 52 4a 63 32 66 72 6e 36 64 41 45 76 43 4b 47 2f 5a 58 43 65 65 33 48 69 32 39 74 78 32 32 6c 46 42 49 49 59 68 35 37 6e 2f 6a 30 48 32 6b 4c 68 39 33 2f 72 34 4d 39 72 6e 65 36 2b 48 62 4b 4e 57 4d 67 41 5a 73 37 6b 38 47 57 57 77 7a 4d 58 43 77 45 33 66 75 47 72 34 39 2f 61 7a 57 49 56 6d 4d 4a 47 6f 4e 37 4b 33 56 71 78 58 45 53 52 63 62 52 5a 72 70 50 7a 6a 4a 41 37 2f 65 48 66 66 44 37 66 75 72 33 57 61 54 33 31 79 6f 37 78 77 38 74 6a 37 4f 58 6e 78 75 67 67 36 78 37 7a 43 54 68 35 6e 72 64 34 4a 39 64 71 35 39 75 72 39 7a 32 37 76 77 71 46 51 71 46 51 4b 42 51 4b 68 55 4b 68 55 43 67 55 43 6f 56 43 6f 56 41 6f 4d 75 56 6a 41 47 49 72 66 47 66 37 35 5a 73 41 41 41 41 41 53 55 56 4f 52 4b 35 43 59 49 49 Data Ascii: 7K1BE3as+5PSaK59RJc2frn6dAEvCKG/ZXCee3Hi29tx22lFBIIYh57n/j0H2kLh93/r4M9rne6+HbKNWMgAZs7k8GWWwzMXCwE3fuGr49/azWIVmMJGoN7K3VqxXESRcbRZrpPzjJA7/eHffD7fur3WaT31yo7xw8tj7OXnxugg6x7zCTh5nrd4J9dq59ur9z27vwqFQqFQKBQKhUKhUCgUCoVCoVAoMuVjAGIrfGf75ZsAAAAASUVORK5CYII
2024-07-20 07:21:33 UTC	7300	IN	Data Raw: 77 73 4d 43 30 6f 2f 7a 64 44 6b 51 64 58 69 45 4b 7a 77 6b 76 48 37 2b 39 6a 75 58 77 37 30 49 73 57 2b 30 51 4b 42 69 39 58 55 32 2b 69 45 56 47 38 42 6d 62 5a 46 42 50 47 42 66 39 53 2f 38 33 35 42 55 69 4c 79 75 67 4e 50 46 63 41 47 56 52 71 50 7a 44 67 70 4b 4f 7a 54 48 4c 4f 4c 36 4b 35 6d 41 4a 41 67 36 52 46 55 49 77 4f 7a 76 6b 6c 50 58 59 65 53 54 6b 7a 6f 43 37 77 6b 43 47 37 42 65 45 44 74 77 4e 75 2f 2b 31 77 49 48 33 37 53 6b 4d 77 72 6f 59 45 6c 76 4a 2f 49 41 52 53 42 30 6a 71 53 46 4f 30 2b 77 77 62 71 4f 4f 6b 46 77 56 6a 44 43 43 63 55 66 59 72 38 68 4f 51 44 5a 2f 75 74 50 32 6b 51 73 59 72 63 7a 35 46 73 45 36 52 45 4a 55 53 41 64 31 54 76 74 47 70 7a 63 4e 45 6b 32 54 6b 41 78 6e 75 57 37 4b 61 30 73 63 52 6d 4a 35 72 58 53 4c 57 33 Data Ascii: wsMC0o/zdDkQdXiEKzwkvH7+9juXw70IsW+0QKBi9XU2+iEVG8BmbZFBPGBf9S/835BUiLyugNPFcAGVRqPzDgpKOzTHLOL6K5mAJAg6RFUIwOzvklPXYeSTkzoC7wkCG7BeEDtwNu/+1wIH37SkMwroYElvJ/IARSB0jqSFO0+wwbqOOkFwVjDCCcUfYr8hOQDZ/utP2kQsYrcz5FsE6REJUSAd1TvtGpzcNEk2TkAxnuW7Ka0scRmJ5rXSLW3
2024-07-20 07:21:33 UTC	4284	IN	Data Raw: 70 72 69 6d 61 72 79 3a 62 65 66 6f 72 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 69 6e 74 72 6f 5f 5f 70 61 6e 65 6c 2d 69 74 65 6d 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 22 3b 77 69 64 74 68 3a 2e 36 34 72 65 6d 3b 68 65 69 67 68 74 3a 2e 36 34 72 65 6d 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 31 36 72 65 6d 3b 2d 77 65 62 6b 69 74 2d 6d 61 73 6b 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 6d 61 73 6b 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 2d 77 65 62 6b 69 74 2d 6d 61 73 6b 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 73 6b 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 6d 61 73 6b 2d 70 6f 73 69 74 69 6f 6e 3a 63 65 6e 74 65 72 3b 6d 61 73 6b 2d 70 6f 73 69 Data Ascii: primary:before{background-color:#fff}.intro__panel-item:before{content:"";width:.64rem;height:.64rem;margin-right:.16rem;-webkit-mask-size:contain;mask-size:contain;-webkit-mask-repeat:no-repeat;mask-repeat:no-repeat;-webkit-mask-position:center;mask-posi
2024-07-20 07:21:33 UTC	1448	IN	Data Raw: 6c 2f 54 69 63 63 37 6c 63 77 42 74 51 47 53 76 32 41 69 6a 70 6c 70 46 4d 78 4b 53 31 31 4c 72 6b 65 34 4f 48 6e 6c 4f 71 5a 72 4b 6f 6f 69 77 4b 2f 76 32 37 36 2f 50 52 39 64 35 50 69 46 6c 4e 75 33 59 51 32 55 39 63 6c 38 34 75 6c 33 61 65 41 6c 4e 2f 2f 56 33 56 6e 38 6d 61 47 76 33 66 31 45 47 4e 47 52 62 67 6b 59 6d 56 62 59 73 4a 33 69 55 65 4d 57 67 70 34 71 72 67 76 4d 76 48 67 74 4d 75 6e 7a 75 65 6c 57 53 63 2b 4a 5a 59 30 67 70 71 68 72 68 4a 4c 4b 63 37 39 48 77 48 6c 34 70 6c 72 62 57 44 32 4e 36 66 31 56 65 58 78 52 7a 71 55 63 78 68 45 79 59 59 69 6c 42 52 67 51 51 46 34 58 2f 38 30 34 34 2f 6a 69 31 79 56 32 42 51 4c 6f 38 43 4c 4d 70 45 53 52 45 54 73 73 54 7a 30 4b 46 68 45 6a 4a 78 43 45 48 71 6b 4c 68 7a 36 33 34 50 72 66 76 4a 62 57 Data Ascii: l/Ticc7lcwBtQGSv2AijplpFMxKS11Lrke4OHnlOqZrKooiwK/v276/PR9d5PiFlNu3YQ2U9cl84ul3aeAlN//V3Vn8maGv3f1EGNGRbgkYmVbYsJ3iUeMWgp4qrgvMvHgtMunzuelWSc+JZY0gpqhrhJLKc79HwHl4plrbWD2N6f1VeXxRzqUcxhEyYYilBRgQQF4X/8044/ji1yV2BQLo8CLMpESRETssTz0KFhEjJxCEHqkLhz634PrfvJbW
2024-07-20 07:21:33 UTC	1460	IN	Data Raw: 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 7d 2e 69 6e 74 72 6f 2d 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 2d 74 65 78 74 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 47 77 41 41 41 42 73 43 41 4d 41 41 41 43 34 75 4b 66 2f 41 41 41 41 53 31 42 4d 56 45 56 4d 61 58 45 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 67 49 43 41 68 49 53 Data Ascii: nd-size:contain;background-position:50%;background-repeat:no-repeat}.intro-content-title-text:first-child{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGwAAABsCAMAAAC4uKf/AAAAS1BMVEVMaXEgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAhIS
2024-07-20 07:21:33 UTC	14924	IN	Data Raw: 53 2f 72 2b 77 53 70 30 47 65 78 78 30 55 7a 74 30 62 36 75 63 42 37 4e 7a 62 7a 64 38 70 69 6c 5a 50 48 39 68 76 37 42 66 32 47 4f 61 4e 6c 45 4a 4f 6d 4b 44 43 44 42 68 65 36 61 6c 31 42 32 68 4d 46 4d 53 31 70 61 45 75 59 4b 77 65 69 6b 49 45 79 56 68 71 69 43 73 58 77 72 43 75 70 4b 77 51 52 2b 53 47 68 6b 32 76 4e 31 6a 6e 33 47 33 2b 41 2f 44 4b 2b 5a 59 36 2b 78 53 72 77 41 41 41 41 42 4a 52 55 35 45 72 6b 4a 67 67 67 3d 3d 29 7d 2e 69 6e 74 72 6f 2d 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 2d 74 65 78 74 3a 6e 74 68 2d 63 68 69 6c 64 28 32 29 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 47 Data Ascii: S/r+wSp0Gexx0Uzt0b6ucB7Nzbzd8pilZPH9hv7Bf2GOaNlEJOmKDCDBhe6al1B2hMFMS1paEuYKweikIEyVhqiCsXwrCupKwQR+SGhk2vN1jn3G3+A/DK+ZY6+xSrwAAAABJRU5ErkJggg==)}.intro-content-title-text:nth-child(2){background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAG
2024-07-20 07:21:33 UTC	14024	IN	Data Raw: 4f 5a 79 50 30 4c 52 73 70 61 37 39 47 44 62 4c 7a 75 71 44 37 52 76 50 79 58 6a 45 55 4f 4a 73 77 30 64 37 67 4e 4f 5a 6a 43 36 6d 4d 72 4b 4b 4f 59 77 6e 44 34 4d 6a 42 6f 38 4f 2b 4f 50 51 53 45 6d 58 6b 7a 36 61 7a 74 6a 41 70 34 33 37 49 72 74 63 38 75 39 5a 6f 6a 4e 4b 4d 61 6d 39 47 75 4e 53 34 46 32 54 70 6d 6d 6d 49 73 58 7a 65 64 69 42 51 39 54 77 55 67 48 79 41 6b 77 50 77 67 77 58 32 46 62 32 58 54 78 79 33 77 70 73 37 32 57 4d 54 4a 33 37 72 52 34 4e 61 4e 6f 6d 64 2f 72 55 6c 65 6e 71 35 45 39 68 4d 64 68 7a 58 64 2f 54 6d 77 55 37 56 69 43 77 4d 77 58 73 35 67 6f 72 56 62 6d 6d 77 6c 6b 4d 71 56 43 51 42 41 77 44 52 4b 44 2f 6f 76 6b 45 78 6a 32 78 43 73 74 30 67 78 46 61 54 4e 47 66 63 33 33 2b 4b 6c 70 7a 43 6b 6d 6d 63 39 6b 4d 42 65 74 Data Ascii: OZyP0LRspa79GDbLzuqD7RvPyXjEUOJsw0d7gNOZjC6mMrKKOYwnD4MjBo8O+OPQSEmXkz6aztjAp437Irtc8u9ZojNKMam9GuNS4F2TpmmmIsXzediBQ9TwUgHyAkwPwgwX2Fb2XTxy3wps72WMTJ37rR4NaNomd/rUlenq5E9hMdhzXd/TmwU7ViCwMwXs5gorVbmmwlkMqVCQBAwDRKD/ovkExj2xCst0gxFaTNGfc33+KlpzCkmmc9kMBet
2024-07-20 07:21:33 UTC	10136	IN	Data Raw: 6c 69 6e 65 2d 68 65 69 67 68 74 3a 2e 36 39 33 33 72 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7a 2d 69 6e 64 65 78 3a 31 30 7d 2e 6e 65 73 74 2d 62 6f 64 79 2d 77 72 61 70 70 65 72 20 2e 73 75 62 74 69 74 6c 65 2d 6e 65 69 67 68 62 6f 72 68 6f 6f 64 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 72 67 69 6e 3a 2e 30 36 72 65 6d 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 2e 37 72 65 6d 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 50 69 6e 67 46 61 6e 67 20 53 43 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 32 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 2e 36 39 33 33 72 65 6d 3b 63 6f 6c 6f 72 3a 23 38 63 38 63 38 63 3b 74 65 78 74 2d 61 6c Data Ascii: line-height:.6933rem;color:#000;z-index:10}.nest-body-wrapper .subtitle-neighborhood{position:relative;margin:.06rem auto 0 auto;height:.7rem;display:block;font-family:PingFang SC;font-size:.28rem;font-weight:500;line-height:.6933rem;color:#8c8c8c;text-al
2024-07-20 07:21:33 UTC	1460	IN	Data Raw: 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 66 32 66 66 37 36 36 34 2f 69 6d 67 2f 69 6d 61 67 65 2d 6c 6f 67 6f 2e 65 36 37 66 62 63 39 63 2e 70 6e 67 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f 6e 74 61 69 6e 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 7d 2e 66 6f 6f 74 65 72 2d 77 72 61 70 70 65 72 20 2e 66 6f 6f 74 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 62 6f 74 74 6f 6d 3a 31 2e 34 32 72 65 6d 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 66 6f 6f 74 65 72 2d 77 72 61 70 70 65 72 20 2e 66 6f 6f 74 65 72 5f 5f 74 78 74 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 Data Ascii: //qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/image-logo.e67fbc9c.png);background-size:contain;background-position:50%;background-repeat:no-repeat}.footer-wrapper .footer{position:absolute;bottom:1.42rem;width:100%}.footer-wrapper .footer__txt{font-family

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49757	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:31 UTC	541	OUT	GET /library/latest/qqapi/qqapi.wk.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:32 UTC	838	IN	HTTP/1.1 200 OK Etag: "11524df85ebd860f62b9fcf12e871306" Content-Type: application/javascript Date: Sat, 22 Jun 2024 03:00:24 GMT Server: tencent-cos x-cos-hash-crc64ecma: 2706767683959067290 x-cos-request-id: NjY3NjNlNDhfNDUyZTI0MGJfMTE5MGVfM2IwZjQzYg== x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwNTYzMDEzNDM4MDc4OTM X-Cache-Lookup: Cache Hit X-Cache-Lookup: Hit From Inner Cluster x-sername: cdn-go.cn Access-Control-Allow-Origin: * X-Cache-Lookup: Cache Miss X-Cache-Lookup: Hit From Inner Cluster Last-Modified: Mon, 26 Jun 2023 09:39:25 GMT Content-Length: 70935 Accept-Ranges: bytes X-NWS-LOG-UUID: 7285441579310333225 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=666 Is-Immutable-In-The-Future: false
2024-07-20 07:21:32 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 62 28 74 68 69 73 5b 61 5d 3d 74 68 69 73 5b 61 5d 7c 7c 7b 7d 29 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 28 64 65 66 69 6e 65 2e 61 6d 64 7c 7c 64 65 66 69 6e 65 2e 63 6d 64 29 3f 64 65 66 69 6e 65 28 64 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 28 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 64 29 7d 28 22 6d 71 71 22 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 63 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3b 66 6f 72 28 64 20 69 6e 20 62 29 28 62 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 26 26 21 28 64 20 69 6e 20 61 29 7c 7c 63 Data Ascii: !function(a,b,c){var d=b(this[a]=this[a]\|\|{});"function"==typeof define&&(define.amd\|\|define.cmd)?define(d):"object"==typeof module&&(module.exports=d)}("mqq",function(a,b){"use strict";function c(a,b,c){var d;for(d in b)(b.hasOwnProperty(d)&&!(d in a)\|\|c
2024-07-20 07:21:32 UTC	16384	IN	Data Raw: 3a 22 34 2e 36 22 7d 7d 29 2c 6d 71 71 2e 62 75 69 6c 64 28 22 6d 71 71 2e 63 6f 75 70 6f 6e 2e 69 73 46 61 76 6f 75 72 42 75 73 69 6e 65 73 73 22 2c 7b 69 4f 53 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 61 29 7b 76 61 72 20 64 3d 61 3b 28 64 2e 63 61 6c 6c 62 61 63 6b 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 29 29 26 26 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 63 6f 75 70 6f 6e 22 2c 22 69 73 46 61 76 6f 75 72 42 75 73 69 6e 65 73 73 22 2c 64 29 7d 65 6c 73 65 20 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 63 6f 75 70 6f 6e 22 2c 22 69 73 46 61 76 6f 75 72 42 75 73 69 6e 65 73 73 22 2c 7b 62 69 64 3a 61 2c 73 6f 75 72 63 65 49 64 3a 62 2c 63 61 6c 6c 62 61 63 Data Ascii: :"4.6"}}),mqq.build("mqq.coupon.isFavourBusiness",{iOS:function(a,b,c){if("object"==typeof a){var d=a;(d.callback=mqq.callback(b))&&mqq.invokeClient("coupon","isFavourBusiness",d)}else mqq.invokeClient("coupon","isFavourBusiness",{bid:a,sourceId:b,callbac
2024-07-20 07:21:32 UTC	16384	IN	Data Raw: 6f 64 65 6c 28 29 2c 6d 6f 64 65 6c 56 65 72 73 69 6f 6e 3a 74 68 69 73 2e 6d 6f 64 65 6c 56 65 72 73 69 6f 6e 28 29 7d 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 61 29 72 65 74 75 72 6e 20 63 3b 6d 71 71 2e 5f 5f 66 69 72 65 43 61 6c 6c 62 61 63 6b 28 62 2c 5b 63 5d 29 7d 7d 2c 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 6d 71 71 2e 63 6f 6d 70 61 72 65 28 22 34 2e 36 22 29 3e 3d 30 29 7b 76 61 72 20 62 3d 61 3b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 61 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 61 29 7d 63 61 74 63 68 28 61 29 7b 7d 62 26 26 62 28 61 29 7d 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 71 62 69 7a 41 70 69 22 2c 22 67 65 74 44 65 76 69 63 65 49 6e 66 6f 22 2c 61 29 7d Data Ascii: odel(),modelVersion:this.modelVersion()};if("function"!=typeof a)return c;mqq.__fireCallback(b,[c])}},android:function(a){if(mqq.compare("4.6")>=0){var b=a;a=function(a){try{a=JSON.parse(a)}catch(a){}b&&b(a)},mqq.invokeClient("qbizApi","getDeviceInfo",a)}
2024-07-20 07:21:32 UTC	16384	IN	Data Raw: 61 72 20 63 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 29 3b 63 26 26 28 61 2e 63 61 6c 6c 62 61 63 6b 3d 63 29 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 72 65 64 70 6f 69 6e 74 22 2c 22 72 65 70 6f 72 74 52 65 64 54 6f 75 63 68 22 2c 61 29 7d 2c 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 29 3b 63 26 26 28 61 2e 63 61 6c 6c 62 61 63 6b 3d 63 29 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 72 65 64 70 6f 69 6e 74 22 2c 22 72 65 70 6f 72 74 52 65 64 54 6f 75 63 68 22 2c 61 29 7d 2c 73 75 70 70 6f 72 74 49 6e 76 6f 6b 65 3a 21 30 2c 73 75 70 70 6f 72 74 3a 7b 69 4f 53 3a 22 34 2e 37 22 2c 61 6e 64 72 6f 69 64 3a 22 34 2e 37 22 7d 7d 29 2c 6d 71 71 Data Ascii: ar c=mqq.callback(b);c&&(a.callback=c),mqq.invokeClient("redpoint","reportRedTouch",a)},android:function(a,b){var c=mqq.callback(b);c&&(a.callback=c),mqq.invokeClient("redpoint","reportRedTouch",a)},supportInvoke:!0,support:{iOS:"4.7",android:"4.7"}}),mqq
2024-07-20 07:21:32 UTC	5399	IN	Data Raw: 28 30 2c 35 30 29 2b 22 2e 2e 2e 22 3a 61 2e 64 65 73 63 29 2c 61 2e 63 61 6c 6c 62 61 63 6b 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 29 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 6e 61 76 22 2c 22 6f 66 66 69 63 61 6c 41 63 63 6f 75 6e 74 53 68 61 72 65 52 69 63 68 4d 73 67 32 51 51 22 2c 61 29 7d 2c 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 70 75 69 6e 3d 61 2e 6f 61 55 69 6e 2c 61 2e 64 65 73 63 3d 61 2e 64 65 73 63 7c 7c 61 2e 73 75 6d 6d 61 72 79 2c 61 2e 64 65 73 63 26 26 28 61 2e 64 65 73 63 3d 61 2e 64 65 73 63 2e 6c 65 6e 67 74 68 3e 35 30 3f 61 2e 64 65 73 63 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 35 30 29 2b 22 2e 2e 2e 22 3a 61 2e 64 65 73 63 29 2c 6d 71 71 2e 63 6f 6d 70 61 72 65 28 22 35 2e 30 Data Ascii: (0,50)+"...":a.desc),a.callback=mqq.callback(b),mqq.invokeClient("nav","officalAccountShareRichMsg2QQ",a)},android:function(a,b){a.puin=a.oaUin,a.desc=a.desc\|\|a.summary,a.desc&&(a.desc=a.desc.length>50?a.desc.substring(0,50)+"...":a.desc),mqq.compare("5.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49752	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:31 UTC	577	OUT	GET /im.qq.com_new/f2ff7664/js/mobile.b9db3e97.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://im.qq.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:31 UTC	943	IN	HTTP/1.1 200 OK Etag: "c61bb0dc32449268750e84924646cb78" Content-Type: application/javascript Date: Thu, 11 Jul 2024 06:53:44 GMT Server: tencent-cos x-cos-hash-crc64ecma: 527738186644744957 x-cos-request-id: NjY4ZjgxNzhfOTJkMjBjMWVfZDVhZF8yYjVhMTI= x-cos-storage-class: MAZ_STANDARD x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4MzZkMTZiZDQxYTg4MzRiMzIwYzRkYTRjMWFkNDM3YjQ= x-cos-version-id: MTg0NDUwMjM0MDc5OTE4NjY2Njk x-sername: cdn-go.cn X-Cache-Lookup: Cache Hit Last-Modified: Thu, 11 Jul 2024 02:41:57 GMT Content-Length: 46455 Accept-Ranges: bytes X-NWS-LOG-UUID: 13703552222706029833 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Timing-Allow-Origin: * Access-Control-Allow-Origin: * Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:31 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 69 3d 7b 32 30 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 69 2c 6e 29 7b 6e 28 36 39 39 32 29 2c 6e 28 38 36 37 34 29 2c 6e 28 37 37 32 37 29 3b 76 61 72 20 74 2c 61 2c 73 2c 6f 3d 6e 28 35 30 31 30 29 2c 72 3d 28 6e 28 34 39 31 36 29 2c 6e 28 35 33 30 36 29 2c 6e 28 34 37 36 35 29 2c 6e 28 39 36 35 33 29 2c 6e 28 33 33 39 36 29 29 2c 6c 3d 6e 28 36 36 32 33 29 2c 63 3d 6e 28 34 38 37 30 29 2c 64 3d 6e 28 35 36 37 38 29 2c 75 3d 28 6e 28 32 32 32 32 29 2c 6e 28 37 31 33 39 29 29 2c 76 3d 6e 28 35 30 38 32 29 2c 70 3d 28 6e 28 31 35 33 39 29 2c 4a 53 4f 4e 2e 70 61 72 73 65 28 27 5b 7b 22 6e 61 6d 65 22 3a 22 5c 75 36 63 65 38 5c 75 35 31 38 63 22 2c 22 6c 69 6e 6b Data Ascii: !function(){"use strict";var e,i={2029:function(e,i,n){n(6992),n(8674),n(7727);var t,a,s,o=n(5010),r=(n(4916),n(5306),n(4765),n(9653),n(3396)),l=n(6623),c=n(4870),d=n(5678),u=(n(2222),n(7139)),v=n(5082),p=(n(1539),JSON.parse('[{"name":"\u6ce8\u518c","link
2024-07-20 07:21:31 UTC	16384	IN	Data Raw: 5c 75 39 37 66 33 5c 75 39 31 63 66 5c 75 35 33 64 38 5c 75 35 33 31 36 3d 22 2e 63 6f 6e 63 61 74 28 69 29 29 2c 6d 2e 76 61 6c 75 65 3d 21 69 7d 29 29 2c 73 2e 6f 6e 28 78 2e 55 64 2e 56 49 44 45 4f 5f 50 4c 41 59 49 4e 47 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 64 61 74 61 2c 70 2e 76 61 6c 75 65 3d 21 31 2c 67 2e 76 61 6c 75 65 3d 21 30 7d 29 29 2c 73 2e 6f 6e 28 78 2e 55 64 2e 56 49 44 45 4f 5f 50 41 55 53 45 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 64 61 74 61 2c 67 2e 76 61 6c 75 65 3d 21 31 2c 62 28 7b 70 67 69 64 3a 22 70 67 5f 62 61 73 5f 6f 66 66 69 63 69 61 6c 5f 77 65 62 73 69 74 65 5f 68 6f 6d 65 5f 70 61 67 65 22 2c 65 76 65 6e 74 4e 61 6d 65 3a 22 65 76 5f 62 61 73 5f 6f 66 66 69 63 69 61 6c 5f 77 65 62 73 69 74 65 5f 76 69 Data Ascii: \u97f3\u91cf\u53d8\u5316=".concat(i)),m.value=!i})),s.on(x.Ud.VIDEO_PLAYING,(function(e){e.data,p.value=!1,g.value=!0})),s.on(x.Ud.VIDEO_PAUSE,(function(e){e.data,g.value=!1,b({pgid:"pg_bas_official_website_home_page",eventName:"ev_bas_official_website_vi
2024-07-20 07:21:31 UTC	13687	IN	Data Raw: 5c 75 34 65 36 30 5c 75 33 30 30 31 5c 75 38 66 64 30 5c 75 35 32 61 38 5c 75 36 34 32 64 5c 75 35 62 35 30 5c 75 37 62 34 39 5c 75 35 31 37 33 5c 75 37 63 66 62 5c 75 66 66 30 63 5c 75 38 62 61 39 5c 75 37 39 33 65 5c 75 34 65 61 34 5c 75 36 36 66 34 5c 75 35 39 31 61 5c 75 35 31 34 33 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 6f 75 72 63 65 2d 69 6d 61 67 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 65 76 69 65 77 22 3e 3c 2f 64 69 76 3e 27 2c 33 29 5d 3b 63 6f 6e 73 74 20 53 65 3d 7b 7d 3b 76 61 72 20 42 65 3d 28 30 2c 62 65 2e 5a 29 28 53 65 2c 5b 5b 22 72 65 6e 64 65 72 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 72 65 74 75 72 6e 28 30 2c 72 2e 77 67 29 28 29 2c 28 30 2c 72 2e 69 Data Ascii: \u4e60\u3001\u8fd0\u52a8\u642d\u5b50\u7b49\u5173\u7cfb\uff0c\u8ba9\u793e\u4ea4\u66f4\u591a\u5143</span></div><div class="resource-image"></div><div class="preview"></div>',3)];const Se={};var Be=(0,be.Z)(Se,[["render",function(e,i){return(0,r.wg)(),(0,r.i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49760	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:32 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460090501&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:32 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:32 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:32 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49761	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:32 UTC	384	OUT	GET /im.qq.com_new/f2ff7664/js/mobile.b9db3e97.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:33 UTC	495	IN	HTTP/1.1 200 OK Last-Modified: Thu, 11 Jul 2024 02:41:57 GMT Etag: "c61bb0dc32449268750e84924646cb78" Content-Type: application/javascript Access-Control-Allow-Origin: * Content-Length: 46455 Accept-Ranges: bytes X-NWS-LOG-UUID: 16798672440011542959 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:32 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 69 3d 7b 32 30 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 69 2c 6e 29 7b 6e 28 36 39 39 32 29 2c 6e 28 38 36 37 34 29 2c 6e 28 37 37 32 37 29 3b 76 61 72 20 74 2c 61 2c 73 2c 6f 3d 6e 28 35 30 31 30 29 2c 72 3d 28 6e 28 34 39 31 36 29 2c 6e 28 35 33 30 36 29 2c 6e 28 34 37 36 35 29 2c 6e 28 39 36 35 33 29 2c 6e 28 33 33 39 36 29 29 2c 6c 3d 6e 28 36 36 32 33 29 2c 63 3d 6e 28 34 38 37 30 29 2c 64 3d 6e 28 35 36 37 38 29 2c 75 3d 28 6e 28 32 32 32 32 29 2c 6e 28 37 31 33 39 29 29 2c 76 3d 6e 28 35 30 38 32 29 2c 70 3d 28 6e 28 31 35 33 39 29 2c 4a 53 4f 4e 2e 70 61 72 73 65 28 27 5b 7b 22 6e 61 6d 65 22 3a 22 5c 75 36 63 65 38 5c 75 35 31 38 63 22 2c 22 6c 69 6e 6b Data Ascii: !function(){"use strict";var e,i={2029:function(e,i,n){n(6992),n(8674),n(7727);var t,a,s,o=n(5010),r=(n(4916),n(5306),n(4765),n(9653),n(3396)),l=n(6623),c=n(4870),d=n(5678),u=(n(2222),n(7139)),v=n(5082),p=(n(1539),JSON.parse('[{"name":"\u6ce8\u518c","link
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 5c 75 39 37 66 33 5c 75 39 31 63 66 5c 75 35 33 64 38 5c 75 35 33 31 36 3d 22 2e 63 6f 6e 63 61 74 28 69 29 29 2c 6d 2e 76 61 6c 75 65 3d 21 69 7d 29 29 2c 73 2e 6f 6e 28 78 2e 55 64 2e 56 49 44 45 4f 5f 50 4c 41 59 49 4e 47 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 64 61 74 61 2c 70 2e 76 61 6c 75 65 3d 21 31 2c 67 2e 76 61 6c 75 65 3d 21 30 7d 29 29 2c 73 2e 6f 6e 28 78 2e 55 64 2e 56 49 44 45 4f 5f 50 41 55 53 45 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 64 61 74 61 2c 67 2e 76 61 6c 75 65 3d 21 31 2c 62 28 7b 70 67 69 64 3a 22 70 67 5f 62 61 73 5f 6f 66 66 69 63 69 61 6c 5f 77 65 62 73 69 74 65 5f 68 6f 6d 65 5f 70 61 67 65 22 2c 65 76 65 6e 74 4e 61 6d 65 3a 22 65 76 5f 62 61 73 5f 6f 66 66 69 63 69 61 6c 5f 77 65 62 73 69 74 65 5f 76 69 Data Ascii: \u97f3\u91cf\u53d8\u5316=".concat(i)),m.value=!i})),s.on(x.Ud.VIDEO_PLAYING,(function(e){e.data,p.value=!1,g.value=!0})),s.on(x.Ud.VIDEO_PAUSE,(function(e){e.data,g.value=!1,b({pgid:"pg_bas_official_website_home_page",eventName:"ev_bas_official_website_vi
2024-07-20 07:21:33 UTC	13687	IN	Data Raw: 5c 75 34 65 36 30 5c 75 33 30 30 31 5c 75 38 66 64 30 5c 75 35 32 61 38 5c 75 36 34 32 64 5c 75 35 62 35 30 5c 75 37 62 34 39 5c 75 35 31 37 33 5c 75 37 63 66 62 5c 75 66 66 30 63 5c 75 38 62 61 39 5c 75 37 39 33 65 5c 75 34 65 61 34 5c 75 36 36 66 34 5c 75 35 39 31 61 5c 75 35 31 34 33 3c 2f 73 70 61 6e 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 6f 75 72 63 65 2d 69 6d 61 67 65 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 65 76 69 65 77 22 3e 3c 2f 64 69 76 3e 27 2c 33 29 5d 3b 63 6f 6e 73 74 20 53 65 3d 7b 7d 3b 76 61 72 20 42 65 3d 28 30 2c 62 65 2e 5a 29 28 53 65 2c 5b 5b 22 72 65 6e 64 65 72 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 69 29 7b 72 65 74 75 72 6e 28 30 2c 72 2e 77 67 29 28 29 2c 28 30 2c 72 2e 69 Data Ascii: \u4e60\u3001\u8fd0\u52a8\u642d\u5b50\u7b49\u5173\u7cfb\uff0c\u8ba9\u793e\u4ea4\u66f4\u591a\u5143</span></div><div class="resource-image"></div><div class="preview"></div>',3)];const Se={};var Be=(0,be.Z)(Se,[["render",function(e,i){return(0,r.wg)(),(0,r.i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49762	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:33 UTC	372	OUT	GET /library/latest/qqapi/qqapi.wk.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:33 UTC	449	IN	HTTP/1.1 200 OK Last-Modified: Mon, 26 Jun 2023 09:39:25 GMT Content-Type: application/javascript Access-Control-Allow-Origin: * Content-Length: 70935 Accept-Ranges: bytes X-NWS-LOG-UUID: 6151692013071786581 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:33 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=666 Is-Immutable-In-The-Future: false
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 62 28 74 68 69 73 5b 61 5d 3d 74 68 69 73 5b 61 5d 7c 7c 7b 7d 29 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 28 64 65 66 69 6e 65 2e 61 6d 64 7c 7c 64 65 66 69 6e 65 2e 63 6d 64 29 3f 64 65 66 69 6e 65 28 64 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 28 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 64 29 7d 28 22 6d 71 71 22 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 63 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3b 66 6f 72 28 64 20 69 6e 20 62 29 28 62 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 26 26 21 28 64 20 69 6e 20 61 29 7c 7c 63 Data Ascii: !function(a,b,c){var d=b(this[a]=this[a]\|\|{});"function"==typeof define&&(define.amd\|\|define.cmd)?define(d):"object"==typeof module&&(module.exports=d)}("mqq",function(a,b){"use strict";function c(a,b,c){var d;for(d in b)(b.hasOwnProperty(d)&&!(d in a)\|\|c
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 3a 22 34 2e 36 22 7d 7d 29 2c 6d 71 71 2e 62 75 69 6c 64 28 22 6d 71 71 2e 63 6f 75 70 6f 6e 2e 69 73 46 61 76 6f 75 72 42 75 73 69 6e 65 73 73 22 2c 7b 69 4f 53 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 61 29 7b 76 61 72 20 64 3d 61 3b 28 64 2e 63 61 6c 6c 62 61 63 6b 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 29 29 26 26 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 63 6f 75 70 6f 6e 22 2c 22 69 73 46 61 76 6f 75 72 42 75 73 69 6e 65 73 73 22 2c 64 29 7d 65 6c 73 65 20 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 63 6f 75 70 6f 6e 22 2c 22 69 73 46 61 76 6f 75 72 42 75 73 69 6e 65 73 73 22 2c 7b 62 69 64 3a 61 2c 73 6f 75 72 63 65 49 64 3a 62 2c 63 61 6c 6c 62 61 63 Data Ascii: :"4.6"}}),mqq.build("mqq.coupon.isFavourBusiness",{iOS:function(a,b,c){if("object"==typeof a){var d=a;(d.callback=mqq.callback(b))&&mqq.invokeClient("coupon","isFavourBusiness",d)}else mqq.invokeClient("coupon","isFavourBusiness",{bid:a,sourceId:b,callbac
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 6f 64 65 6c 28 29 2c 6d 6f 64 65 6c 56 65 72 73 69 6f 6e 3a 74 68 69 73 2e 6d 6f 64 65 6c 56 65 72 73 69 6f 6e 28 29 7d 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 61 29 72 65 74 75 72 6e 20 63 3b 6d 71 71 2e 5f 5f 66 69 72 65 43 61 6c 6c 62 61 63 6b 28 62 2c 5b 63 5d 29 7d 7d 2c 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 6d 71 71 2e 63 6f 6d 70 61 72 65 28 22 34 2e 36 22 29 3e 3d 30 29 7b 76 61 72 20 62 3d 61 3b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 61 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 61 29 7d 63 61 74 63 68 28 61 29 7b 7d 62 26 26 62 28 61 29 7d 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 71 62 69 7a 41 70 69 22 2c 22 67 65 74 44 65 76 69 63 65 49 6e 66 6f 22 2c 61 29 7d Data Ascii: odel(),modelVersion:this.modelVersion()};if("function"!=typeof a)return c;mqq.__fireCallback(b,[c])}},android:function(a){if(mqq.compare("4.6")>=0){var b=a;a=function(a){try{a=JSON.parse(a)}catch(a){}b&&b(a)},mqq.invokeClient("qbizApi","getDeviceInfo",a)}
2024-07-20 07:21:33 UTC	16384	IN	Data Raw: 61 72 20 63 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 29 3b 63 26 26 28 61 2e 63 61 6c 6c 62 61 63 6b 3d 63 29 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 72 65 64 70 6f 69 6e 74 22 2c 22 72 65 70 6f 72 74 52 65 64 54 6f 75 63 68 22 2c 61 29 7d 2c 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 29 3b 63 26 26 28 61 2e 63 61 6c 6c 62 61 63 6b 3d 63 29 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 72 65 64 70 6f 69 6e 74 22 2c 22 72 65 70 6f 72 74 52 65 64 54 6f 75 63 68 22 2c 61 29 7d 2c 73 75 70 70 6f 72 74 49 6e 76 6f 6b 65 3a 21 30 2c 73 75 70 70 6f 72 74 3a 7b 69 4f 53 3a 22 34 2e 37 22 2c 61 6e 64 72 6f 69 64 3a 22 34 2e 37 22 7d 7d 29 2c 6d 71 71 Data Ascii: ar c=mqq.callback(b);c&&(a.callback=c),mqq.invokeClient("redpoint","reportRedTouch",a)},android:function(a,b){var c=mqq.callback(b);c&&(a.callback=c),mqq.invokeClient("redpoint","reportRedTouch",a)},supportInvoke:!0,support:{iOS:"4.7",android:"4.7"}}),mqq
2024-07-20 07:21:33 UTC	5399	IN	Data Raw: 28 30 2c 35 30 29 2b 22 2e 2e 2e 22 3a 61 2e 64 65 73 63 29 2c 61 2e 63 61 6c 6c 62 61 63 6b 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 29 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 6e 61 76 22 2c 22 6f 66 66 69 63 61 6c 41 63 63 6f 75 6e 74 53 68 61 72 65 52 69 63 68 4d 73 67 32 51 51 22 2c 61 29 7d 2c 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 70 75 69 6e 3d 61 2e 6f 61 55 69 6e 2c 61 2e 64 65 73 63 3d 61 2e 64 65 73 63 7c 7c 61 2e 73 75 6d 6d 61 72 79 2c 61 2e 64 65 73 63 26 26 28 61 2e 64 65 73 63 3d 61 2e 64 65 73 63 2e 6c 65 6e 67 74 68 3e 35 30 3f 61 2e 64 65 73 63 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 35 30 29 2b 22 2e 2e 2e 22 3a 61 2e 64 65 73 63 29 2c 6d 71 71 2e 63 6f 6d 70 61 72 65 28 22 35 2e 30 Data Ascii: (0,50)+"...":a.desc),a.callback=mqq.callback(b),mqq.invokeClient("nav","officalAccountShareRichMsg2QQ",a)},android:function(a,b){a.puin=a.oaUin,a.desc=a.desc\|\|a.summary,a.desc&&(a.desc=a.desc.length>50?a.desc.substring(0,50)+"...":a.desc),mqq.compare("5.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49764	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:34 UTC	537	OUT	GET /aegis/aegis-sdk/latest/aegis.min.js HTTP/1.1 Host: cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:34 UTC	450	IN	HTTP/1.1 200 OK Last-Modified: Thu, 18 Jan 2024 04:18:18 GMT Content-Type: application/javascript Access-Control-Allow-Origin: * Content-Length: 68901 Accept-Ranges: bytes X-NWS-LOG-UUID: 214181763608379135 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:34 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=666 Is-Immutable-In-The-Future: false
2024-07-20 07:21:34 UTC	16384	IN	Data Raw: 2f 2a 2a 0a 20 2a 20 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 20 2a 20 40 74 65 6e 63 65 6e 74 2f 61 65 67 69 73 2d 77 65 62 2d 73 64 6b 40 31 2e 34 33 2e 36 20 28 63 29 20 32 30 32 34 20 54 65 6e 63 65 6e 74 43 6c 6f 75 64 20 52 65 61 6c 20 55 73 65 72 20 4d 6f 6e 69 74 6f 72 69 6e 67 2e 0a 20 2a 20 41 75 74 68 6f 72 20 70 75 6d 70 6b 69 6e 63 61 69 2e 0a 20 2a 20 4c 61 73 74 20 52 65 6c 65 61 73 65 20 54 69 6d 65 20 54 68 75 20 4a 61 6e 20 31 38 20 32 30 32 34 20 31 32 3a 31 36 3a 30 30 20 47 4d 54 2b 30 38 30 30 20 28 47 4d 54 2b 30 38 3a 30 30 29 2e 0a 20 2a 20 52 65 Data Ascii: /** * ========================================================================== * @tencent/aegis-web-sdk@1.43.6 (c) 2024 TencentCloud Real User Monitoring. * Author pumpkincai. * Last Release Time Thu Jan 18 2024 12:16:00 GMT+0800 (GMT+08:00). * Re
2024-07-20 07:21:34 UTC	16384	IN	Data Raw: 73 65 7b 66 6f 72 28 76 61 72 20 69 3d 74 68 69 73 3b 69 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 4f 62 6a 65 63 74 26 26 68 65 28 69 2c 74 68 69 73 29 2c 69 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 69 29 3b 29 3b 30 3d 3d 3d 53 2e 69 6e 73 74 61 6e 63 65 73 2e 6c 65 6e 67 74 68 26 26 28 72 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2c 68 65 28 72 29 2c 68 65 28 53 29 29 7d 7d 2c 53 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 43 6f 6e 66 69 67 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 74 68 69 73 2e 63 6f 6e 66 69 67 2c 65 29 3b 76 61 72 20 65 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2c 74 3d 65 2e 69 64 2c 6e 3d 65 Data Ascii: se{for(var i=this;i.constructor!==Object&&he(i,this),i=Object.getPrototypeOf(i););0===S.instances.length&&(r=Object.getPrototypeOf(this).constructor,he(r),he(S))}},S.prototype.setConfig=function(e){Object.assign(this.config,e);var e=this.config,t=e.id,n=e
2024-07-20 07:21:34 UTC	16384	IN	Data Raw: 28 29 7d 2c 61 2e 64 65 73 6b 74 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 61 2e 74 61 62 6c 65 74 28 29 26 26 21 61 2e 6d 6f 62 69 6c 65 28 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 71 65 28 29 7b 72 65 74 75 72 6e 7b 68 6f 73 74 3a 6e 65 77 20 55 52 4c 28 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 2e 68 6f 73 74 2c 70 61 74 68 6e 61 6d 65 3a 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 7d 7d 66 75 6e 63 74 69 6f 6e 20 6a 65 28 72 2c 65 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 65 26 26 65 2e 6c 65 6e 67 74 68 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 72 3f 65 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 77 69 6e 64 6f 77 2e 48 65 61 64 65 72 73 26 26 72 20 69 6e 73 74 61 Data Ascii: ()},a.desktop=function(){return!a.tablet()&&!a.mobile()};function qe(){return{host:new URL(location.href).host,pathname:location.pathname}}function je(r,e,o){return null!=e&&e.length&&"object"==typeof r?e.reduce(function(e,t){var n=window.Headers&&r insta
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 2e 63 61 6c 6c 28 73 2c 65 2c 6f 29 7d 2c 73 65 6e 64 45 72 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 6e 75 6c 6c 21 3d 28 74 3d 73 2e 70 75 62 6c 69 73 68 57 73 45 72 72 6f 72 4c 6f 67 29 26 26 74 2e 63 61 6c 6c 28 73 2c 65 2c 6f 29 7d 7d 2c 74 68 69 73 2e 68 61 63 6b 57 65 62 73 6f 63 6b 65 74 43 6f 6e 66 69 67 3d 6e 2c 6e 3d 74 68 69 73 2e 68 61 63 6b 57 65 62 73 6f 63 6b 65 74 43 6f 6e 66 69 67 2c 77 69 6e 64 6f 77 2e 50 72 6f 78 79 29 26 26 77 69 6e 64 6f 77 2e 57 65 62 53 6f 63 6b 65 74 26 26 28 72 3d 77 69 6e 64 6f 77 2e 57 65 62 53 6f 63 6b 65 74 2c 77 69 6e 64 6f 77 26 26 21 72 2e 69 73 48 61 63 6b 26 26 28 69 3d 6e 65 77 20 50 72 6f 78 79 28 57 65 62 53 6f 63 6b 65 74 2c 63 74 29 2c 72 2e 69 73 48 61 63 6b 3d 21 30 2c 77 69 6e Data Ascii: .call(s,e,o)},sendErr:function(e){var t;null!=(t=s.publishWsErrorLog)&&t.call(s,e,o)}},this.hackWebsocketConfig=n,n=this.hackWebsocketConfig,window.Proxy)&&window.WebSocket&&(r=window.WebSocket,window&&!r.isHack&&(i=new Proxy(WebSocket,ct),r.isHack=!0,win
2024-07-20 07:21:35 UTC	3365	IN	Data Raw: 61 6c 2f 67 69 2c 22 65 76 61 49 22 29 29 2c 6e 2e 73 65 6e 64 28 73 2e 64 61 74 61 29 29 29 29 3a 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 50 6c 65 61 73 65 20 68 61 6e 64 6c 65 20 74 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 72 65 61 73 6f 6e 61 62 6c 79 2c 20 6f 70 74 69 6f 6e 73 2e 75 72 6c 20 69 73 20 6e 65 63 65 73 73 61 72 79 22 29 3a 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 53 65 6e 64 69 6e 67 20 72 65 71 75 65 73 74 20 62 6c 6f 63 6b 65 64 22 29 7d 2c 48 2e 70 72 6f 74 6f 74 79 70 65 2e 70 75 62 6c 69 73 68 50 6c 75 67 69 6e 73 4c 6f 67 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 48 2e 69 6e 73 74 61 6c 6c 65 64 50 6c 75 67 69 6e 73 2e 66 69 6e 64 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 72 65 70 6f 72 74 41 73 Data Ascii: al/gi,"evaI")),n.send(s.data)))):console.warn("Please handle the parameters reasonably, options.url is necessary"):console.warn("Sending request blocked")},H.prototype.publishPluginsLogs=function(){var e=H.installedPlugins.find(function(e){return"reportAs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49763	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:34 UTC	389	OUT	GET /im.qq.com_new/f2ff7664/js/other-chunk.ddf042d1.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:34 UTC	495	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "0f0c9e1eddaee7bb222d26ef9f59951a" Content-Type: application/javascript Access-Control-Allow-Origin: * Content-Length: 164836 Accept-Ranges: bytes X-NWS-LOG-UUID: 5254986900407157530 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:34 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:34 UTC	16384	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6f 74 68 65 72 2d 63 68 75 6e 6b 2e 64 64 66 30 34 32 64 31 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 35 36 5d 2c 7b 37 32 36 38 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 34 30 32 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 65 2c 7b 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 7d 29 3b 76 61 72 20 72 3d 22 71 22 7d 2c 33 39 Data Ascii: /! For license information please see other-chunk.ddf042d1.js.LICENSE.txt /(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[256],{7268:function(){},402:function(t,e,n){"use strict";n.d(e,{p:function(){return r}});var r="q"},39
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 73 3a 28 30 2c 6f 2e 43 5f 29 28 22 22 2e 63 6f 6e 63 61 74 28 74 2e 6e 61 6d 65 2c 22 5f 5f 6d 61 73 6b 2d 63 6f 6e 74 65 6e 74 22 29 29 7d 2c 5b 28 30 2c 72 2e 57 49 29 28 74 2e 24 73 6c 6f 74 73 2c 22 6d 61 73 6b 43 6f 6e 74 65 6e 74 22 29 5d 2c 32 29 29 3a 28 30 2c 72 2e 6b 71 29 28 22 22 2c 21 30 29 5d 7d 29 29 2c 5f 3a 33 7d 29 2c 28 30 2c 72 2e 57 6d 29 28 69 2e 75 54 2c 7b 6e 61 6d 65 3a 74 2e 63 6f 6e 74 65 6e 74 54 72 61 6e 73 69 74 69 6f 6e 4e 61 6d 65 2c 6f 6e 45 6e 74 65 72 3a 74 2e 65 6e 74 65 72 2c 6f 6e 41 66 74 65 72 45 6e 74 65 72 3a 74 2e 61 66 74 65 72 45 6e 74 65 72 2c 6f 6e 41 66 74 65 72 4c 65 61 76 65 3a 74 2e 61 66 74 65 72 4c 65 61 76 65 7d 2c 7b 64 65 66 61 75 6c 74 3a 28 30 2c 72 2e 77 35 29 28 28 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: s:(0,o.C_)("".concat(t.name,"__mask-content"))},[(0,r.WI)(t.$slots,"maskContent")],2)):(0,r.kq)("",!0)]})),_:3}),(0,r.Wm)(i.uT,{name:t.contentTransitionName,onEnter:t.enter,onAfterEnter:t.afterEnter,onAfterLeave:t.afterLeave},{default:(0,r.w5)((function()
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 4c 7c 7c 28 4c 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 52 45 50 4f 52 54 5f 45 56 45 4e 54 3d 22 76 72 5f 72 65 70 6f 72 74 45 76 65 6e 74 22 2c 74 2e 43 48 45 43 4b 5f 57 45 42 56 49 45 57 3d 22 76 72 5f 67 65 74 57 65 62 76 69 65 77 56 69 73 69 62 69 6c 69 74 79 22 7d 28 55 7c 7c 28 55 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 45 58 50 4f 53 45 3d 22 65 78 70 6f 73 65 22 2c 74 2e 48 49 44 45 3d 22 68 69 64 65 22 2c 74 2e 56 49 53 49 42 49 4c 49 54 59 43 48 41 4e 47 45 44 3d 22 76 69 73 69 62 69 6c 69 74 79 43 68 61 6e 67 65 64 22 7d 28 71 7c 7c 28 71 3d 7b 7d 29 29 3b 76 61 72 20 48 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 29 7b 74 68 69 73 2e 65 76 65 6e 74 73 4d 61 70 3d 7b 7d 7d 72 65 Data Ascii: L\|\|(L={})),function(t){t.REPORT_EVENT="vr_reportEvent",t.CHECK_WEBVIEW="vr_getWebviewVisibility"}(U\|\|(U={})),function(t){t.EXPOSE="expose",t.HIDE="hide",t.VISIBILITYCHANGED="visibilityChanged"}(q\|\|(q={}));var H=function(){function t(){this.eventsMap={}}re
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 79 45 78 65 63 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 2e 64 62 2e 61 64 64 28 7b 65 76 65 6e 74 49 64 3a 74 2c 76 61 6c 75 65 3a 65 7d 29 7d 29 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 49 74 65 6d 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 72 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 5b 32 2c 74 68 69 73 2e 72 65 61 64 79 45 78 65 63 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 2e 64 62 2e 67 65 74 44 61 74 61 52 61 6e 67 65 42 79 49 6e 64 65 78 28 49 2c 74 2c 74 29 7d 29 29 5d 7d 29 29 7d 29 29 7d 2c Data Ascii: yExec((function(){return n.db.add({eventId:t,value:e})}))},t.prototype.getItem=function(t){return n(this,void 0,void 0,(function(){var e=this;return r(this,(function(n){return[2,this.readyExec((function(){return e.db.getDataRangeByIndex(I,t,t)}))]}))}))},
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 74 6f 53 74 72 69 6e 67 28 29 29 2c 69 2e 70 75 73 68 28 7b 65 76 65 6e 74 43 6f 64 65 3a 74 2c 65 76 65 6e 74 54 69 6d 65 3a 44 61 74 65 2e 6e 6f 77 28 29 2e 74 6f 53 74 72 69 6e 67 28 29 2c 6d 61 70 56 61 6c 75 65 3a 64 28 6e 2c 74 68 69 73 2e 63 6f 6e 66 69 67 2e 73 74 72 69 63 74 4d 6f 64 65 29 7d 29 2c 69 7d 2c 72 2e 70 72 6f 74 6f 74 79 70 65 2e 61 73 73 65 6d 62 6c 65 44 61 74 61 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 2e 62 65 61 63 6f 6e 53 65 73 73 69 6f 6e 2e 67 65 74 53 65 73 73 69 6f 6e 28 29 3b 72 65 74 75 72 6e 7b 61 70 70 56 65 72 73 69 6f 6e 3a 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 70 70 56 65 72 73 69 6f 6e 3f 70 28 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 70 70 56 65 72 73 69 6f 6e 29 3a 22 22 2c 73 64 6b 49 Data Ascii: toString()),i.push({eventCode:t,eventTime:Date.now().toString(),mapValue:d(n,this.config.strictMode)}),i},r.prototype.assembleData=function(t){var n=this.beaconSession.getSession();return{appVersion:this.config.appVersion?p(this.config.appVersion):"",sdkI
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 67 69 64 2c 65 69 64 3a 6e 75 6c 6c 3d 3d 3d 28 6e 3d 6e 75 6c 6c 3d 3d 72 3f 76 6f 69 64 20 30 3a 72 2e 62 75 73 69 6e 65 73 73 50 61 72 61 6d 73 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6e 3f 76 6f 69 64 20 30 3a 6e 2e 65 69 64 2c 73 74 65 70 3a 57 2c 65 76 65 6e 74 5f 74 79 70 65 3a 6e 75 6c 6c 3d 3d 72 3f 76 6f 69 64 20 30 3a 72 2e 65 76 65 6e 74 4e 61 6d 65 2c 72 65 70 6f 72 74 5f 74 79 70 65 3a 65 2e 63 75 72 43 68 61 6e 6e 65 6c 2e 74 79 70 65 2c 65 76 65 6e 74 5f 69 64 3a 6e 75 6c 6c 3d 3d 3d 28 6f 3d 6e 75 6c 6c 3d 3d 72 3f 76 6f 69 64 20 30 3a 72 2e 70 75 62 6c 69 63 50 61 72 61 6d 73 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6f 3f 76 6f 69 64 20 30 3a 6f 2e 64 74 5f 65 76 65 6e 74 69 64 5f 68 35 7d 29 7d 3b 74 68 69 73 2e 63 68 61 6e 6e 65 6c 52 65 61 64 Data Ascii: gid,eid:null===(n=null==r?void 0:r.businessParams)\|\|void 0===n?void 0:n.eid,step:W,event_type:null==r?void 0:r.eventName,report_type:e.curChannel.type,event_id:null===(o=null==r?void 0:r.publicParams)\|\|void 0===o?void 0:o.dt_eventid_h5})};this.channelRead
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 29 65 3d 74 68 69 73 2e 68 61 6e 64 6c 65 43 68 69 6c 64 4c 69 73 74 28 61 29 3b 65 6c 73 65 20 69 66 28 22 61 74 74 72 69 62 75 74 65 73 22 3d 3d 3d 61 2e 74 79 70 65 29 7b 69 66 28 21 73 29 72 65 74 75 72 6e 3b 65 3d 74 68 69 73 2e 68 61 6e 64 6c 65 41 74 74 72 69 62 75 74 65 73 28 61 29 7d 65 6c 73 65 7b 69 66 28 21 73 29 72 65 74 75 72 6e 3b 31 21 3d 3d 73 2e 6e 6f 64 65 54 79 70 65 26 26 28 73 3d 73 2e 70 61 72 65 6e 74 4e 6f 64 65 29 2c 65 3d 7b 72 65 66 6c 6f 77 41 72 72 3a 5b 7b 65 6c 3a 73 7d 5d 2c 75 70 64 61 74 65 41 72 72 3a 5b 5d 7d 7d 6e 2e 70 75 73 68 2e 61 70 70 6c 79 28 6e 2c 65 2e 75 70 64 61 74 65 41 72 72 29 2c 72 2e 70 75 73 68 2e 61 70 70 6c 79 28 72 2c 65 2e 72 65 66 6c 6f 77 41 72 72 29 7d 72 65 74 75 72 6e 7b 75 70 64 61 74 65 41 Data Ascii: )e=this.handleChildList(a);else if("attributes"===a.type){if(!s)return;e=this.handleAttributes(a)}else{if(!s)return;1!==s.nodeType&&(s=s.parentNode),e={reflowArr:[{el:s}],updateArr:[]}}n.push.apply(n,e.updateArr),r.push.apply(r,e.reflowArr)}return{updateA
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 74 7c 74 61 62 29 5b 3b 5c 2f 5d 2f 69 5d 2c 5b 5b 58 74 2c 69 65 5d 2c 74 65 2c 59 74 5d 2c 5b 2f 5b 5c 73 5c 2f 5c 28 5d 28 73 6d 61 72 74 2d 3f 74 76 29 5b 3b 5c 29 5d 2f 69 5d 2c 5b 5b 58 74 2c 6f 65 5d 5d 2c 5b 2f 28 61 6e 64 72 6f 69 64 5b 5c 77 5c 2e 5c 73 5c 2d 5d 7b 30 2c 39 7d 29 3b 2e 2b 62 75 69 6c 64 2f 69 5d 2c 5b 59 74 2c 5b 74 65 2c 22 47 65 6e 65 72 69 63 22 5d 5d 5d 2c 65 6e 67 69 6e 65 3a 5b 5b 2f 77 69 6e 64 6f 77 73 2e 2b 5c 73 65 64 67 65 5c 2f 28 5b 5c 77 5c 2e 5d 2b 29 2f 69 5d 2c 5b 65 65 2c 5b 24 74 2c 22 45 64 67 65 48 54 4d 4c 22 5d 5d 2c 5b 2f 77 65 62 6b 69 74 5c 2f 35 33 37 5c 2e 33 36 2e 2b 63 68 72 6f 6d 65 5c 2f 28 3f 21 32 37 29 28 5b 5c 77 5c 2e 5d 2b 29 2f 69 5d 2c 5b 65 65 2c 5b 24 74 2c 22 42 6c 69 6e 6b 22 5d 5d 2c Data Ascii: t\|tab)[;\/]/i],[[Xt,ie],te,Yt],[/[\s\/$](smart-?tv)[;$]/i],[[Xt,oe]],[/(android[\w\.\s\-]{0,9});.+build/i],[Yt,[te,"Generic"]]],engine:[[/windows.+\sedge\/([\w\.]+)/i],[ee,[$t,"EdgeHTML"]],[/webkit\/537\.36.+chrome\/(?!27)([\w\.]+)/i],[ee,[$t,"Blink"]],
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 65 29 2c 74 2e 69 6e 69 74 50 61 67 65 28 65 29 7d 29 29 2c 74 68 69 73 2e 6f 6e 28 22 70 61 67 65 50 61 72 61 6d 73 43 68 61 6e 67 65 22 2c 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 72 2c 69 3d 52 2e 70 61 72 73 65 28 6e 75 6c 6c 21 3d 3d 28 72 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 74 2d 70 61 72 61 6d 73 22 29 29 26 26 76 6f 69 64 20 30 21 3d 3d 72 3f 72 3a 22 22 29 2c 6f 3d 69 2e 72 65 66 5f 70 67 2c 73 3d 69 2e 72 65 66 5f 65 6c 65 3b 6f 26 26 28 69 2e 72 65 66 5f 70 67 3d 52 2e 70 61 72 73 65 28 6f 29 29 2c 73 26 26 28 69 2e 72 65 66 5f 65 6c 65 3d 52 2e 70 61 72 73 65 28 73 29 29 2c 74 2e 73 65 74 50 61 67 65 50 61 72 61 6d 73 28 61 28 7b 70 67 69 64 3a 6e 7d 2c 69 29 29 7d 29 29 2c 74 68 69 73 7d 2c 65 2e 70 72 6f 74 Data Ascii: e),t.initPage(e)})),this.on("pageParamsChange",(function(e,n){var r,i=R.parse(null!==(r=e.getAttribute("dt-params"))&&void 0!==r?r:""),o=i.ref_pg,s=i.ref_ele;o&&(i.ref_pg=R.parse(o)),s&&(i.ref_ele=R.parse(s)),t.setPageParams(a({pgid:n},i))})),this},e.prot
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 52 4e 30 30 30 3a 30 2c 50 41 54 54 45 52 4e 30 30 31 3a 31 2c 50 41 54 54 45 52 4e 30 31 30 3a 32 2c 50 41 54 54 45 52 4e 30 31 31 3a 33 2c 50 41 54 54 45 52 4e 31 30 30 3a 34 2c 50 41 54 54 45 52 4e 31 30 31 3a 35 2c 50 41 54 54 45 52 4e 31 31 30 3a 36 2c 50 41 54 54 45 52 4e 31 31 31 3a 37 7d 3b 76 61 72 20 72 3d 33 2c 69 3d 33 2c 6f 3d 34 30 2c 61 3d 31 30 3b 66 75 6e 63 74 69 6f 6e 20 73 28 74 2c 6e 2c 72 29 7b 73 77 69 74 63 68 28 74 29 7b 63 61 73 65 20 65 2e 50 61 74 74 65 72 6e 73 2e 50 41 54 54 45 52 4e 30 30 30 3a 72 65 74 75 72 6e 28 6e 2b 72 29 25 32 3d 3d 30 3b 63 61 73 65 20 65 2e 50 61 74 74 65 72 6e 73 2e 50 41 54 54 45 52 4e 30 30 31 3a 72 65 74 75 72 6e 20 6e 25 32 3d 3d 30 3b 63 61 73 65 20 65 2e 50 61 74 74 65 72 6e 73 2e 50 41 54 54 Data Ascii: RN000:0,PATTERN001:1,PATTERN010:2,PATTERN011:3,PATTERN100:4,PATTERN101:5,PATTERN110:6,PATTERN111:7};var r=3,i=3,o=40,a=10;function s(t,n,r){switch(t){case e.Patterns.PATTERN000:return(n+r)%2==0;case e.Patterns.PATTERN001:return n%2==0;case e.Patterns.PATT

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	49766	43.152.137.29	443

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:34 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/js/vue-chunk.bc9c2585.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:35 UTC	495	IN	HTTP/1.1 200 OK Last-Modified: Mon, 15 Jul 2024 09:27:38 GMT Etag: "4f1a32738e3ba3090ba80ef6787116f4" Content-Type: application/javascript Access-Control-Allow-Origin: * Content-Length: 139706 Accept-Ranges: bytes X-NWS-LOG-UUID: 8350576608860206990 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:35 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 37 37 5d 2c 7b 39 36 36 32 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 36 31 34 29 2c 6f 3d 65 28 36 33 33 30 29 2c 69 3d 54 79 70 65 45 72 72 6f 72 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 6e 28 74 29 29 72 65 74 75 72 6e 20 74 3b 74 68 72 6f 77 20 69 28 6f 28 74 29 2b 22 20 69 73 20 6e 6f 74 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 7d 7d 2c 39 34 38 33 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 34 34 31 31 29 2c 6f 3d 65 28 36 33 33 Data Ascii: (self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[277],{9662:function(t,r,e){var n=e(614),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a function")}},9483:function(t,r,e){var n=e(4411),o=e(633
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 3d 2d 31 21 3d 3d 74 2e 69 6e 64 65 78 4f 66 28 22 57 65 61 6b 22 29 2c 78 3d 6d 3f 22 73 65 74 22 3a 22 61 64 64 22 2c 77 3d 6f 5b 74 5d 2c 45 3d 77 26 26 77 2e 70 72 6f 74 6f 74 79 70 65 2c 41 3d 77 2c 53 3d 7b 7d 2c 4f 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 3d 69 28 45 5b 74 5d 29 3b 61 28 45 2c 74 2c 22 61 64 64 22 3d 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 72 28 74 68 69 73 2c 30 3d 3d 3d 74 3f 30 3a 74 29 2c 74 68 69 73 7d 3a 22 64 65 6c 65 74 65 22 3d 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 21 28 62 26 26 21 68 28 74 29 29 26 26 72 28 74 68 69 73 2c 30 3d 3d 3d 74 3f 30 3a 74 29 7d 3a 22 67 65 74 22 3d 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 62 26 26 21 68 28 Data Ascii: =-1!==t.indexOf("Weak"),x=m?"set":"add",w=o[t],E=w&&w.prototype,A=w,S={},O=function(t){var r=i(E[t]);a(E,t,"add"==t?function(t){return r(this,0===t?0:t),this}:"delete"==t?function(t){return!(b&&!h(t))&&r(this,0===t?0:t)}:"get"==t?function(t){return b&&!h(
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 74 75 72 6e 20 65 3d 3d 66 7c 7c 65 21 3d 73 26 26 28 6f 28 72 29 3f 6e 28 72 29 3a 21 21 72 29 7d 2c 61 3d 75 2e 6e 6f 72 6d 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 53 74 72 69 6e 67 28 74 29 2e 72 65 70 6c 61 63 65 28 69 2c 22 2e 22 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 63 3d 75 2e 64 61 74 61 3d 7b 7d 2c 73 3d 75 2e 4e 41 54 49 56 45 3d 22 4e 22 2c 66 3d 75 2e 50 4f 4c 59 46 49 4c 4c 3d 22 50 22 3b 74 2e 65 78 70 6f 72 74 73 3d 75 7d 2c 35 39 38 38 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 31 31 31 29 2c 6f 3d 4d 61 74 68 2e 66 6c 6f 6f 72 3b 74 2e 65 78 70 6f 72 74 73 3d 4e 75 6d 62 65 72 2e 69 73 49 6e 74 65 67 65 72 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 Data Ascii: turn e==f\|\|e!=s&&(o(r)?n(r):!!r)},a=u.normalize=function(t){return String(t).replace(i,".").toLowerCase()},c=u.data={},s=u.NATIVE="N",f=u.POLYFILL="P";t.exports=u},5988:function(t,r,e){var n=e(111),o=Math.floor;t.exports=Number.isInteger\|\|function(t){retu
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 29 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 74 26 26 21 65 26 26 28 74 3d 74 2e 70 72 6f 74 6f 74 79 70 65 29 2c 74 26 26 21 6f 28 74 2c 69 29 26 26 6e 28 74 2c 69 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 72 7d 29 7d 7d 2c 36 32 30 30 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 32 33 30 39 29 2c 6f 3d 65 28 39 37 31 31 29 2c 69 3d 6e 28 22 6b 65 79 73 22 29 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 69 5b 74 5d 7c 7c 28 69 5b 74 5d 3d 6f 28 74 29 29 7d 7d 2c 35 34 36 35 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 37 38 35 34 29 2c 6f 3d 65 28 33 30 37 32 29 2c 69 3d 22 5f 5f 63 Data Ascii: );t.exports=function(t,r,e){t&&!e&&(t=t.prototype),t&&!o(t,i)&&n(t,i,{configurable:!0,value:r})}},6200:function(t,r,e){var n=e(2309),o=e(9711),i=n("keys");t.exports=function(t){return i[t]\|\|(i[t]=o(t))}},5465:function(t,r,e){var n=e(7854),o=e(3072),i="__c
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 72 67 65 74 3a 22 41 72 72 61 79 22 2c 70 72 6f 74 6f 3a 21 30 7d 2c 7b 66 6c 61 74 4d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 2c 65 3d 75 28 74 68 69 73 29 2c 6e 3d 61 28 65 29 3b 72 65 74 75 72 6e 20 69 28 74 29 2c 28 72 3d 63 28 65 2c 30 29 29 2e 6c 65 6e 67 74 68 3d 6f 28 72 2c 65 2c 65 2c 6e 2c 30 2c 31 2c 74 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 76 6f 69 64 20 30 29 2c 72 7d 7d 29 7d 2c 31 30 33 38 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 32 31 30 39 29 2c 6f 3d 65 28 38 34 35 37 29 3b 6e 28 7b 74 61 72 67 65 74 3a 22 41 72 72 61 79 22 2c 73 74 61 74 3a 21 30 2c 66 6f 72 63 65 64 3a 21 65 28 37 30 37 32 29 28 28 66 75 6e 63 74 69 6f 6e Data Ascii: rget:"Array",proto:!0},{flatMap:function(t){var r,e=u(this),n=a(e);return i(t),(r=c(e,0)).length=o(r,e,e,n,0,1,t,arguments.length>1?arguments[1]:void 0),r}})},1038:function(t,r,e){var n=e(2109),o=e(8457);n({target:"Array",stat:!0,forced:!e(7072)((function
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 65 22 2c 73 74 61 74 3a 21 30 2c 66 6f 72 63 65 64 3a 65 28 36 31 32 29 7d 2c 7b 72 61 63 65 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 65 3d 75 2e 66 28 72 29 2c 6e 3d 65 2e 72 65 6a 65 63 74 2c 73 3d 61 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 75 3d 69 28 72 2e 72 65 73 6f 6c 76 65 29 3b 63 28 74 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6f 28 75 2c 72 2c 74 29 2e 74 68 65 6e 28 65 2e 72 65 73 6f 6c 76 65 2c 6e 29 7d 29 29 7d 29 29 3b 72 65 74 75 72 6e 20 73 2e 65 72 72 6f 72 26 26 6e 28 73 2e 76 61 6c 75 65 29 2c 65 2e 70 72 6f 6d 69 73 65 7d 7d 29 7d 2c 36 38 33 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 65 28 32 31 30 39 29 2c 6f 3d 65 28 36 39 31 Data Ascii: e",stat:!0,forced:e(612)},{race:function(t){var r=this,e=u.f(r),n=e.reject,s=a((function(){var u=i(r.resolve);c(t,(function(t){o(u,r,t).then(e.resolve,n)}))}));return s.error&&n(s.value),e.promise}})},683:function(t,r,e){"use strict";var n=e(2109),o=e(691
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 72 6e 22 22 3b 76 61 72 20 72 3d 62 28 74 29 2c 65 3d 79 3f 45 28 72 2c 37 2c 2d 31 29 3a 77 28 72 2c 78 2c 22 24 31 22 29 3b 72 65 74 75 72 6e 22 22 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 7d 7d 29 2c 6e 28 7b 67 6c 6f 62 61 6c 3a 21 30 2c 63 6f 6e 73 74 72 75 63 74 6f 72 3a 21 30 2c 66 6f 72 63 65 64 3a 21 30 7d 2c 7b 53 79 6d 62 6f 6c 3a 67 7d 29 7d 7d 2c 37 36 33 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 32 31 30 39 29 2c 6f 3d 65 28 35 30 30 35 29 2c 69 3d 65 28 32 35 39 37 29 2c 75 3d 65 28 31 33 34 30 29 2c 61 3d 65 28 32 33 30 39 29 2c 63 3d 65 28 32 30 31 35 29 2c 73 3d 61 28 22 73 74 72 69 6e 67 2d 74 6f 2d 73 79 6d 62 6f 6c 2d 72 65 67 69 73 74 72 79 22 29 2c 66 3d 61 28 22 73 79 6d 62 6f 6c 2d 74 6f 2d 73 74 72 Data Ascii: rn"";var r=b(t),e=y?E(r,7,-1):w(r,x,"$1");return""===e?void 0:e}}),n({global:!0,constructor:!0,forced:!0},{Symbol:g})}},763:function(t,r,e){var n=e(2109),o=e(5005),i=e(2597),u=e(1340),a=e(2309),c=e(2015),s=a("string-to-symbol-registry"),f=a("symbol-to-str
2024-07-20 07:21:35 UTC	16384	IN	Data Raw: 2c 24 3d 22 49 6e 76 61 6c 69 64 20 70 6f 72 74 22 2c 59 3d 2f 5b 61 2d 7a 5d 2f 69 2c 4b 3d 2f 5b 5c 64 2b 2d 2e 61 2d 7a 5d 2f 69 2c 4a 3d 2f 5c 64 2f 2c 58 3d 2f 5e 30 78 2f 69 2c 51 3d 2f 5e 5b 30 2d 37 5d 2b 24 2f 2c 5a 3d 2f 5e 5c 64 2b 24 2f 2c 74 74 3d 2f 5e 5b 5c 64 61 2d 66 5d 2b 24 2f 69 2c 72 74 3d 2f 5b 5c 30 5c 74 5c 6e 5c 72 20 23 25 2f 3a 3c 3e 3f 40 5b 5c 5c 5c 5d 5e 7c 5d 2f 2c 65 74 3d 2f 5b 5c 30 5c 74 5c 6e 5c 72 20 23 2f 3a 3c 3e 3f 40 5b 5c 5c 5c 5d 5e 7c 5d 2f 2c 6e 74 3d 2f 5e 5b 5c 75 30 30 30 30 2d 5c 75 30 30 32 30 5d 2b 7c 5b 5c 75 30 30 30 30 2d 5c 75 30 30 32 30 5d 2b 24 2f 67 2c 6f 74 3d 2f 5b 5c 74 5c 6e 5c 72 5d 2f 67 2c 69 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 2c 65 2c 6e 2c 6f 3b 69 66 28 22 6e 75 6d Data Ascii: ,$="Invalid port",Y=/[a-z]/i,K=/[\d+-.a-z]/i,J=/\d/,X=/^0x/i,Q=/^[0-7]+$/,Z=/^\d+$/,tt=/^[\da-f]+$/i,rt=/[\0\t\n\r #%/:<>?@[\\\]^\|]/,et=/[\0\t\n\r #/:<>?@[\\\]^\|]/,nt=/^[\u0000-\u0020]+\|[\u0000-\u0020]+$/g,ot=/[\t\n\r]/g,it=function(t){var r,e,n,o;if("num
2024-07-20 07:21:35 UTC	8634	IN	Data Raw: 72 65 74 75 72 6e 20 74 5b 65 5d 7d 29 29 7d 29 29 2c 72 7d 28 72 29 3b 6f 2e 67 65 74 74 65 72 73 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 69 29 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 7b 6b 65 79 3a 74 2e 65 6e 64 73 57 69 74 68 28 22 2f 22 29 3f 4f 28 74 29 3a 74 2c 65 64 69 74 61 62 6c 65 3a 21 31 2c 76 61 6c 75 65 3a 49 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 69 5b 74 5d 7d 29 29 7d 7d 29 29 7d 72 65 74 75 72 6e 20 6f 7d 28 28 6f 3d 72 2e 5f 6d 6f 64 75 6c 65 73 2c 28 75 3d 28 69 3d 6e 29 2e 73 70 6c 69 74 28 22 2f 22 29 2e 66 69 6c 74 65 72 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 7d 29 29 29 2e 72 65 64 75 63 65 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 Data Ascii: return t[e]}))})),r}(r);o.getters=Object.keys(i).map((function(t){return{key:t.endsWith("/")?O(t):t,editable:!1,value:I((function(){return i[t]}))}}))}return o}((o=r._modules,(u=(i=n).split("/").filter((function(t){return t}))).reduce((function(t,r,e){var

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49765	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:34 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460093247&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:35 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:35 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:35 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49767	43.152.29.20	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:35 UTC	368	OUT	GET /aegis/aegis-sdk/latest/aegis.min.js HTTP/1.1 Host: cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:36 UTC	451	IN	HTTP/1.1 200 OK Last-Modified: Thu, 18 Jan 2024 04:18:18 GMT Content-Type: application/javascript Access-Control-Allow-Origin: * Content-Length: 68901 Accept-Ranges: bytes X-NWS-LOG-UUID: 11377664374454077016 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:35 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.29.20 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=666 Is-Immutable-In-The-Future: false
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 2f 2a 2a 0a 20 2a 20 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 20 2a 20 40 74 65 6e 63 65 6e 74 2f 61 65 67 69 73 2d 77 65 62 2d 73 64 6b 40 31 2e 34 33 2e 36 20 28 63 29 20 32 30 32 34 20 54 65 6e 63 65 6e 74 43 6c 6f 75 64 20 52 65 61 6c 20 55 73 65 72 20 4d 6f 6e 69 74 6f 72 69 6e 67 2e 0a 20 2a 20 41 75 74 68 6f 72 20 70 75 6d 70 6b 69 6e 63 61 69 2e 0a 20 2a 20 4c 61 73 74 20 52 65 6c 65 61 73 65 20 54 69 6d 65 20 54 68 75 20 4a 61 6e 20 31 38 20 32 30 32 34 20 31 32 3a 31 36 3a 30 30 20 47 4d 54 2b 30 38 30 30 20 28 47 4d 54 2b 30 38 3a 30 30 29 2e 0a 20 2a 20 52 65 Data Ascii: /** * ========================================================================== * @tencent/aegis-web-sdk@1.43.6 (c) 2024 TencentCloud Real User Monitoring. * Author pumpkincai. * Last Release Time Thu Jan 18 2024 12:16:00 GMT+0800 (GMT+08:00). * Re
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 73 65 7b 66 6f 72 28 76 61 72 20 69 3d 74 68 69 73 3b 69 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 4f 62 6a 65 63 74 26 26 68 65 28 69 2c 74 68 69 73 29 2c 69 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 69 29 3b 29 3b 30 3d 3d 3d 53 2e 69 6e 73 74 61 6e 63 65 73 2e 6c 65 6e 67 74 68 26 26 28 72 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 74 68 69 73 29 2e 63 6f 6e 73 74 72 75 63 74 6f 72 2c 68 65 28 72 29 2c 68 65 28 53 29 29 7d 7d 2c 53 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 43 6f 6e 66 69 67 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 74 68 69 73 2e 63 6f 6e 66 69 67 2c 65 29 3b 76 61 72 20 65 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2c 74 3d 65 2e 69 64 2c 6e 3d 65 Data Ascii: se{for(var i=this;i.constructor!==Object&&he(i,this),i=Object.getPrototypeOf(i););0===S.instances.length&&(r=Object.getPrototypeOf(this).constructor,he(r),he(S))}},S.prototype.setConfig=function(e){Object.assign(this.config,e);var e=this.config,t=e.id,n=e
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 28 29 7d 2c 61 2e 64 65 73 6b 74 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 61 2e 74 61 62 6c 65 74 28 29 26 26 21 61 2e 6d 6f 62 69 6c 65 28 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 71 65 28 29 7b 72 65 74 75 72 6e 7b 68 6f 73 74 3a 6e 65 77 20 55 52 4c 28 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 2e 68 6f 73 74 2c 70 61 74 68 6e 61 6d 65 3a 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 7d 7d 66 75 6e 63 74 69 6f 6e 20 6a 65 28 72 2c 65 2c 6f 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 65 26 26 65 2e 6c 65 6e 67 74 68 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 72 3f 65 2e 72 65 64 75 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 77 69 6e 64 6f 77 2e 48 65 61 64 65 72 73 26 26 72 20 69 6e 73 74 61 Data Ascii: ()},a.desktop=function(){return!a.tablet()&&!a.mobile()};function qe(){return{host:new URL(location.href).host,pathname:location.pathname}}function je(r,e,o){return null!=e&&e.length&&"object"==typeof r?e.reduce(function(e,t){var n=window.Headers&&r insta
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 2e 63 61 6c 6c 28 73 2c 65 2c 6f 29 7d 2c 73 65 6e 64 45 72 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 6e 75 6c 6c 21 3d 28 74 3d 73 2e 70 75 62 6c 69 73 68 57 73 45 72 72 6f 72 4c 6f 67 29 26 26 74 2e 63 61 6c 6c 28 73 2c 65 2c 6f 29 7d 7d 2c 74 68 69 73 2e 68 61 63 6b 57 65 62 73 6f 63 6b 65 74 43 6f 6e 66 69 67 3d 6e 2c 6e 3d 74 68 69 73 2e 68 61 63 6b 57 65 62 73 6f 63 6b 65 74 43 6f 6e 66 69 67 2c 77 69 6e 64 6f 77 2e 50 72 6f 78 79 29 26 26 77 69 6e 64 6f 77 2e 57 65 62 53 6f 63 6b 65 74 26 26 28 72 3d 77 69 6e 64 6f 77 2e 57 65 62 53 6f 63 6b 65 74 2c 77 69 6e 64 6f 77 26 26 21 72 2e 69 73 48 61 63 6b 26 26 28 69 3d 6e 65 77 20 50 72 6f 78 79 28 57 65 62 53 6f 63 6b 65 74 2c 63 74 29 2c 72 2e 69 73 48 61 63 6b 3d 21 30 2c 77 69 6e Data Ascii: .call(s,e,o)},sendErr:function(e){var t;null!=(t=s.publishWsErrorLog)&&t.call(s,e,o)}},this.hackWebsocketConfig=n,n=this.hackWebsocketConfig,window.Proxy)&&window.WebSocket&&(r=window.WebSocket,window&&!r.isHack&&(i=new Proxy(WebSocket,ct),r.isHack=!0,win
2024-07-20 07:21:36 UTC	3365	IN	Data Raw: 61 6c 2f 67 69 2c 22 65 76 61 49 22 29 29 2c 6e 2e 73 65 6e 64 28 73 2e 64 61 74 61 29 29 29 29 3a 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 50 6c 65 61 73 65 20 68 61 6e 64 6c 65 20 74 68 65 20 70 61 72 61 6d 65 74 65 72 73 20 72 65 61 73 6f 6e 61 62 6c 79 2c 20 6f 70 74 69 6f 6e 73 2e 75 72 6c 20 69 73 20 6e 65 63 65 73 73 61 72 79 22 29 3a 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 53 65 6e 64 69 6e 67 20 72 65 71 75 65 73 74 20 62 6c 6f 63 6b 65 64 22 29 7d 2c 48 2e 70 72 6f 74 6f 74 79 70 65 2e 70 75 62 6c 69 73 68 50 6c 75 67 69 6e 73 4c 6f 67 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 48 2e 69 6e 73 74 61 6c 6c 65 64 50 6c 75 67 69 6e 73 2e 66 69 6e 64 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 72 65 70 6f 72 74 41 73 Data Ascii: al/gi,"evaI")),n.send(s.data)))):console.warn("Please handle the parameters reasonably, options.url is necessary"):console.warn("Sending request blocked")},H.prototype.publishPluginsLogs=function(){var e=H.installedPlugins.find(function(e){return"reportAs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49769	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	391	OUT	GET /im.qq.com_new/f2ff7664/js/chunk-vendors.952b5fa2.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:36 UTC	497	IN	HTTP/1.1 200 OK Last-Modified: Mon, 15 Jul 2024 09:27:38 GMT Etag: "e0e514c85c4187923718073deea44c15" Content-Type: application/javascript Access-Control-Allow-Origin: * Content-Length: 1023552 Accept-Ranges: bytes X-NWS-LOG-UUID: 15998148701778582666 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:36 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 63 68 75 6e 6b 2d 76 65 6e 64 6f 72 73 2e 39 35 32 62 35 66 61 32 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 39 39 38 5d 2c 7b 37 34 33 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 43 51 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 79 7d 2c 49 56 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 43 7d 2c 4c 4a 3a 66 75 Data Ascii: /! For license information please see chunk-vendors.952b5fa2.js.LICENSE.txt /(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new\|\|[]).push([[998],{7434:function(e,t,n){"use strict";n.d(t,{CQ:function(){return y},IV:function(){return C},LJ:fu
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 74 63 68 28 2f 28 69 50 61 64 29 2e 2a 4f 53 5c 73 28 5b 5c 64 5f 5d 2b 29 2f 29 7c 7c 65 2e 6d 61 74 63 68 28 2f 28 69 50 68 6f 6e 65 5c 73 4f 53 29 5c 73 28 5b 5c 64 5f 5d 2b 29 2f 29 3f 6f 2e 69 4f 53 3a 65 2e 6d 61 74 63 68 28 2f 41 6e 64 72 6f 69 64 2f 29 3f 6f 2e 41 6e 64 72 6f 69 64 3a 6f 2e 50 43 7d 66 75 6e 63 74 69 6f 6e 20 76 28 65 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 66 28 29 29 2c 67 28 65 29 3d 3d 3d 6f 2e 69 4f 53 7d 66 75 6e 63 74 69 6f 6e 20 41 28 65 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 66 28 29 29 2c 21 21 65 2e 6d 61 74 63 68 28 2f 54 49 4d 2f 29 7d 66 75 6e 63 74 69 6f 6e 20 5f 28 65 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 66 28 29 29 3b 76 61 72 20 74 3d Data Ascii: tch(/(iPad).*OS\s([\d_]+)/)\|\|e.match(/(iPhone\sOS)\s([\d_]+)/)?o.iOS:e.match(/Android/)?o.Android:o.PC}function v(e){return void 0===e&&(e=f()),g(e)===o.iOS}function A(e){return void 0===e&&(e=f()),!!e.match(/TIM/)}function _(e){void 0===e&&(e=f());var t=
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 75 6c 6c 21 3d 3d 28 74 3d 65 2e 63 6f 6e 74 65 6e 74 29 26 26 76 6f 69 64 20 30 21 3d 3d 74 3f 74 3a 22 22 29 2b 22 3c 2f 64 69 76 3e 22 3b 76 61 72 20 72 3d 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 2e 67 62 2d 74 69 70 73 2d 6c 61 79 65 72 22 29 3b 69 66 28 22 6e 6f 49 63 6f 6e 22 3d 3d 3d 53 74 72 69 6e 67 28 65 2e 69 63 6f 6e 29 29 72 26 26 72 2e 63 6c 61 73 73 4c 69 73 74 26 26 72 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 6e 6f 2d 69 63 6f 6e 22 29 3b 65 6c 73 65 7b 76 61 72 20 6f 3d 6e 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 69 22 29 3b 6f 26 26 6f 2e 63 6c 61 73 73 4c 69 73 74 26 26 6f 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 69 63 6f 6e 2d 22 2b 65 2e 69 63 6f 6e 29 7d 72 65 74 75 72 6e 20 65 2e 76 65 72 74 69 63 61 Data Ascii: ull!==(t=e.content)&&void 0!==t?t:"")+"</div>";var r=n.querySelector(".gb-tips-layer");if("noIcon"===String(e.icon))r&&r.classList&&r.classList.add("no-icon");else{var o=n.querySelector("i");o&&o.classList&&o.classList.add("icon-"+e.icon)}return e.vertica
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 2e 73 68 75 74 64 6f 77 6e 3f 65 2b 31 3a 65 7d 29 2c 30 29 2c 69 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 61 28 6e 29 7b 74 3d 74 7c 7c 6e 2c 72 28 22 41 70 70 65 6e 64 65 72 20 73 68 75 74 64 6f 77 6e 73 20 63 6f 6d 70 6c 65 74 65 3a 20 22 2e 63 6f 6e 63 61 74 28 69 2b 3d 31 2c 22 20 2f 20 22 29 2e 63 6f 6e 63 61 74 28 6f 29 29 2c 69 3e 3d 6f 26 26 28 72 28 22 41 6c 6c 20 73 68 75 74 64 6f 77 6e 20 66 75 6e 63 74 69 6f 6e 73 20 63 6f 6d 70 6c 65 74 65 64 2e 22 29 2c 65 26 26 65 28 74 29 29 7d 72 65 74 75 72 6e 20 72 28 22 46 6f 75 6e 64 20 22 2e 63 6f 6e 63 61 74 28 6f 2c 22 20 61 70 70 65 6e 64 65 72 73 20 77 69 74 68 20 73 68 75 74 64 6f 77 6e 20 66 75 6e 63 74 69 6f 6e 73 2e 22 29 29 2c 30 3d Data Ascii: unction(e,t){return t.shutdown?e+1:e}),0),i=0;function a(n){t=t\|\|n,r("Appender shutdowns complete: ".concat(i+=1," / ").concat(o)),i>=o&&(r("All shutdown functions completed."),e&&e(t))}return r("Found ".concat(o," appenders with shutdown functions.")),0=
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 6e 21 31 7d 2c 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 2d 31 2c 6e 3d 30 3b 6e 3c 74 68 69 73 2e 64 61 74 61 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 69 66 28 74 68 69 73 2e 64 61 74 61 5b 6e 5d 3d 3d 3d 65 29 7b 74 3d 6e 3b 62 72 65 61 6b 7d 2d 31 21 3d 3d 74 26 26 74 68 69 73 2e 64 61 74 61 2e 73 70 6c 69 63 65 28 74 2c 31 29 2c 74 68 69 73 2e 73 69 7a 65 3d 74 68 69 73 2e 64 61 74 61 2e 6c 65 6e 67 74 68 7d 2c 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 64 61 74 61 3d 5b 5d 2c 74 68 69 73 2e 73 69 7a 65 3d 30 7d 2c 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 Data Ascii: n!1},n.prototype.delete=function(e){for(var t=-1,n=0;n<this.data.length;n++)if(this.data[n]===e){t=n;break}-1!==t&&this.data.splice(t,1),this.size=this.data.length},n.prototype.clear=function(){this.data=[],this.size=0},n.prototype.keys=function(){return
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 65 72 73 5b 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7d 7d 29 2c 72 2e 70 75 73 68 28 7b 74 6f 6b 65 6e 3a 2f 3a 72 65 73 5c 5b 28 5b 5e 5c 5d 5d 2b 29 5d 2f 67 2c 72 65 70 6c 61 63 65 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 20 74 2e 67 65 74 48 65 61 64 65 72 28 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7c 7c 74 2e 5f 5f 68 65 61 64 65 72 73 26 26 74 2e 5f 5f 68 65 61 64 65 72 73 5b 6e 5d 7d 7d 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 65 2e 63 6f 6e 63 61 74 28 29 2c 6e 3d 30 3b 6e 3c 74 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 66 6f 72 28 76 61 72 20 72 3d 6e 2b 31 3b 72 3c 74 2e 6c 65 6e 67 74 68 3b 2b 2b 72 29 74 5b 6e 5d 2e 74 6f 6b 65 6e 3d 3d 74 5b 72 5d 2e 74 6f 6b 65 6e 26 Data Ascii: ers[n.toLowerCase()]}}),r.push({token:/:res\[([^\]]+)]/g,replacement:function(e,n){return t.getHeader(n.toLowerCase())\|\|t.__headers&&t.__headers[n]}}),function(e){for(var t=e.concat(),n=0;n<t.length;++n)for(var r=n+1;r<t.length;++r)t[n].token==t[r].token&
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 6f 6e 28 65 29 7b 65 2e 55 4e 4b 4e 4f 57 4e 5f 45 52 52 3d 22 37 30 30 31 31 30 30 30 22 2c 65 2e 4d 45 44 49 41 5f 45 52 52 5f 41 42 4f 52 54 45 44 3d 22 37 30 30 31 31 31 30 30 22 2c 65 2e 4d 45 44 49 41 5f 45 52 52 5f 4e 45 54 57 4f 52 4b 3d 22 37 30 30 31 31 31 30 31 22 2c 65 2e 4d 45 44 49 41 5f 45 52 52 5f 44 45 43 4f 44 45 3d 22 37 30 30 31 31 31 30 32 22 2c 65 2e 4d 45 44 49 41 5f 45 52 52 5f 53 52 43 5f 4e 4f 54 5f 53 55 50 50 4f 52 54 45 44 3d 22 37 30 30 31 31 31 30 33 22 2c 65 2e 4f 52 47 5f 4c 4f 41 44 5f 54 49 4d 45 4f 55 54 3d 22 37 30 30 31 31 31 30 34 22 2c 65 2e 53 54 41 54 45 5f 53 54 55 43 4b 3d 22 37 30 30 31 31 31 30 35 22 2c 65 2e 4f 52 47 5f 50 4c 41 59 5f 53 54 55 43 4b 5f 45 52 52 3d 22 37 30 30 31 31 31 31 31 22 2c 65 2e 4e 55 Data Ascii: on(e){e.UNKNOWN_ERR="70011000",e.MEDIA_ERR_ABORTED="70011100",e.MEDIA_ERR_NETWORK="70011101",e.MEDIA_ERR_DECODE="70011102",e.MEDIA_ERR_SRC_NOT_SUPPORTED="70011103",e.ORG_LOAD_TIMEOUT="70011104",e.STATE_STUCK="70011105",e.ORG_PLAY_STUCK_ERR="70011111",e.NU
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 41 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 26 26 74 26 26 28 22 73 72 63 22 3d 3d 3d 74 3f 64 65 6c 65 74 65 20 65 2e 73 72 63 3a 65 2e 72 65 6d 6f 76 65 41 74 74 72 69 62 75 74 65 28 74 29 29 7d 2c 63 73 73 3a 41 65 2e 6f 56 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 26 26 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 63 68 69 6c 64 72 65 6e 5b 30 5d 3f 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 74 2c 65 2e 63 68 69 6c 64 72 65 6e 5b 30 5d 29 3a 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 2c 61 64 64 43 6c 61 73 73 3a 41 65 2e 63 6e 2c 72 65 6d 6f 76 65 43 6c 61 73 73 3a 41 65 2e 49 56 2c 68 61 73 43 6c 61 73 73 3a 41 65 2e Data Ascii: Attr:function(e,t){e&&t&&("src"===t?delete e.src:e.removeAttribute(t))},css:Ae.oV,append:function(e,t){e&&e.appendChild(t)},prepend:function(e,t){e.children[0]?e.insertBefore(t,e.children[0]):e.appendChild(t)},addClass:Ae.cn,removeClass:Ae.IV,hasClass:Ae.
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 6e 67 74 68 21 3d 3d 72 2e 6c 65 6e 67 74 68 29 74 68 72 6f 77 22 68 65 61 64 65 72 20 6e 61 6d 65 73 20 61 6e 64 20 76 61 6c 75 65 73 20 61 72 65 20 6e 6f 74 20 6d 61 74 63 68 22 3b 66 6f 72 28 76 61 72 20 6f 3d 30 3b 6f 3c 6e 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 74 5b 6e 5b 6f 5d 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 6e 6f 64 65 56 61 6c 75 65 5d 3d 72 5b 6f 5d 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 30 5d 2e 6e 6f 64 65 56 61 6c 75 65 3b 72 65 74 75 72 6e 20 74 7d 76 61 72 20 74 74 2c 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 65 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d 7d 69 6e 73 74 61 6e 63 65 6f 66 Data Ascii: ngth!==r.length)throw"header names and values are not match";for(var o=0;o<n.length;o++)t[n[o].childNodes[0].nodeValue]=r[o].childNodes[0].nodeValue;return t}var tt,nt=function(){var e=function(t,n){return e=Object.setPrototypeOf\|\|{__proto__:[]}instanceof
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 39 33 31 5c 75 38 64 32 35 22 7d 29 7d 65 6c 73 65 20 74 68 69 73 2e 65 6d 69 74 28 75 74 2c 7b 63 6f 64 65 3a 59 65 2e 46 50 53 5f 53 45 54 5f 4b 45 59 5f 46 41 49 4c 45 44 2c 6d 65 73 73 61 67 65 3a 22 57 65 62 6b 69 74 20 4d 65 64 69 61 4b 65 79 5c 75 35 32 31 62 5c 75 35 65 66 61 5c 75 35 39 33 31 5c 75 38 64 32 35 22 7d 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 6e 75 70 46 50 53 53 65 73 73 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 3f 28 74 68 69 73 2e 6d 65 64 69 61 2e 77 65 62 6b 69 74 53 65 74 4d 65 64 69 61 4b 65 79 73 28 6e 75 6c 6c 29 2c 65 2e 6f 6e 77 65 62 6b 69 74 6b 65 79 61 64 64 65 64 3d 6e 75 6c 6c 2c 65 2e 6f 6e 77 65 62 6b 69 74 6b 65 79 65 72 72 6f 72 3d 6e 75 6c 6c 2c 65 2e 6f 6e 77 65 62 Data Ascii: 931\u8d25"})}else this.emit(ut,{code:Ye.FPS_SET_KEY_FAILED,message:"Webkit MediaKey\u521b\u5efa\u5931\u8d25"})},t.prototype.cleanupFPSSession=function(e){return e?(this.media.webkitSetMediaKeys(null),e.onwebkitkeyadded=null,e.onwebkitkeyerror=null,e.onweb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49773	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/qq9.03144aa7.svg HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/mobile.73b646b1.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:36 UTC	485	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "af8675a61a81e9941a3cb303e4fd987d" Content-Type: image/svg+xml Access-Control-Allow-Origin: * Content-Length: 9409 Accept-Ranges: bytes X-NWS-LOG-UUID: 11297548909679744854 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:36 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:36 UTC	9409	IN	Data Raw: 20 3c 73 76 67 20 77 69 64 74 68 3d 22 39 37 31 22 20 68 65 69 67 68 74 3d 22 32 39 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 20 20 3c 70 61 74 68 0a 20 20 20 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 0a 20 20 20 20 64 3d 22 4d 31 30 35 2e 37 35 36 20 32 36 34 2e 37 35 37 43 31 33 30 2e 30 31 33 20 32 38 30 2e 36 34 31 20 31 35 38 2e 35 34 20 32 38 39 2e 31 33 32 20 31 38 37 2e 37 33 20 32 38 39 2e 31 35 37 48 33 35 31 2e 34 39 38 56 32 34 39 2e 39 36 48 32 38 38 2e 38 37 35 43 33 30 31 2e 38 33 38 20 32 33 38 2e 30 37 34 20 33 31 32 2e 35 32 36 20 32 32 33 2e 39 36 37 20 33 32 30 2e 33 38 39 20 32 30 38 2e 32 39 38 43 33 33 30 2e 33 30 38 20 31 38 38 2e 35 33 20 Data Ascii: <svg width="971" height="292" xmlns="http://www.w3.org/2000/svg"> <path clip-rule="evenodd" d="M105.756 264.757C130.013 280.641 158.54 289.132 187.73 289.157H351.498V249.96H288.875C301.838 238.074 312.526 223.967 320.389 208.298C330.308 188.53

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49772	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	682	OUT	GET /im.qq.com_new/f2ff7664/img/qq9_introduce_poster.afa30316.jpg HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/mobile.73b646b1.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:36 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "7b0abe7bed4dc357226c2c4bdabcec2d" Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Length: 81925 Accept-Ranges: bytes X-NWS-LOG-UUID: 5886152827242479281 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:36 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 44 00 00 ff e1 03 2e 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d Data Ascii: ExifII*DuckyD.http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xm
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 03 21 50 ae 81 20 00 95 11 fa a9 4c 60 84 4d da a0 06 7d 6d 79 4a 9a db 24 05 5a 61 2a 89 04 dd 35 19 b1 1d 69 a6 2a 3a d2 b2 9a d4 4a cd a6 13 55 9a ce aa 23 a6 99 e9 97 72 b5 1c eb 3a d3 2c fa 58 96 b2 bb ad b9 d6 7d 6d a8 c5 63 5a 61 97 6d c6 6b 2a d2 23 ad 35 19 ae 7e 9b 8c 31 ee 35 18 e9 97 7a 6e 30 c2 cb 96 a2 56 7d 37 12 b2 e9 a8 cd 63 db 71 96 3d 46 a3 16 32 e9 b8 c3 1b 3e d6 a2 58 c7 b9 f6 b7 18 65 56 0e 7e e5 75 8e 16 31 ea 37 0a c9 a8 9a c3 b9 f1 b8 cd 63 65 c3 6e 4c ba 69 18 f6 d4 4a c7 a8 d6 b0 c7 b9 88 e9 cd 62 cc 62 db 31 9d d3 4c c6 7d b5 1a ac ba 97 2d 46 2d a8 eb 6b 06 7d 7e b5 11 2a dc 4d 97 20 8b 1a 89 13 66 16 2d 80 58 55 5a 88 eb 6a 95 37 41 12 ad c0 34 9a ac 90 a9 69 4a 81 2a e8 14 ae c2 92 a0 04 8d ca 42 80 2b b1 4b 15 40 a0 00 00 Data Ascii: !P L`M}myJ$Za5i:JU#r:,X}mcZamk#5~15zn0V}7cq=F2>XeV~u17cenLiJbb1L}-F-k}~M f-XUZj7A4iJ*B+K@
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 40 64 0a f4 33 69 5e ab 72 33 a9 bd 65 70 2b d7 f1 9c 3a a3 d1 8c e9 e5 a8 a3 20 9a a1 66 98 e7 69 ca 63 52 8b 42 b3 31 8d 3c d3 17 46 69 86 8c d3 0d 19 a6 1a 33 4c 34 ba fa 25 4a a0 fa 80 fa 03 e8 1f d0 1f 40 be 80 fa a1 56 b4 c1 f4 42 cd 50 5b 70 09 96 80 04 d5 4a 9e ae 04 29 f7 60 3a 80 95 8c da 8e ab 58 ce 94 fa 98 d6 a7 a9 f5 b8 cf 48 bb 56 53 fa 09 6a 23 3e ad 54 4d ab 19 a8 ad 30 ce b5 04 56 a0 8e 96 31 62 2e 95 96 5d 37 12 a6 ab 28 51 9f 7f fd 35 19 ac 7a 6e 30 8b b5 19 f5 b6 a3 2c ba db 51 9a 8a d2 33 ea 2c 65 9d 8d 08 ab 12 b2 b2 61 b7 26 76 61 a1 16 4c 28 ca c6 b5 ce c6 7d 45 4c 47 52 61 a1 97 52 7f 1a 95 8b 11 d4 6a 30 ce b4 ac fb 8b 12 b3 c3 4c e3 3e b6 d4 66 b3 ea 46 a2 33 b1 63 36 23 11 a6 31 18 5d 31 16 4c 35 19 ac be b4 e5 b5 3d 63 0b 1a Data Ascii: @d3i^r3ep+: ficRB1<Fi3L4%J@VBP[pJ)`:XHVSj#>TM0V1b.]7(Q5zn0,Q3,ea&vaL(}ELGRaRj0L>fF3c6#1]1L5=c
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 8b 19 2c 28 00 80 80 ae 96 09 54 14 66 a6 ab 04 00 13 d4 d1 12 a6 34 85 d4 c8 22 cf aa c7 50 95 0c 0b d4 5c 54 54 c0 7a 6b 19 f4 28 b6 a3 d4 6b 1c c5 eb e1 82 43 47 a9 21 87 b4 fb 95 70 f5 a5 d7 50 67 a4 fa 94 66 0f 52 2e 2a 6d c9 80 95 01 e9 a8 cf a4 75 f6 b4 cd a9 f5 00 66 00 f4 09 69 a2 9d c3 19 f4 77 af 89 85 f8 8b 70 4f ae 70 bd 37 8d 0f 49 8b a3 d2 e1 a5 ec c6 7a fd 4f 5d 64 66 12 a9 01 81 5b 20 17 a8 03 dc 19 f4 9b 73 45 d2 ca e1 a3 30 b1 9f 50 af 48 68 f4 48 0f 4d 79 35 36 e5 64 c0 9a 4b 4b e2 62 68 49 14 65 ac 06 60 23 ae b1 56 44 bd 60 9d 18 69 e4 34 64 34 64 34 64 34 64 34 c5 00 00 00 00 00 06 50 3f 46 2e 9c ea 26 2c 57 a8 63 46 8a 72 81 e5 14 f2 0a 96 a2 c3 ca 62 9a 0b 96 23 51 5e a1 8d 4a 73 a8 8b ab 95 1a 8a 95 15 48 1c b8 05 4a cb 4a 94 58 Data Ascii: ,(Tf4"P\TTzk(kCG!pPgfR.*mufiwpOp7IzO]df[ sE0PHhHMy56dKKbhIe`#VD`i4d4d4d4d4P?F.&,WcFrb#Q^JsHJJX
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 58 d3 5e 7e a5 6a 2b 11 14 00 03 88 8f c6 ae f1 06 05 2b 30 21 2e 96 15 8d 6b 18 56 2a 62 46 53 76 22 6e 81 2d 44 a9 56 51 76 a2 7a 8b 1c aa 2c 10 bf 15 9a 9b aa b2 8c eb 72 b1 d2 2b 4c 22 c5 66 a3 a6 a3 36 26 b7 ac 79 67 76 ba cd 88 b1 a7 3f 28 ba 69 9b 19 74 d4 66 c4 5d 34 c3 3e 9a 89 63 2f d6 9c d9 f5 b5 73 ac d5 11 d2 c6 59 56 d8 67 de 9a 89 d7 c6 7d 69 a8 c3 1e f5 5a 66 b3 ba 1c ea 3b d3 a4 4a c6 ed a6 51 db 5c b9 f6 ca b6 ca 28 31 ea dc b7 23 15 1d 35 19 a8 ba 69 19 5b 72 ac 15 51 95 fd 69 96 7f 7f ad b1 62 6c f8 33 89 b8 c0 b1 1d ff 00 d5 ae 59 ef e3 1e b4 de 39 23 36 98 26 aa 23 ab 66 84 4e 73 b6 e2 c4 76 d4 67 a8 85 73 c4 75 ba a1 03 3b 6e 76 21 37 a8 2e 94 a9 54 4a a1 5d 02 39 b6 df a0 7d fc 9f 01 1f 7f 45 2e ad 9a 6a 25 46 6d db 48 00 00 00 80 Data Ascii: X^~j++0!.kV*bFSv"n-DVQvz,r+L"f6&ygv?(itf]4>c/sYVg}iZf;JQ\(1#5i[rQibl3Y9#6&#fNsvgsu;nv!7.TJ]9}E.j%FmH
2024-07-20 07:21:36 UTC	5	IN	Data Raw: d6 6a bf ff d9 Data Ascii: j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49774	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	671	OUT	GET /im.qq.com_new/f2ff7664/img/ellipse-1.b22a7a9f.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/mobile.73b646b1.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:36 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "8ac21d3b0464ef6435b6897f3c56110a" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 24188 Accept-Ranges: bytes X-NWS-LOG-UUID: 17728437221227442366 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:36 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b8 00 00 01 b8 08 03 00 00 00 00 14 02 81 00 00 01 89 50 4c 54 45 4c 69 71 55 bf ff 49 b6 ff 60 bf ff 55 c6 ff 66 cc ff 7f ff ff 00 ff ff 40 bf ff 55 aa ff 5a c3 ff 55 c2 ff 5d c5 ff 7f 7f ff 55 c6 ff 5b c8 ff 5a cc ff 55 d4 ff 50 bf ff 5d b9 ff 55 bb ff 59 c8 ff 4e c4 ff 00 00 ff ff ff ff 59 bc ff 5e c9 ff 60 bf ff 55 aa ff 62 c4 ff 59 bf ff 4c cc ff 4c b2 ff 00 7f ff 66 cc ff 5c d1 ff 40 bd ff 5c ff ff 61 c2 ff 51 c5 ff 50 bc ff 46 b9 ff 0d a4 ff 55 bf ff 55 cc ff 33 cc ff 50 c9 ff 7f bf ff 6d db ff 5e bc ff 5b b6 ff 60 cf ff 63 c6 ff 32 98 ff 4b c1 ff 55 b8 ff 51 b9 ff 63 c9 ff 50 aa ff 60 bf ff fe ff ff 49 b6 ff 4e b0 ff 5d d5 ff 5c b9 ff 5b d3 ff fb fe ff 50 af ff 2a aa ff 66 99 ff 49 db ff 00 Data Ascii: PNGIHDRPLTELiqUI`Uf@UZU]U[ZUP]UYNY^`UbYLLf\@\aQPFUU3Pm^[`c2KUQcP`IN]\[P*fI
2024-07-20 07:21:36 UTC	7804	IN	Data Raw: 1b 14 fd 58 72 87 ba 5d 18 ce a7 cf 4e bf fb c2 a4 9d 5e de a2 d0 1a f4 ba 58 98 c0 55 1e a8 61 ce ea e5 d4 9b 95 89 7b de 4d 87 f3 27 93 fe a4 91 84 dd fc 25 bf 34 75 52 a1 88 e5 16 f6 65 a8 1a 15 4e 3a 88 96 31 b1 5c a0 20 6a db fa 8c cb bb 5e f5 8e e3 a6 5f 41 ae d6 62 c9 6d 7d 3d b1 21 c3 53 59 cc b1 85 17 72 53 e6 2c 47 30 13 87 1f cf e9 34 4a 49 a7 c3 ef f4 3b 4a 18 cc d5 5c 42 1d 42 1e a4 cf ad da c5 72 dc 76 14 4d 44 b8 1c 11 14 9f 37 bd a6 4b cb 77 f8 be 6a 63 96 53 f7 76 b9 32 2c f4 d7 04 a7 de 2d 99 09 a8 61 8e d9 08 b8 04 a4 f4 d3 5e 30 9c 33 e9 2c 25 61 42 b8 e0 41 4d 2c 47 9f 9b e3 32 81 b4 73 9b 42 1d 12 cb a9 3e bc 5e df 5a d3 a5 e5 3b 2c 28 ef e0 32 9c b7 10 ea 92 65 12 99 3d c3 48 a0 97 7f 40 c1 2e 42 5d 6c bd e9 70 f3 04 49 88 51 c2 54 Data Ascii: Xr]N^XUa{M'%4uReN:1\ j^_Abm}=!SYrS,G04JI;J\BBrvMD7KwjcSv2,-a^03,%aBAM,G2sB>^Z;,(2e=H@.B]lpIQT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49770	43.129.115.202	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	732	OUT	GET / HTTP/1.1 Host: im.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://im.qq.com/mobileqq/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac
2024-07-20 07:21:36 UTC	285	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:36 GMT Content-Type: text/html Content-Length: 271 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 10 Jul 2024 06:12:39 GMT ETag: "668e2657-10f" Cache-Control: max-age=600 Accept-Ranges: bytes Server: TAPISIX/2.2.2
2024-07-20 07:21:36 UTC	271	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 20 20 20 20 2f 2f 42 4a 5f 52 45 50 4f 52 54 2e 74 72 79 4a 73 28 29 2e 73 70 79 41 6c 6c 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 2e 71 71 2e 63 6f 6d 2f 69 6e 64 65 78 22 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a Data Ascii: <!DOCTYPE html><html><head lang="en"> <meta charset="UTF-8"> <title></title> <script type="text/javascript"> //BJ_REPORT.tryJs().spyAll(); window.location.href="https://im.qq.com/index" </script></head><body>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49777	43.152.29.77	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	537	OUT	GET /sdk/4.5.16/beacon_web.min.js HTTP/1.1 Host: beacon.cdn.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:36 UTC	725	IN	HTTP/1.1 200 OK Last-Modified: Tue, 13 Dec 2022 14:47:32 GMT Etag: "78ce85cf25b73a3e634dcbf283f5c4bd" Content-Type: text/javascript Date: Sat, 15 Jun 2024 16:59:59 GMT Server: tencent-cos x-cos-hash-crc64ecma: 5574060019002018929 x-cos-request-id: NjY2ZGM4OGZfMWQzMjI3MGJfMTY5MDlfMmFmODYxYQ== Content-Length: 31768 Accept-Ranges: bytes X-NWS-LOG-UUID: 17170006729828139891 Connection: close X-Cache-Lookup: Cache Hit Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: * Cache-Control: max-age=2592000 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Vary: Origin
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 22 42 65 61 63 6f 6e 41 63 74 69 6f 6e 22 2c 65 29 3a 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 7c 7c 73 65 6c 66 29 2e 42 65 61 63 6f 6e 41 63 74 69 6f 6e 3d 65 28 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 Data Ascii: !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define("BeaconAction",e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).BeaconAction=e()}(this,(function(){"use strict";var
2024-07-20 07:21:36 UTC	15384	IN	Data Raw: 6e 28 74 29 7b 7d 29 29 29 7d 72 65 74 75 72 6e 20 74 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 43 6f 75 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 73 77 69 74 63 68 28 74 2e 6c 61 62 65 6c 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 20 74 2e 74 72 79 73 2e 70 75 73 68 28 5b 30 2c 32 2c 2c 33 5d 29 2c 5b 34 2c 74 68 69 73 2e 73 74 6f 72 65 2e 67 65 74 43 6f 75 6e 74 28 29 5d 3b 63 61 73 65 20 31 3a 72 65 74 75 72 6e 5b 32 2c 74 2e 73 65 6e 74 28 29 5d 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 74 2e 73 65 6e 74 28 29 2c 5b 32 2c 50 72 6f 6d 69 73 65 2e 72 Data Ascii: n(t){})))}return t.prototype.getCount=function(){return n(this,void 0,void 0,(function(){return r(this,(function(t){switch(t.label){case 0:return t.trys.push([0,2,,3]),[4,this.store.getCount()];case 1:return[2,t.sent()];case 2:return t.sent(),[2,Promise.r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49779	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	635	OUT	GET /qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp HTTP/1.1 Host: cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:36 UTC	374	IN	HTTP/1.1 200 OK Last-Modified: Wed, 15 Feb 2023 07:41:56 GMT Content-Type: image/webp Access-Control-Allow-Origin: * Content-Length: 40692 Accept-Ranges: bytes X-NWS-LOG-UUID: 3086162845296416322 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:36 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Accept
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 52 49 46 46 ec 9e 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 a4 04 00 a3 04 00 41 4c 50 48 5b 00 00 00 01 0f 30 ff 11 11 42 41 db 46 0e 84 e3 8f f6 18 8c 9f 8e e8 ff 04 64 49 83 ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff 4e 02 00 56 50 38 20 6a 9e 00 00 10 2c 05 9d 01 2a a5 04 a4 04 3e 6d 32 96 49 24 25 af 2e a2 b0 49 d9 e0 0d 89 67 6e 73 bc 3a f1 fa bc 1a cb f9 6d b3 2d 3e 3e 39 bb 34 ef 74 f6 37 15 c5 c2 4d 0e 6e 0d ff f4 b8 a7 f7 4f fa 7c f0 b9 3b f3 7c 6f fd 87 fd c7 b0 3e 98 8f 97 a6 70 74 7d f4 19 fd 07 a5 4f fd be 93 7f a6 f4 f5 a0 bd c5 bb 7a e6 99 25 e5 1f 50 ef b5 ef b7 c9 de e2 f3 c6 7c Data Ascii: RIFFWEBPVP8XALPH[0BAFdINVP8 j,*>m2I$%.Igns:m->>94t7MnO\|;\|o>pt}Oz%P\|
2024-07-20 07:21:36 UTC	16384	IN	Data Raw: 25 4f 98 b5 f0 0d c2 ac dd 01 ee cc ac 33 18 ba 15 71 a4 70 57 04 e4 83 61 ea 4c d7 f4 ee 4b e9 25 7d 31 70 b3 fd 5a f0 bc a5 5e 3f 84 1e a1 c1 4c 54 05 22 1e ef 51 d5 78 73 83 d8 ca 36 95 85 6e 77 56 6d 49 00 6d eb 20 1e c4 32 31 92 7c db 55 ab 8e 85 63 54 3e a2 4b 86 3a c6 0c 7c 94 3a 6d 24 83 b1 42 7a a2 ef 78 a1 64 7d d6 5b 30 c4 71 b4 20 4e 31 85 57 65 14 7b ef 4d 4a 8b 31 7c b5 95 ef 24 48 bd cf ba 75 7a a8 83 62 46 46 af 7a cb 40 89 8d c7 c2 fe 76 00 2a 06 95 2e 96 ed 26 fe 98 ae 3d 41 08 06 4f f2 6c 28 64 33 5c 2a 21 74 44 c1 9a fc 07 d7 ad 20 9f 85 88 ec 69 1d 3b 28 33 c0 e4 2f e9 04 6a 10 4d 5c 83 83 82 a2 29 1d 26 c6 46 ae 59 d5 86 27 d2 73 4d 44 c6 92 bb a8 d8 9c 1b 89 c7 3b 60 96 4b 68 48 4b 4f fe 9c ec 62 fd 4b 34 3f 10 ce fe 45 18 4d e3 f7 Data Ascii: %O3qpWaLK%}1pZ^?LT"Qxs6nwVmIm 21\|UcT>K:\|:m$Bzxd}[0q N1We{MJ1\|$HuzbFFz@v.&=AOl(d3\!tD i;(3/jM\)&FY'sMD;`KhHKObK4?EM
2024-07-20 07:21:36 UTC	7924	IN	Data Raw: 8c ec 6a 35 60 a4 5c 4a e4 37 4b aa c7 03 1c 63 ce 5c 52 f1 97 4f 51 19 bf 10 b8 cb cf 82 49 85 42 89 a5 e0 60 e2 08 a8 bc 33 03 5d 76 5d dc e5 ec a1 c0 87 93 1a fa 5c 99 63 e1 e4 69 43 32 92 03 b4 1b 43 3c 31 4a 04 db 29 79 00 96 04 bf 90 04 3e bc 45 a1 7a 4f 20 90 42 b0 03 88 07 91 ac 30 6b e0 ee ae 51 aa 16 a4 6f b4 0d 06 16 07 23 10 fd a2 7e 0b 70 c4 57 92 f4 34 00 3d 18 3f a3 02 83 5f 84 ba b0 f0 6d 19 c7 d5 41 b6 19 19 f7 eb 95 a2 43 ae 2e ed 13 41 99 67 55 87 36 41 16 25 7f d8 ea 78 19 38 1f 4f 79 5a 9a a4 79 35 2d ff 42 40 62 35 dc 5a 20 03 94 e4 c4 1f 62 6d f7 53 8c c7 db 3e 39 af 20 80 ff 8a 52 c1 30 35 0d d2 04 b5 50 86 5a 3e 60 ca f4 85 5e 81 bf b4 54 d1 0a 63 43 d1 21 4d df 17 6c 50 8f 53 b1 33 69 d1 0a 0a 07 13 d8 8f ea 8e 12 82 1a 42 83 3e Data Ascii: j5`\J7Kc\ROQIB`3]v]\ciC2C<1J)y>EzO B0kQo#~pW4=?_mAC.AgU6A%x8OyZy5-B@b5Z bmS>9 R05PZ>`^TcC!MlPS3iB>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49775	203.205.137.236	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	704	OUT	GET /thumbplayer-offline-log.html?max_age=3600 HTTP/1.1 Host: v.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49776	203.205.137.236	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:36 UTC	718	OUT	GET /cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1 HTTP/1.1 Host: v.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49771	43.129.115.202	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	728	OUT	GET /index HTTP/1.1 Host: im.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac
2024-07-20 07:21:37 UTC	194	IN	HTTP/1.1 301 Moved Permanently Date: Sat, 20 Jul 2024 07:21:37 GMT Content-Type: text/html Content-Length: 169 Connection: close Location: http://im.qq.com/index/ Server: TAPISIX/2.2.2
2024-07-20 07:21:37 UTC	169	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 39 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.19.9</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49786	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	383	OUT	GET /im.qq.com_new/f2ff7664/img/qq9.03144aa7.svg HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:37 UTC	484	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "af8675a61a81e9941a3cb303e4fd987d" Content-Type: image/svg+xml Access-Control-Allow-Origin: * Content-Length: 9409 Accept-Ranges: bytes X-NWS-LOG-UUID: 6914854705589865676 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:37 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:37 UTC	9409	IN	Data Raw: 20 3c 73 76 67 20 77 69 64 74 68 3d 22 39 37 31 22 20 68 65 69 67 68 74 3d 22 32 39 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 20 20 3c 70 61 74 68 0a 20 20 20 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 0a 20 20 20 20 64 3d 22 4d 31 30 35 2e 37 35 36 20 32 36 34 2e 37 35 37 43 31 33 30 2e 30 31 33 20 32 38 30 2e 36 34 31 20 31 35 38 2e 35 34 20 32 38 39 2e 31 33 32 20 31 38 37 2e 37 33 20 32 38 39 2e 31 35 37 48 33 35 31 2e 34 39 38 56 32 34 39 2e 39 36 48 32 38 38 2e 38 37 35 43 33 30 31 2e 38 33 38 20 32 33 38 2e 30 37 34 20 33 31 32 2e 35 32 36 20 32 32 33 2e 39 36 37 20 33 32 30 2e 33 38 39 20 32 30 38 2e 32 39 38 43 33 33 30 2e 33 30 38 20 31 38 38 2e 35 33 20 Data Ascii: <svg width="971" height="292" xmlns="http://www.w3.org/2000/svg"> <path clip-rule="evenodd" d="M105.756 264.757C130.013 280.641 158.54 289.132 187.73 289.157H351.498V249.96H288.875C301.838 238.074 312.526 223.967 320.389 208.298C330.308 188.53

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49791	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	389	OUT	GET /im.qq.com_new/f2ff7664/img/ellipse-1.b22a7a9f.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:37 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "8ac21d3b0464ef6435b6897f3c56110a" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 24188 Accept-Ranges: bytes X-NWS-LOG-UUID: 14350947055749735239 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:37 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b8 00 00 01 b8 08 03 00 00 00 00 14 02 81 00 00 01 89 50 4c 54 45 4c 69 71 55 bf ff 49 b6 ff 60 bf ff 55 c6 ff 66 cc ff 7f ff ff 00 ff ff 40 bf ff 55 aa ff 5a c3 ff 55 c2 ff 5d c5 ff 7f 7f ff 55 c6 ff 5b c8 ff 5a cc ff 55 d4 ff 50 bf ff 5d b9 ff 55 bb ff 59 c8 ff 4e c4 ff 00 00 ff ff ff ff 59 bc ff 5e c9 ff 60 bf ff 55 aa ff 62 c4 ff 59 bf ff 4c cc ff 4c b2 ff 00 7f ff 66 cc ff 5c d1 ff 40 bd ff 5c ff ff 61 c2 ff 51 c5 ff 50 bc ff 46 b9 ff 0d a4 ff 55 bf ff 55 cc ff 33 cc ff 50 c9 ff 7f bf ff 6d db ff 5e bc ff 5b b6 ff 60 cf ff 63 c6 ff 32 98 ff 4b c1 ff 55 b8 ff 51 b9 ff 63 c9 ff 50 aa ff 60 bf ff fe ff ff 49 b6 ff 4e b0 ff 5d d5 ff 5c b9 ff 5b d3 ff fb fe ff 50 af ff 2a aa ff 66 99 ff 49 db ff 00 Data Ascii: PNGIHDRPLTELiqUI`Uf@UZU]U[ZUP]UYNY^`UbYLLf\@\aQPFUU3Pm^[`c2KUQcP`IN]\[P*fI
2024-07-20 07:21:37 UTC	7804	IN	Data Raw: 1b 14 fd 58 72 87 ba 5d 18 ce a7 cf 4e bf fb c2 a4 9d 5e de a2 d0 1a f4 ba 58 98 c0 55 1e a8 61 ce ea e5 d4 9b 95 89 7b de 4d 87 f3 27 93 fe a4 91 84 dd fc 25 bf 34 75 52 a1 88 e5 16 f6 65 a8 1a 15 4e 3a 88 96 31 b1 5c a0 20 6a db fa 8c cb bb 5e f5 8e e3 a6 5f 41 ae d6 62 c9 6d 7d 3d b1 21 c3 53 59 cc b1 85 17 72 53 e6 2c 47 30 13 87 1f cf e9 34 4a 49 a7 c3 ef f4 3b 4a 18 cc d5 5c 42 1d 42 1e a4 cf ad da c5 72 dc 76 14 4d 44 b8 1c 11 14 9f 37 bd a6 4b cb 77 f8 be 6a 63 96 53 f7 76 b9 32 2c f4 d7 04 a7 de 2d 99 09 a8 61 8e d9 08 b8 04 a4 f4 d3 5e 30 9c 33 e9 2c 25 61 42 b8 e0 41 4d 2c 47 9f 9b e3 32 81 b4 73 9b 42 1d 12 cb a9 3e bc 5e df 5a d3 a5 e5 3b 2c 28 ef e0 32 9c b7 10 ea 92 65 12 99 3d c3 48 a0 97 7f 40 c1 2e 42 5d 6c bd e9 70 f3 04 49 88 51 c2 54 Data Ascii: Xr]N^XUa{M'%4uReN:1\ j^_Abm}=!SYrS,G04JI;J\BBrvMD7KwjcSv2,-a^03,%aBAM,G2sB>^Z;,(2e=H@.B]lpIQT

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49787	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	400	OUT	GET /im.qq.com_new/f2ff7664/img/qq9_introduce_poster.afa30316.jpg HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:37 UTC	483	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "7b0abe7bed4dc357226c2c4bdabcec2d" Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Length: 81925 Accept-Ranges: bytes X-NWS-LOG-UUID: 12035734398729764428 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:37 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 44 00 00 ff e1 03 2e 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d Data Ascii: ExifII*DuckyD.http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xm
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: 03 21 50 ae 81 20 00 95 11 fa a9 4c 60 84 4d da a0 06 7d 6d 79 4a 9a db 24 05 5a 61 2a 89 04 dd 35 19 b1 1d 69 a6 2a 3a d2 b2 9a d4 4a cd a6 13 55 9a ce aa 23 a6 99 e9 97 72 b5 1c eb 3a d3 2c fa 58 96 b2 bb ad b9 d6 7d 6d a8 c5 63 5a 61 97 6d c6 6b 2a d2 23 ad 35 19 ae 7e 9b 8c 31 ee 35 18 e9 97 7a 6e 30 c2 cb 96 a2 56 7d 37 12 b2 e9 a8 cd 63 db 71 96 3d 46 a3 16 32 e9 b8 c3 1b 3e d6 a2 58 c7 b9 f6 b7 18 65 56 0e 7e e5 75 8e 16 31 ea 37 0a c9 a8 9a c3 b9 f1 b8 cd 63 65 c3 6e 4c ba 69 18 f6 d4 4a c7 a8 d6 b0 c7 b9 88 e9 cd 62 cc 62 db 31 9d d3 4c c6 7d b5 1a ac ba 97 2d 46 2d a8 eb 6b 06 7d 7e b5 11 2a dc 4d 97 20 8b 1a 89 13 66 16 2d 80 58 55 5a 88 eb 6a 95 37 41 12 ad c0 34 9a ac 90 a9 69 4a 81 2a e8 14 ae c2 92 a0 04 8d ca 42 80 2b b1 4b 15 40 a0 00 00 Data Ascii: !P L`M}myJ$Za5i:JU#r:,X}mcZamk#5~15zn0V}7cq=F2>XeV~u17cenLiJbb1L}-F-k}~M f-XUZj7A4iJ*B+K@
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: 40 64 0a f4 33 69 5e ab 72 33 a9 bd 65 70 2b d7 f1 9c 3a a3 d1 8c e9 e5 a8 a3 20 9a a1 66 98 e7 69 ca 63 52 8b 42 b3 31 8d 3c d3 17 46 69 86 8c d3 0d 19 a6 1a 33 4c 34 ba fa 25 4a a0 fa 80 fa 03 e8 1f d0 1f 40 be 80 fa a1 56 b4 c1 f4 42 cd 50 5b 70 09 96 80 04 d5 4a 9e ae 04 29 f7 60 3a 80 95 8c da 8e ab 58 ce 94 fa 98 d6 a7 a9 f5 b8 cf 48 bb 56 53 fa 09 6a 23 3e ad 54 4d ab 19 a8 ad 30 ce b5 04 56 a0 8e 96 31 62 2e 95 96 5d 37 12 a6 ab 28 51 9f 7f fd 35 19 ac 7a 6e 30 8b b5 19 f5 b6 a3 2c ba db 51 9a 8a d2 33 ea 2c 65 9d 8d 08 ab 12 b2 b2 61 b7 26 76 61 a1 16 4c 28 ca c6 b5 ce c6 7d 45 4c 47 52 61 a1 97 52 7f 1a 95 8b 11 d4 6a 30 ce b4 ac fb 8b 12 b3 c3 4c e3 3e b6 d4 66 b3 ea 46 a2 33 b1 63 36 23 11 a6 31 18 5d 31 16 4c 35 19 ac be b4 e5 b5 3d 63 0b 1a Data Ascii: @d3i^r3ep+: ficRB1<Fi3L4%J@VBP[pJ)`:XHVSj#>TM0V1b.]7(Q5zn0,Q3,ea&vaL(}ELGRaRj0L>fF3c6#1]1L5=c
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: 8b 19 2c 28 00 80 80 ae 96 09 54 14 66 a6 ab 04 00 13 d4 d1 12 a6 34 85 d4 c8 22 cf aa c7 50 95 0c 0b d4 5c 54 54 c0 7a 6b 19 f4 28 b6 a3 d4 6b 1c c5 eb e1 82 43 47 a9 21 87 b4 fb 95 70 f5 a5 d7 50 67 a4 fa 94 66 0f 52 2e 2a 6d c9 80 95 01 e9 a8 cf a4 75 f6 b4 cd a9 f5 00 66 00 f4 09 69 a2 9d c3 19 f4 77 af 89 85 f8 8b 70 4f ae 70 bd 37 8d 0f 49 8b a3 d2 e1 a5 ec c6 7a fd 4f 5d 64 66 12 a9 01 81 5b 20 17 a8 03 dc 19 f4 9b 73 45 d2 ca e1 a3 30 b1 9f 50 af 48 68 f4 48 0f 4d 79 35 36 e5 64 c0 9a 4b 4b e2 62 68 49 14 65 ac 06 60 23 ae b1 56 44 bd 60 9d 18 69 e4 34 64 34 64 34 64 34 64 34 c5 00 00 00 00 00 06 50 3f 46 2e 9c ea 26 2c 57 a8 63 46 8a 72 81 e5 14 f2 0a 96 a2 c3 ca 62 9a 0b 96 23 51 5e a1 8d 4a 73 a8 8b ab 95 1a 8a 95 15 48 1c b8 05 4a cb 4a 94 58 Data Ascii: ,(Tf4"P\TTzk(kCG!pPgfR.*mufiwpOp7IzO]df[ sE0PHhHMy56dKKbhIe`#VD`i4d4d4d4d4P?F.&,WcFrb#Q^JsHJJX
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: 58 d3 5e 7e a5 6a 2b 11 14 00 03 88 8f c6 ae f1 06 05 2b 30 21 2e 96 15 8d 6b 18 56 2a 62 46 53 76 22 6e 81 2d 44 a9 56 51 76 a2 7a 8b 1c aa 2c 10 bf 15 9a 9b aa b2 8c eb 72 b1 d2 2b 4c 22 c5 66 a3 a6 a3 36 26 b7 ac 79 67 76 ba cd 88 b1 a7 3f 28 ba 69 9b 19 74 d4 66 c4 5d 34 c3 3e 9a 89 63 2f d6 9c d9 f5 b5 73 ac d5 11 d2 c6 59 56 d8 67 de 9a 89 d7 c6 7d 69 a8 c3 1e f5 5a 66 b3 ba 1c ea 3b d3 a4 4a c6 ed a6 51 db 5c b9 f6 ca b6 ca 28 31 ea dc b7 23 15 1d 35 19 a8 ba 69 19 5b 72 ac 15 51 95 fd 69 96 7f 7f ad b1 62 6c f8 33 89 b8 c0 b1 1d ff 00 d5 ae 59 ef e3 1e b4 de 39 23 36 98 26 aa 23 ab 66 84 4e 73 b6 e2 c4 76 d4 67 a8 85 73 c4 75 ba a1 03 3b 6e 76 21 37 a8 2e 94 a9 54 4a a1 5d 02 39 b6 df a0 7d fc 9f 01 1f 7f 45 2e ad 9a 6a 25 46 6d db 48 00 00 00 80 Data Ascii: X^~j++0!.kV*bFSv"n-DVQvz,r+L"f6&ygv?(itf]4>c/sYVg}iZf;JQ\(1#5i[rQibl3Y9#6&#fNsvgsu;nv!7.TJ]9}E.j%FmH
2024-07-20 07:21:37 UTC	5	IN	Data Raw: d6 6a bf ff d9 Data Ascii: j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49792	43.152.29.20	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	406	OUT	GET /qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp HTTP/1.1 Host: cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:37 UTC	415	IN	HTTP/1.1 200 OK Last-Modified: Wed, 15 Feb 2023 07:41:56 GMT Etag: "2b17d75b6d85869e08d91fa63ad3a8c2" Content-Type: image/webp Access-Control-Allow-Origin: * Content-Length: 40692 Accept-Ranges: bytes X-NWS-LOG-UUID: 8542055897781229411 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:37 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.29.20 Client-Ip: 8.46.123.33 Vary: Accept
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: 52 49 46 46 ec 9e 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 a4 04 00 a3 04 00 41 4c 50 48 5b 00 00 00 01 0f 30 ff 11 11 42 41 db 46 0e 84 e3 8f f6 18 8c 9f 8e e8 ff 04 64 49 83 ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff 4e 02 00 56 50 38 20 6a 9e 00 00 10 2c 05 9d 01 2a a5 04 a4 04 3e 6d 32 96 49 24 25 af 2e a2 b0 49 d9 e0 0d 89 67 6e 73 bc 3a f1 fa bc 1a cb f9 6d b3 2d 3e 3e 39 bb 34 ef 74 f6 37 15 c5 c2 4d 0e 6e 0d ff f4 b8 a7 f7 4f fa 7c f0 b9 3b f3 7c 6f fd 87 fd c7 b0 3e 98 8f 97 a6 70 74 7d f4 19 fd 07 a5 4f fd be 93 7f a6 f4 f5 a0 bd c5 bb 7a e6 99 25 e5 1f 50 ef b5 ef b7 c9 de e2 f3 c6 7c Data Ascii: RIFFWEBPVP8XALPH[0BAFdINVP8 j,*>m2I$%.Igns:m->>94t7MnO\|;\|o>pt}Oz%P\|
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: 25 4f 98 b5 f0 0d c2 ac dd 01 ee cc ac 33 18 ba 15 71 a4 70 57 04 e4 83 61 ea 4c d7 f4 ee 4b e9 25 7d 31 70 b3 fd 5a f0 bc a5 5e 3f 84 1e a1 c1 4c 54 05 22 1e ef 51 d5 78 73 83 d8 ca 36 95 85 6e 77 56 6d 49 00 6d eb 20 1e c4 32 31 92 7c db 55 ab 8e 85 63 54 3e a2 4b 86 3a c6 0c 7c 94 3a 6d 24 83 b1 42 7a a2 ef 78 a1 64 7d d6 5b 30 c4 71 b4 20 4e 31 85 57 65 14 7b ef 4d 4a 8b 31 7c b5 95 ef 24 48 bd cf ba 75 7a a8 83 62 46 46 af 7a cb 40 89 8d c7 c2 fe 76 00 2a 06 95 2e 96 ed 26 fe 98 ae 3d 41 08 06 4f f2 6c 28 64 33 5c 2a 21 74 44 c1 9a fc 07 d7 ad 20 9f 85 88 ec 69 1d 3b 28 33 c0 e4 2f e9 04 6a 10 4d 5c 83 83 82 a2 29 1d 26 c6 46 ae 59 d5 86 27 d2 73 4d 44 c6 92 bb a8 d8 9c 1b 89 c7 3b 60 96 4b 68 48 4b 4f fe 9c ec 62 fd 4b 34 3f 10 ce fe 45 18 4d e3 f7 Data Ascii: %O3qpWaLK%}1pZ^?LT"Qxs6nwVmIm 21\|UcT>K:\|:m$Bzxd}[0q N1We{MJ1\|$HuzbFFz@v.&=AOl(d3\!tD i;(3/jM\)&FY'sMD;`KhHKObK4?EM
2024-07-20 07:21:37 UTC	7924	IN	Data Raw: 8c ec 6a 35 60 a4 5c 4a e4 37 4b aa c7 03 1c 63 ce 5c 52 f1 97 4f 51 19 bf 10 b8 cb cf 82 49 85 42 89 a5 e0 60 e2 08 a8 bc 33 03 5d 76 5d dc e5 ec a1 c0 87 93 1a fa 5c 99 63 e1 e4 69 43 32 92 03 b4 1b 43 3c 31 4a 04 db 29 79 00 96 04 bf 90 04 3e bc 45 a1 7a 4f 20 90 42 b0 03 88 07 91 ac 30 6b e0 ee ae 51 aa 16 a4 6f b4 0d 06 16 07 23 10 fd a2 7e 0b 70 c4 57 92 f4 34 00 3d 18 3f a3 02 83 5f 84 ba b0 f0 6d 19 c7 d5 41 b6 19 19 f7 eb 95 a2 43 ae 2e ed 13 41 99 67 55 87 36 41 16 25 7f d8 ea 78 19 38 1f 4f 79 5a 9a a4 79 35 2d ff 42 40 62 35 dc 5a 20 03 94 e4 c4 1f 62 6d f7 53 8c c7 db 3e 39 af 20 80 ff 8a 52 c1 30 35 0d d2 04 b5 50 86 5a 3e 60 ca f4 85 5e 81 bf b4 54 d1 0a 63 43 d1 21 4d df 17 6c 50 8f 53 b1 33 69 d1 0a 0a 07 13 d8 8f ea 8e 12 82 1a 42 83 3e Data Ascii: j5`\J7Kc\ROQIB`3]v]\ciC2C<1J)y>EzO B0kQo#~pW4=?_mAC.AgU6A%x8OyZy5-B@b5Z bmS>9 R05PZ>`^TcC!MlPS3iB>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49785	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:38 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:37 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=f154452a3615dbea7191a25cc3dbace1; Expires=Sat, 20-Jul-2024 07:51:37 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:38 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49793	43.152.26.209	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	369	OUT	GET /sdk/4.5.16/beacon_web.min.js HTTP/1.1 Host: beacon.cdn.qq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:37 UTC	725	IN	HTTP/1.1 200 OK Last-Modified: Tue, 13 Dec 2022 14:47:32 GMT Etag: "78ce85cf25b73a3e634dcbf283f5c4bd" Content-Type: text/javascript Date: Sat, 15 Jun 2024 16:59:59 GMT Server: tencent-cos x-cos-hash-crc64ecma: 5574060019002018929 x-cos-request-id: NjY2ZGM4OGZfMWQzMjI3MGJfMTY5MDlfMmFmODYxYQ== Content-Length: 31768 Accept-Ranges: bytes X-NWS-LOG-UUID: 12647380702385646727 Connection: close X-Cache-Lookup: Cache Hit Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: * Cache-Control: max-age=2592000 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" Vary: Origin
2024-07-20 07:21:37 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 22 42 65 61 63 6f 6e 41 63 74 69 6f 6e 22 2c 65 29 3a 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 7c 7c 73 65 6c 66 29 2e 42 65 61 63 6f 6e 41 63 74 69 6f 6e 3d 65 28 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 Data Ascii: !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define("BeaconAction",e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).BeaconAction=e()}(this,(function(){"use strict";var
2024-07-20 07:21:38 UTC	15384	IN	Data Raw: 6e 28 74 29 7b 7d 29 29 29 7d 72 65 74 75 72 6e 20 74 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 43 6f 75 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 73 77 69 74 63 68 28 74 2e 6c 61 62 65 6c 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 20 74 2e 74 72 79 73 2e 70 75 73 68 28 5b 30 2c 32 2c 2c 33 5d 29 2c 5b 34 2c 74 68 69 73 2e 73 74 6f 72 65 2e 67 65 74 43 6f 75 6e 74 28 29 5d 3b 63 61 73 65 20 31 3a 72 65 74 75 72 6e 5b 32 2c 74 2e 73 65 6e 74 28 29 5d 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 74 2e 73 65 6e 74 28 29 2c 5b 32 2c 50 72 6f 6d 69 73 65 2e 72 Data Ascii: n(t){})))}return t.prototype.getCount=function(){return n(this,void 0,void 0,(function(){return r(this,(function(t){switch(t.label){case 0:return t.trys.push([0,2,,3]),[4,this.store.getCount()];case 1:return[2,t.sent()];case 2:return t.sent(),[2,Promise.r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49783	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:38 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:37 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=60c15e222d40aee84025bb5e9218f997; Expires=Sat, 20-Jul-2024 07:51:37 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:38 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	49784	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:37 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:38 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:38 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=24317b8ed8a92b09645024e024d62e94; Expires=Sat, 20-Jul-2024 07:51:37 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:38 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	49789	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:38 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:38 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:38 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=68b5c2f66bf5e6f4c4ce9137bf0e2c9c; Expires=Sat, 20-Jul-2024 07:51:38 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:38 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	49788	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:38 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:38 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:38 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=f154452a3615dbea7191a25cc3dbace1; Expires=Sat, 20-Jul-2024 07:51:38 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:38 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	49790	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:38 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:38 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:38 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=630c6c474a076d61ba687f8e13cbe370; Expires=Sat, 20-Jul-2024 07:51:38 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:38 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	49795	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:38 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460096350&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:38 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:38 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:38 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	49794	43.129.115.202	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:38 UTC	699	OUT	GET /index/ HTTP/1.1 Host: im.qq.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: tgw_l7_route=520689ed03c05dfe29e2733aff46c5ac
2024-07-20 07:21:39 UTC	287	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:38 GMT Content-Type: text/html Content-Length: 4374 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 15 Jul 2024 09:27:35 GMT ETag: "6694eb87-1116" Cache-Control: max-age=600 Accept-Ranges: bytes Server: TAPISIX/2.2.2
2024-07-20 07:21:39 UTC	2556	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 43 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 54 65 6e 63 65 6e 74 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 51 51 32 30 32 33 e6 96 b0 e7 89 88 2c 51 51 32 30 32 33 e5 ae 98 e6 96 b9 e4 b8 8b e8 bd bd 2c 51 51 32 34 e5 91 a8 e5 b9 b4 2c 51 51 39 e9 a2 84 e7 ba a6 2c e6 89 8b e6 9c ba 51 51 e5 ae 98 e6 96 b9 e6 9c 80 Data Ascii: <!doctype html><html lang=""><head><meta charset="utf-8"/><meta name="Copyright" content="Tencent"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><meta name="keywords" content="QQ2023,QQ2023,QQ24,QQ9,QQ
2024-07-20 07:21:39 UTC	1818	IN	Data Raw: 69 49 69 49 67 42 6f 53 79 67 41 42 63 36 57 57 67 41 41 2f 76 65 66 66 2f 30 50 50 38 62 41 2f 2f 4c 77 59 41 41 41 22 3b 0a 20 20 20 20 20 20 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 66 32 66 66 37 36 36 34 2f 6a 73 2f 76 75 65 2d 63 68 75 6e 6b 2e 62 63 39 63 32 35 38 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e Data Ascii: iIiIgBoSygABc6WWgAA/veff/0PP8bA//LwYAAA"; })();</script><script defer="defer" type="module" src="https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/vue-chunk.bc9c2585.js"></script><script defer="defer" type="module" src="https://qq-web.cdn-go.cn/im.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	49797	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:38 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:39 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:39 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=dd97ec847b19fc1157873110d5a4feac; Expires=Sat, 20-Jul-2024 07:51:39 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:39 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	49798	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:39 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:39 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:39 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=bee1d53c94ad78ab78ce1f47d3b85291; Expires=Sat, 20-Jul-2024 07:51:39 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:39 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	49799	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:39 UTC	535	OUT	OPTIONS /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:39 UTC	648	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:39 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=630c6c474a076d61ba687f8e13cbe370; Expires=Sat, 20-Jul-2024 07:51:39 GMT; Path=/ error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:39 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	49800	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:39 UTC	573	OUT	GET /im.qq.com_new/f2ff7664/js/pc.f8a9f5ae.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://im.qq.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:40 UTC	1017	IN	HTTP/1.1 200 OK Content-Type: application/javascript Date: Sat, 20 Jul 2024 07:21:40 GMT ETag: "a78d5e12cd76046b313d2f5406a67169" Server: tencent-cos x-cos-hash-crc64ecma: 5604556335256551836 x-cos-request-id: NjY5YjY1ODRfMTkzMjUyMWVfMWUzMTVfMTA4ZWJhOA== x-cos-storage-class: MAZ_STANDARD x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4MzZkMTZiZDQxYTg4MzRiMzIwYzRkYTRjMWFkNDM3YjQ= x-cos-version-id: MTg0NDUwMjMwMzgwNTExMTUxNTM X-Cache-Lookup: Cache Miss x-sername: cdn-go.cn X-Cache-Lookup: Cache Miss X-Cache-Lookup: Hit From Inner Cluster Last-Modified: Mon, 15 Jul 2024 09:27:38 GMT Content-Length: 62182 Accept-Ranges: bytes X-NWS-LOG-UUID: 12183122941844436283 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Timing-Allow-Origin: * Access-Control-Allow-Origin: * Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:41 UTC	4096	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 6e 3d 7b 33 33 33 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 61 29 7b 61 28 36 39 39 32 29 2c 61 28 38 36 37 34 29 2c 61 28 37 37 32 37 29 3b 76 61 72 20 69 2c 6f 2c 74 2c 73 3d 61 28 35 30 31 30 29 2c 63 3d 28 61 28 31 35 33 39 29 2c 61 28 34 37 34 37 29 2c 61 28 33 33 39 36 29 29 2c 6c 3d 61 28 36 36 32 33 29 2c 72 3d 28 61 28 34 39 31 36 29 2c 61 28 35 30 38 32 29 29 2c 64 3d 28 61 28 35 33 30 36 29 2c 61 28 35 33 32 32 29 29 2c 75 3d 61 28 35 36 37 38 29 3b 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 50 47 49 4e 3d 22 64 74 5f 70 67 69 6e 22 2c 65 2e 50 47 4f 55 54 3d 22 64 74 5f 70 67 6f 75 74 22 2c 65 2e 49 4d 50 3d 22 64 74 5f 69 6d 70 22 2c 65 2e 49 4d Data Ascii: !function(){"use strict";var e,n={3334:function(e,n,a){a(6992),a(8674),a(7727);var i,o,t,s=a(5010),c=(a(1539),a(4747),a(3396)),l=a(6623),r=(a(4916),a(5082)),d=(a(5306),a(5322)),u=a(5678);!function(e){e.PGIN="dt_pgin",e.PGOUT="dt_pgout",e.IMP="dt_imp",e.IM
2024-07-20 07:21:41 UTC	11680	IN	Data Raw: 32 39 31 48 58 6c 47 58 35 79 79 34 41 6e 4f 34 53 77 74 53 38 36 77 42 38 4b 6e 39 78 69 37 41 69 47 4d 4f 46 6d 2b 62 63 41 4e 77 53 6a 47 58 33 6f 73 6f 32 42 53 48 39 6a 47 36 58 68 73 6f 5a 6f 41 6a 47 74 45 74 44 43 4d 44 70 4b 50 6d 6e 44 4d 42 58 67 72 46 74 7a 2f 6b 4d 2b 66 39 6b 74 67 39 72 5a 41 59 6b 38 77 4c 31 78 47 7a 66 65 30 59 41 54 6b 73 68 41 4b 66 31 52 51 4c 77 6d 65 42 55 35 6c 4b 45 4e 33 53 65 36 2f 74 6a 6b 4e 53 44 4b 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 61 4f 63 76 51 41 76 58 43 6f 2f 57 62 70 55 41 41 41 41 41 53 55 56 4f 52 4b 35 43 59 49 49 3d 22 2c 22 69 73 51 72 63 6f 64 65 56 69 73 69 62 6c 65 22 3a 66 61 6c 73 65 2c 22 63 61 6e 53 68 6f 77 51 72 63 6f 64 65 22 3a 74 72 75 65 2c 22 76 65 72 73 69 6f Data Ascii: 291HXlGX5yy4AnO4SwtS86wB8Kn9xi7AiGMOFm+bcANwSjGX3oso2BSH9jG6XhsoZoAjGtEtDCMDpKPmnDMBXgrFtz/kM+f9ktg9rZAYk8wL1xGzfe0YATkshAKf1RQLwmeBU5lKEN3Se6/tjkNSDKQAAAAAAAAAAAAAAAAAAaOcvQAvXCo/WbpUAAAAASUVORK5CYII=","isQrcodeVisible":false,"canShowQrcode":true,"versio
2024-07-20 07:21:41 UTC	2800	IN	Data Raw: 6f 6e 28 65 29 7b 61 2e 76 61 6c 75 65 26 26 28 66 2e 76 61 6c 75 65 3d 65 29 7d 2c 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 73 63 72 6f 6c 6c 54 6f 70 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 54 6f 70 2c 6e 3d 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 3b 70 2e 76 61 6c 75 65 3d 65 3e 3d 6e 2f 32 7d 2c 45 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 73 63 72 6f 6c 6c 54 6f 70 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 54 6f 70 2c 6e 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 69 65 6e Data Ascii: on(e){a.value&&(f.value=e)},h=function(){var e=document.documentElement.scrollTop\|\|document.body.scrollTop,n=window.innerHeight;p.value=e>=n/2},E=function(){var e=document.documentElement.scrollTop\|\|document.body.scrollTop,n=document.documentElement.clien
2024-07-20 07:21:41 UTC	5792	IN	Data Raw: 67 22 7d 2c 6e 75 6c 6c 2c 2d 31 29 5d 2c 4b 3d 5b 22 64 74 2d 70 61 72 61 6d 73 22 2c 22 6f 6e 43 6c 69 63 6b 22 5d 2c 4a 3d 7b 63 6c 61 73 73 3a 22 64 6f 77 6e 6c 6f 61 64 2d 61 72 65 61 22 7d 2c 24 3d 5b 22 64 74 2d 70 61 72 61 6d 73 22 2c 22 6f 6e 4d 6f 75 73 65 6c 65 61 76 65 22 2c 22 6f 6e 4d 6f 75 73 65 6f 76 65 72 22 5d 2c 65 65 3d 5b 22 69 64 22 5d 2c 6e 65 3d 5b 22 68 72 65 66 22 5d 2c 61 65 3d 7b 63 6c 61 73 73 3a 22 64 6f 77 6e 6c 6f 61 64 2d 61 72 65 61 5f 5f 69 74 65 6d 2d 69 6e 74 72 6f 5f 5f 74 78 74 22 7d 2c 69 65 3d 7b 63 6c 61 73 73 3a 22 64 6f 77 6e 6c 6f 61 64 2d 61 72 65 61 5f 5f 69 74 65 6d 2d 73 70 6c 69 74 2d 6c 69 6e 65 22 7d 2c 6f 65 3d 28 30 2c 63 2e 61 5a 29 28 7b 5f 5f 6e 61 6d 65 3a 22 69 6e 64 65 78 22 2c 73 65 74 75 70 3a Data Ascii: g"},null,-1)],K=["dt-params","onClick"],J={class:"download-area"},$=["dt-params","onMouseleave","onMouseover"],ee=["id"],ne=["href"],ae={class:"download-area__item-intro__txt"},ie={class:"download-area__item-split-line"},oe=(0,c.aZ)({__name:"index",setup:
2024-07-20 07:21:41 UTC	16384	IN	Data Raw: 65 69 64 22 3a 22 65 6d 5f 62 61 73 5f 68 6f 6d 65 5f 64 6f 77 6e 6c 6f 61 64 5f 62 75 74 74 6f 6e 22 2c 22 64 74 2d 70 61 72 61 6d 73 22 3a 22 69 74 65 6d 3d 22 2e 63 6f 6e 63 61 74 28 65 2e 64 61 74 6f 6e 67 52 65 70 6f 72 74 56 61 6c 75 65 29 2c 63 6c 61 73 73 3a 28 30 2c 6d 2e 43 5f 29 28 5b 22 64 6f 77 6e 6c 6f 61 64 2d 61 72 65 61 5f 5f 69 74 65 6d 22 2c 65 2e 69 73 51 72 63 6f 64 65 56 69 73 69 62 6c 65 3f 22 64 6f 77 6e 6c 6f 61 64 2d 61 72 65 61 5f 5f 69 74 65 6d 2d 2d 64 69 73 70 6c 61 79 22 3a 22 22 5d 29 2c 6f 6e 4d 6f 75 73 65 6c 65 61 76 65 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 73 51 72 63 6f 64 65 56 69 73 69 62 6c 65 3d 21 31 7d 28 65 29 7d 2c 6f 6e 4d 6f 75 73 65 6f 76 65 Data Ascii: eid":"em_bas_home_download_button","dt-params":"item=".concat(e.datongReportValue),class:(0,m.C_)(["download-area__item",e.isQrcodeVisible?"download-area__item--display":""]),onMouseleave:function(n){return function(e){e.isQrcodeVisible=!1}(e)},onMouseove
2024-07-20 07:21:41 UTC	10220	IN	Data Raw: 61 73 73 3a 22 62 67 22 7d 29 2c 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 22 73 79 6d 62 6f 6c 22 7d 29 2c 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 22 69 6e 66 6f 22 7d 2c 5b 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 22 63 70 2d 6e 61 6d 65 22 7d 29 2c 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 22 63 70 2d 64 61 74 61 22 7d 29 5d 29 2c 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 22 61 76 61 74 61 72 22 7d 29 5d 29 2c 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 22 63 70 20 63 70 2d 73 64 22 7d 2c 5b 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 22 62 67 22 7d 29 2c 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 Data Ascii: ass:"bg"}),(0,c._)("div",{class:"symbol"}),(0,c._)("div",{class:"info"},[(0,c._)("div",{class:"cp-name"}),(0,c._)("div",{class:"cp-data"})]),(0,c._)("div",{class:"avatar"})]),(0,c._)("div",{class:"cp cp-sd"},[(0,c._)("div",{class:"bg"}),(0,c._)("div",{cla
2024-07-20 07:21:41 UTC	908	IN	Data Raw: 29 7b 76 61 72 20 6e 3d 28 30 2c 5f 2e 69 48 29 28 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 72 65 74 75 72 6e 28 30 2c 63 2e 77 67 29 28 29 2c 28 30 2c 63 2e 69 44 29 28 22 64 69 76 22 2c 49 65 2c 5b 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 50 65 2c 5b 28 28 30 2c 63 2e 77 67 29 28 21 30 29 2c 28 30 2c 63 2e 69 44 29 28 63 2e 48 59 2c 6e 75 6c 6c 2c 28 30 2c 63 2e 4b 6f 29 28 28 30 2c 5f 2e 53 55 29 28 79 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 72 65 74 75 72 6e 28 30 2c 63 2e 77 67 29 28 29 2c 28 30 2c 63 2e 69 44 29 28 22 61 22 2c 7b 22 64 74 2d 65 69 64 22 3a 22 65 6d 5f 62 61 73 5f 64 6f 77 6e 6c 6f 61 64 5f 61 72 65 61 22 2c 22 64 74 2d 70 61 72 61 6d 73 22 3a 22 69 74 65 6d 3d 22 2e 63 6f 6e 63 61 74 28 65 2e Data Ascii: ){var n=(0,_.iH)();return function(e,a){return(0,c.wg)(),(0,c.iD)("div",Ie,[(0,c._)("div",Pe,[((0,c.wg)(!0),(0,c.iD)(c.HY,null,(0,c.Ko)((0,_.SU)(y),(function(e,a){return(0,c.wg)(),(0,c.iD)("a",{"dt-eid":"em_bas_download_area","dt-params":"item=".concat(e.
2024-07-20 07:21:41 UTC	5792	IN	Data Raw: 76 61 6c 75 65 2e 78 36 34 4c 69 6e 6b 2c 74 61 72 67 65 74 3a 22 5f 62 6c 61 6e 6b 22 7d 2c 46 65 2c 38 2c 51 65 29 2c 28 30 2c 63 2e 5f 29 28 22 61 22 2c 7b 63 6c 61 73 73 3a 22 62 6f 74 74 6f 6d 2d 63 6f 6e 74 65 6e 74 5f 5f 70 61 6e 65 6c 2d 69 74 65 6d 22 2c 68 72 65 66 3a 6e 2e 76 61 6c 75 65 2e 78 33 32 4c 69 6e 6b 2c 74 61 72 67 65 74 3a 22 5f 62 6c 61 6e 6b 22 2c 22 64 74 2d 65 69 64 22 3a 22 65 6d 5f 62 61 73 5f 61 6e 64 72 6f 69 64 5f 64 6f 77 6e 6c 6f 61 64 5f 76 65 72 73 69 6f 6e 22 2c 22 64 74 2d 70 61 72 61 6d 73 22 3a 22 64 6f 77 6e 6c 6f 61 64 5f 74 79 70 65 3d 32 22 7d 2c 4f 65 2c 38 2c 4d 65 29 5d 29 5d 29 29 3a 28 30 2c 63 2e 6b 71 29 28 22 22 2c 21 30 29 5d 29 7d 7d 7d 29 2c 56 65 3d 7b 63 6c 61 73 73 3a 22 66 6f 6f 74 65 72 2d 63 6f Data Ascii: value.x64Link,target:"_blank"},Fe,8,Qe),(0,c._)("a",{class:"bottom-content__panel-item",href:n.value.x32Link,target:"_blank","dt-eid":"em_bas_android_download_version","dt-params":"download_type=2"},Oe,8,Me)])])):(0,c.kq)("",!0)])}}}),Ve={class:"footer-co
2024-07-20 07:21:41 UTC	1460	IN	Data Raw: 69 74 65 6d 22 29 3b 6f 26 26 6f 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 6f 3d 6e 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2c 74 3d 6f 2e 74 6f 70 2c 73 3d 6f 2e 68 65 69 67 68 74 3b 74 3c 69 26 26 74 3e 30 2d 73 26 26 28 65 3c 61 3f 6e 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 73 6c 69 64 65 69 6e 22 29 3a 74 3e 69 2d 2e 33 2a 73 26 26 6e 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 73 6c 69 64 65 69 6e 22 29 29 7d 29 29 2c 65 3d 61 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 61 3d 65 2e 70 67 69 64 2c 6f 3d 76 6f 69 64 20 30 3d 3d 3d 61 3f 22 22 3a 61 2c 73 3d 65 2e 62 65 61 63 6f 6e 4b 65 79 3f 65 2e 62 65 61 63 6f 6e 4b 65 79 3a 22 30 57 45 42 Data Ascii: item");o&&o.forEach((function(n){var o=n.getBoundingClientRect(),t=o.top,s=o.height;t<i&&t>0-s&&(e<a?n.classList.add("slidein"):t>i-.3*s&&n.classList.remove("slidein"))})),e=a})),function(e,n){var a=e.pgid,o=void 0===a?"":a,s=e.beaconKey?e.beaconKey:"0WEB
2024-07-20 07:21:41 UTC	3050	IN	Data Raw: 79 69 6e 67 30 22 2c 6e 29 2c 65 2e 70 6c 61 79 69 6e 67 30 3d 6e 7d 2c 73 65 74 50 6c 61 79 69 6e 67 31 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 73 65 74 50 6c 61 79 69 6e 67 31 22 2c 6e 29 2c 65 2e 70 6c 61 79 69 6e 67 31 3d 6e 7d 2c 73 65 74 54 69 74 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 65 2e 74 69 74 6c 65 3d 6e 7d 2c 73 65 74 43 75 72 4e 61 76 49 6e 64 65 78 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 65 2e 63 75 72 4e 61 76 49 6e 64 65 78 3d 6e 7d 2c 73 65 74 55 69 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 65 2e 75 69 6e 3d 6e 7d 2c 73 65 74 41 76 61 74 61 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 65 2e 61 76 61 74 61 72 3d 6e 7d 2c 73 65 74 53 68 6f 77 4c 6f 67 69 6e 3a 66 75 6e Data Ascii: ying0",n),e.playing0=n},setPlaying1:function(e,n){console.log("setPlaying1",n),e.playing1=n},setTitle:function(e,n){e.title=n},setCurNavIndex:function(e,n){e.curNavIndex=n},setUin:function(e,n){e.uin=n},setAvatar:function(e,n){e.avatar=n},setShowLogin:fun

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	49801	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:39 UTC	565	OUT	GET /im.qq.com_new/f2ff7664/css/pc.b703e4a7.css HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:40 UTC	826	IN	HTTP/1.1 200 OK Etag: "633fac9e433f674e39286ca1f66b4fc3" Content-Type: text/css Date: Fri, 12 Jul 2024 22:23:24 GMT Server: tencent-cos x-cos-hash-crc64ecma: 11826307523817392390 x-cos-request-id: NjY5MWFjZGNfMjY1NWMyMWVfMTA4MF8yNDBiOWY= x-cos-storage-class: MAZ_STANDARD x-cos-version-id: MTg0NDUwMjM0MDc5OTI2MjMwMjE X-Cache-Lookup: Cache Hit X-Cache-Lookup: Hit From Inner Cluster x-sername: cdn-go.cn Access-Control-Allow-Origin: * X-Cache-Lookup: Cache Miss X-Cache-Lookup: Hit From Inner Cluster Last-Modified: Thu, 11 Jul 2024 02:41:56 GMT Content-Length: 357269 Accept-Ranges: bytes X-NWS-LOG-UUID: 16024110668702850506 Connection: close X-Cache-Lookup: Cache Miss X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:40 UTC	4096	IN	Data Raw: 2e 6d 61 78 31 36 30 30 7b 6d 61 78 2d 77 69 64 74 68 3a 31 36 30 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 37 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 2e 74 6f 70 62 61 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 7a 2d 69 6e 64 65 78 3a 39 30 30 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 68 73 6c 61 28 30 2c 30 25 2c 31 30 30 25 2c 2e 30 38 29 7d 2e 74 6f 70 62 61 72 2c 2e 74 6f 70 70 69 63 7b 68 65 69 67 68 74 3a 36 34 70 78 7d 2e 74 6f 70 70 69 63 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 74 6f 70 70 69 63 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 30 39 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6f 70 61 63 69 74 79 Data Ascii: .max1600{max-width:1600px;min-width:1007px;margin:0 auto}.topbar{position:absolute;left:0;top:0;width:100%;z-index:900;border:1px solid hsla(0,0%,100%,.08)}.topbar,.toppic{height:64px}.toppic a{color:#fff}.toppic a:hover{color:#09f;font-weight:500;opacity
2024-07-20 07:21:41 UTC	5792	IN	Data Raw: 49 45 52 4b 48 39 37 44 75 37 35 55 55 45 71 2b 68 49 7a 30 59 76 4e 76 34 55 52 75 48 71 57 4d 46 32 52 74 4a 61 49 61 36 68 4c 51 78 53 35 4c 51 79 6e 75 62 67 73 76 49 42 6f 61 65 45 64 5a 78 2b 49 78 6a 46 44 6f 4f 6a 4d 4e 7a 67 72 47 45 43 69 7a 64 4b 74 46 7a 77 65 4a 69 2f 49 32 48 56 31 64 58 63 65 48 43 30 4c 78 61 41 38 48 58 6d 53 59 4a 65 63 68 79 58 39 49 59 33 36 44 6e 57 55 49 38 30 74 61 52 71 43 41 69 46 56 69 73 6a 47 70 38 48 4f 69 37 69 57 32 76 44 71 70 64 44 49 71 6a 78 58 5a 74 67 75 33 58 4a 75 5a 66 65 57 35 73 79 41 33 5a 39 78 67 4e 41 6e 33 73 73 75 2f 2b 63 2b 6c 38 6e 71 38 76 6a 39 66 45 50 54 51 6f 6a 67 5a 6b 46 48 74 76 54 74 54 74 36 31 35 50 32 7a 5a 6b 6f 54 69 45 50 49 47 62 6f 5a 42 42 55 49 2b 45 6a 4d 4c 71 4c 57 Data Ascii: IERKH97Du75UUEq+hIz0YvNv4URuHqWMF2RtJaIa6hLQxS5LQynubgsvIBoaeEdZx+IxjFDoOjMNzgrGECizdKtFzweJi/I2HV1dXceHC0LxaA8HXmSYJechyX9IY36DnWUI80taRqCAiFVisjGp8HOi7iW2vDqpdDIqjxXZtgu3XJuZfeW5syA3Z9xgNAn3ssu/+c+l8nq8vj9fEPTQojgZkFHtvTtTt615P2zZkoTiEPIGboZBBUI+EjMLqLW
2024-07-20 07:21:41 UTC	16060	IN	Data Raw: 65 70 65 61 74 20 30 20 2d 32 38 34 70 78 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 66 6c 61 73 68 44 61 74 61 7b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 2e 30 34 65 6d 7d 2e 66 6c 61 73 68 44 61 74 61 20 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 74 6f 70 69 63 66 69 78 65 64 20 61 2e 62 61 72 7a 63 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 23 6c 6f 67 69 6e 49 6e 66 6f 7b 6f 70 61 63 69 74 79 3a 31 7d 23 6c 6f 67 69 6e 49 6e 66 6f 20 69 6d 67 7b 77 69 64 74 68 3a 31 38 70 78 3b 68 65 69 67 68 74 3a 31 38 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 Data Ascii: epeat 0 -284px;color:#fff}.flashData{float:right;line-height:17px;text-align:right;letter-spacing:.04em}.flashData a:hover{text-decoration:underline}.topicfixed a.barzc{display:inline}#loginInfo{opacity:1}#loginInfo img{width:18px;height:18px;vertical-ali
2024-07-20 07:21:41 UTC	2764	IN	Data Raw: 63 6b 4f 48 50 45 44 45 70 68 43 4c 6d 77 62 59 70 47 56 32 54 30 64 2f 54 36 2b 4e 59 37 2f 69 2f 36 62 34 41 42 57 35 67 67 34 7a 2f 55 50 30 2f 74 4d 78 42 75 75 57 52 30 63 74 2f 31 69 50 74 37 41 4e 73 6b 6d 52 4d 78 68 76 54 76 2b 41 6d 76 63 4e 4c 79 53 47 39 6e 74 4b 7a 70 6d 63 4f 45 35 2f 54 44 44 56 31 53 68 6b 75 5a 73 48 4d 52 52 5a 73 4f 64 5a 37 2b 44 4f 42 6a 2b 55 75 4f 5a 41 48 68 52 57 41 34 7a 55 47 6d 2f 54 46 41 62 4e 68 7a 5a 39 69 34 35 79 53 47 4f 39 72 69 32 45 4e 50 36 46 58 75 31 68 6c 68 37 79 49 6a 5a 53 65 55 4d 44 75 47 42 34 4a 49 34 41 31 2f 49 73 56 31 75 78 56 36 4e 49 77 56 57 4c 59 7a 37 6c 58 69 6c 78 66 34 44 71 66 65 64 39 58 35 4e 53 76 41 50 5a 4f 35 42 44 78 4e 76 79 67 46 31 35 58 6a 66 46 53 37 46 45 49 34 7a Data Ascii: ckOHPEDEphCLmwbYpGV2T0d/T6+NY7/i/6b4ABW5gg4z/UP0/tMxBuuWR0ct/1iPt7ANskmRMxhvTv+AmvcNLySG9ntKzpmcOE5/TDDV1ShkuZsHMRRZsOdZ7+DOBj+UuOZAHhRWA4zUGm/TFAbNhzZ9i45ySGO9ri2ENP6FXu1hlh7yIjZSeUMDuGB4JI4A1/IsV1uxV6NIwVWLYz7lXilxf4Dqfed9X5NSvAPZO5BDxNvygF15XjfFS7FEI4z
2024-07-20 07:21:41 UTC	16384	IN	Data Raw: 4c 65 4b 56 58 69 2b 51 70 59 54 63 72 79 51 6c 52 42 36 32 32 4b 65 49 54 35 71 39 56 63 34 31 4a 65 44 63 67 46 37 30 70 4d 4b 73 44 47 36 4c 2b 4c 70 6c 56 4b 32 35 43 33 77 41 72 38 6e 42 61 74 55 41 74 52 6c 54 38 6f 4c 73 59 39 57 73 49 33 5a 31 7a 4c 57 32 41 46 65 53 37 49 54 68 48 56 69 6b 54 2f 76 49 55 70 62 65 73 76 59 57 70 62 68 37 77 35 56 6a 43 75 67 49 4f 6b 42 69 61 45 44 63 7a 43 31 4d 58 59 36 4e 48 6a 47 33 53 78 6a 42 4f 37 4f 75 52 56 4b 38 67 6f 65 54 77 4e 6e 53 79 6d 74 63 58 41 68 7a 5a 6c 36 39 4b 6c 76 44 74 59 48 35 55 37 6a 68 52 67 38 74 30 72 45 4e 64 63 69 77 4b 65 44 44 36 6b 58 56 41 48 70 41 36 43 64 44 41 65 4b 57 42 6c 34 6c 31 59 34 6f 71 56 4a 4e 4e 4d 4d 41 70 51 39 39 50 32 69 72 5a 6c 49 68 34 4e 39 6f 45 46 64 Data Ascii: LeKVXi+QpYTcryQlRB622KeIT5q9Vc41JeDcgF70pMKsDG6L+LplVK25C3wAr8nBatUAtRlT8oLsY9WsI3Z1zLW2AFeS7IThHVikT/vIUpbesvYWpbh7w5VjCugIOkBiaEDczC1MXY6NHjG3SxjBO7OuRVK8goeTwNnSymtcXAhzZl69KlvDtYH5U7jhRg8t0rENdciwKeDD6kXVAHpA6CdDAeKWBl4l1Y4oqVJNNMMApQ99P2irZlIh4N9oEFd
2024-07-20 07:21:41 UTC	992	IN	Data Raw: 32 38 37 42 6b 54 49 64 68 53 51 39 6a 64 56 33 73 70 2b 36 54 4e 56 30 4b 4a 50 5a 37 72 50 43 51 57 31 74 38 48 2f 65 48 4c 4e 63 72 45 76 6d 38 64 6c 44 6f 37 72 6e 55 38 34 62 36 76 46 39 6c 6e 72 30 6e 73 34 47 41 39 78 57 56 70 5a 56 4a 4b 31 50 76 75 4c 48 72 4c 4c 35 41 72 33 44 4e 36 6a 50 77 61 72 75 30 52 2f 7a 4b 45 7a 2b 78 64 4d 59 6e 34 55 63 51 45 54 35 46 4f 54 32 54 55 6d 71 74 76 65 39 77 35 4d 32 35 33 63 63 47 6a 74 53 4f 45 50 63 39 39 47 37 56 6c 33 6c 65 34 6a 46 4f 79 49 78 2f 57 72 6f 79 35 47 56 54 73 57 38 42 58 55 51 4a 6e 42 55 62 4c 6e 64 55 6c 54 62 43 79 66 67 4e 44 77 37 78 35 75 51 32 35 74 72 44 67 6d 46 64 64 6f 59 4e 4d 44 62 37 77 4d 49 4b 4c 50 6a 74 63 4a 4a 30 46 4c 73 38 46 37 72 4b 49 4c 57 6e 72 68 78 6a 66 4a Data Ascii: 287BkTIdhSQ9jdV3sp+6TNV0KJPZ7rPCQW1t8H/eHLNcrEvm8dlDo7rnU84b6vF9lnr0ns4GA9xWVpZVJK1PvuLHrLL5Ar3DN6jPwaru0R/zKEz+xdMYn4UcQET5FOT2TUmqtve9w5M253ccGjtSOEPc99G7Vl3le4jFOyIx/Wroy5GVTsW8BXUQJnBUbLndUlTbCyfgNDw7x5uQ25trDgmFddoYNMDb7wMIKLPjtcJJ0FLs8F7rKILWnrhxjfJ
2024-07-20 07:21:41 UTC	13032	IN	Data Raw: 30 25 29 7d 2e 73 63 65 6e 65 2d 6e 65 77 2d 75 69 20 2e 6e 65 77 2d 75 69 2d 63 61 6e 76 61 73 2d 77 72 61 70 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 77 69 64 74 68 3a 39 39 2e 37 34 30 32 35 39 37 34 76 77 3b 68 65 69 67 68 74 3a 34 34 2e 37 32 37 32 37 32 37 33 76 77 3b 7a 2d 69 6e 64 65 78 3a 30 7d 2e 73 63 65 6e 65 2d 6e 65 77 2d 75 69 20 2e 6e 65 77 2d 75 69 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 30 3b 61 6e 69 6d 61 74 69 6f 6e 3a 66 61 64 65 75 70 5f 75 69 20 31 2e 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 35 2c 2e 33 33 2c 2e 37 2c 2e 38 38 29 20 30 73 20 66 6f 72 77 61 72 64 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 70 6c 61 79 2d 73 74 61 74 65 3a 70 61 75 73 65 64 3b 62 Data Ascii: 0%)}.scene-new-ui .new-ui-canvas-wrap{position:relative;width:99.74025974vw;height:44.72727273vw;z-index:0}.scene-new-ui .new-ui{position:absolute;left:0;top:0;animation:fadeup_ui 1.4s cubic-bezier(.15,.33,.7,.88) 0s forwards;animation-play-state:paused;b
2024-07-20 07:21:41 UTC	11680	IN	Data Raw: 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 66 32 66 66 37 36 36 34 2f 69 6d 67 2f 67 75 69 6c 64 2d 31 31 2e 64 61 62 64 30 65 35 34 2e 70 6e 67 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 2e 73 63 65 6e 65 2d 67 75 69 6c 64 20 2e 67 75 69 6c 64 2d 67 72 6f 75 70 20 2e 67 75 69 6c 64 2d 6c 6f 67 6f 2d 31 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 31 2e 35 35 38 34 34 31 35 36 76 77 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 2e 35 35 38 34 34 31 35 36 76 77 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e Data Ascii: ttps://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/img/guild-11.dabd0e54.png);background-repeat:no-repeat;background-size:100% 100%}.scene-guild .guild-group .guild-logo-1{margin-left:-1.55844156vw;margin-top:-1.55844156vw;background-image:url(https://qq-web.
2024-07-20 07:21:41 UTC	10040	IN	Data Raw: 76 2f 37 36 4b 7a 6b 42 72 69 4d 47 4e 44 54 62 63 6e 4a 43 35 39 6c 43 4c 52 77 72 77 74 6c 50 31 31 39 2f 76 53 50 58 63 67 74 58 61 74 54 53 30 6c 49 53 76 56 56 4e 55 65 79 76 42 67 30 61 47 4a 37 61 74 39 35 36 69 7a 37 39 39 4e 4f 51 31 34 51 37 52 34 2b 5a 57 30 66 4e 6e 33 2f 2b 61 62 70 64 4c 31 53 37 66 36 44 38 2f 48 7a 5a 2f 71 35 58 72 35 35 6d 4f 34 5a 2b 6e 65 44 70 70 35 38 32 62 42 4f 39 38 4a 44 6e 72 46 32 37 31 76 42 64 68 32 70 70 54 6a 33 31 56 4d 72 49 30 43 62 73 51 43 33 72 5a 5a 47 43 68 50 54 36 7a 7a 33 33 58 4d 4f 32 63 38 34 35 78 39 4c 65 75 76 6e 6d 6d 2b 57 61 53 77 38 65 43 41 57 7a 4a 73 76 4d 65 57 31 6d 31 37 5a 75 33 5a 72 73 67 76 75 34 30 52 50 48 67 36 71 50 68 59 43 5a 42 4c 2b 79 6b 35 53 55 6c 42 69 38 43 2f 44 Data Ascii: v/76KzkBriMGNDTbcnJC59lCLRwrwtlP119/vSPXcgtXatTS0lISvVVNUeyvBg0aGJ7at956iz799NOQ14Q7R4+ZW0fNn3/+abpdL1S7f6D8/HzZ/q5Xr55mO4Z+neDpp582bBO98JDnrF271vBdh2ppTj31VMrI0CbsQC3rZZGChPT6zz33XMO2c845x9Leuvnmm+WaSw8eCAWzJsvMeW1m17Zu3Zrsgvu40RPHg6qPhYCZBL+yk5SUlBi8C/D
2024-07-20 07:21:41 UTC	10136	IN	Data Raw: 4d 63 30 55 46 66 6b 49 34 61 4e 68 55 76 44 52 6f 76 6b 6e 6a 78 68 62 39 6c 37 49 67 6c 37 76 75 5a 51 31 43 58 43 4b 59 72 7a 58 32 72 31 46 74 56 42 38 37 5a 6a 53 66 52 4d 36 65 4e 54 47 37 41 75 31 49 6c 31 30 74 6a 38 61 45 64 38 61 79 63 69 4f 6e 6c 55 6b 62 50 32 37 32 6c 7a 2f 52 73 62 47 78 4c 31 38 36 52 62 62 61 54 42 59 69 38 55 77 6d 58 42 70 72 4f 7a 59 77 61 77 66 35 4f 6e 4c 79 70 41 6d 48 68 77 79 62 73 52 55 56 57 75 33 69 78 59 75 74 2b 4e 4a 59 32 51 39 58 6b 62 78 79 35 63 61 4e 5a 45 2b 5a 79 67 4e 35 33 75 77 76 78 64 71 6b 66 76 73 32 65 2f 62 74 48 4a 73 77 4a 73 63 69 34 57 77 71 54 53 37 4a 75 48 54 51 4b 46 50 4d 6d 74 62 57 56 74 43 79 44 52 6e 68 62 72 50 54 6a 7a 69 64 72 66 67 70 73 7a 64 74 49 68 70 32 2b 52 54 51 63 6d Data Ascii: Mc0UFfkI4aNhUvDRovknjxhb9l7Igl7vuZQ1CXCKYrzX2r1FtVB87ZjSfRM6eNTG7Au1Il10tj8aEd8ayciOnlUkbP272lz/RsbGxL186RbbaTBYi8UwmXBprOzYwawf5OnLypAmHhwybsRUVWu3ixYut+NJY2Q9Xkbxy5caNZE+ZygN53uwvxdqkfvs2e/btHJswJsci4WwqTS7JuHTQKFPMmtbWVtCyDRnhbrPTjzidrfgpszdtIhp2+RTQcm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	49803	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:40 UTC	644	OUT	POST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Content-Length: 1576 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:40 UTC	1576	OUT	Data Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 62 53 6e 50 54 4d 38 37 52 54 41 54 65 41 62 44 64 4d 32 44 78 6e 77 77 54 30 48 70 6b 37 69 30 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 32 31 34 36 30 30 39 35 39 31 33 22 2c 22 41 31 Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"bSnPTM87RTATeAbDdM2DxnwwT0Hpk7i0","A8":"","A12":"en-US","A17":"128010241","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1721460095913","A1
2024-07-20 07:21:40 UTC	620	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:40 GMT Content-Type: text/plain Content-Length: 95 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=34af154fcee4bbc106445c173e2b207a; Expires=Sat, 20-Jul-2024 07:51:40 GMT; Path=/ Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:40 UTC	95	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 32 31 34 36 30 31 30 30 37 39 30 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d Data Ascii: {"result": 200, "srcGatewayIp": "8.46.123.33", "serverTime": "1721460100790", "msg": "success"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	49805	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:40 UTC	644	OUT	POST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Content-Length: 1576 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:40 UTC	1576	OUT	Data Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 62 53 6e 50 54 4d 38 37 52 54 41 54 65 41 62 44 64 4d 32 44 78 6e 77 77 54 30 48 70 6b 37 69 30 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 32 31 34 36 30 30 39 35 39 31 33 22 2c 22 41 31 Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"bSnPTM87RTATeAbDdM2DxnwwT0Hpk7i0","A8":"","A12":"en-US","A17":"128010241","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1721460095913","A1
2024-07-20 07:21:41 UTC	620	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:40 GMT Content-Type: text/plain Content-Length: 95 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=7b20f1cd8d3eefc9ae3234a6f1c25d38; Expires=Sat, 20-Jul-2024 07:51:40 GMT; Path=/ Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:41 UTC	95	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 32 31 34 36 30 31 30 30 38 37 37 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d Data Ascii: {"result": 200, "srcGatewayIp": "8.46.123.33", "serverTime": "1721460100877", "msg": "success"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	49802	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:40 UTC	865	OUT	POST /speed/webvitals?FCP=12268.299999999988&LCP=13359.799999999988&FID=-1&CLS=-1&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460094275&from=https%3A%2F%2Fim.qq.com%2Fmobileqq%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	134	IN	HTTP/1.1 204 No Content Date: Sat, 20 Jul 2024 07:21:41 GMT Connection: close Server: openresty Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	49804	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:40 UTC	644	OUT	POST /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Content-Length: 1468 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:40 UTC	1468	OUT	Data Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 30 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 39 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 62 53 6e 50 54 4d 38 37 52 54 41 54 65 41 62 44 64 4d 32 44 78 6e 77 77 54 30 48 70 6b 37 69 30 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 5f 31 37 32 31 34 36 30 30 39 35 36 36 37 22 2c 22 41 31 Data Ascii: {"appVersion":"0","sdkId":"js","sdkVersion":"4.5.9-web","mainAppKey":"0WEB04SGH543EALS","platformId":3,"common":{"A2":"bSnPTM87RTATeAbDdM2DxnwwT0Hpk7i0","A8":"","A12":"en-US","A17":"128010241","A23":"","A50":"","A76":"0WEB04SGH543EALS_1721460095667","A1
2024-07-20 07:21:41 UTC	620	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:41 GMT Content-Type: text/plain Content-Length: 95 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009; Expires=Sat, 20-Jul-2024 07:51:40 GMT; Path=/ Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:41 UTC	95	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 32 31 34 36 30 31 30 31 30 30 35 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d Data Ascii: {"result": 200, "srcGatewayIp": "8.46.123.33", "serverTime": "1721460101005", "msg": "success"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	49807	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:41 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460099355&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:41 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:41 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:41 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	49781	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:42 UTC	774	OUT	GET /collect/pv?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:42 UTC	404	IN	HTTP/1.1 204 No Content Date: Sat, 20 Jul 2024 07:21:42 GMT Connection: close Server: openresty Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization Access-Control-Max-Age: 86400 Cross-Origin-Resource-Policy: cross-origin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	49808	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:42 UTC	380	OUT	GET /im.qq.com_new/f2ff7664/js/pc.f8a9f5ae.js HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:42 UTC	495	IN	HTTP/1.1 200 OK Last-Modified: Mon, 15 Jul 2024 09:27:38 GMT Etag: "a78d5e12cd76046b313d2f5406a67169" Content-Type: application/javascript Access-Control-Allow-Origin: * Content-Length: 62182 Accept-Ranges: bytes X-NWS-LOG-UUID: 15477227553713159100 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:42 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:42 UTC	16384	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 6e 3d 7b 33 33 33 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 61 29 7b 61 28 36 39 39 32 29 2c 61 28 38 36 37 34 29 2c 61 28 37 37 32 37 29 3b 76 61 72 20 69 2c 6f 2c 74 2c 73 3d 61 28 35 30 31 30 29 2c 63 3d 28 61 28 31 35 33 39 29 2c 61 28 34 37 34 37 29 2c 61 28 33 33 39 36 29 29 2c 6c 3d 61 28 36 36 32 33 29 2c 72 3d 28 61 28 34 39 31 36 29 2c 61 28 35 30 38 32 29 29 2c 64 3d 28 61 28 35 33 30 36 29 2c 61 28 35 33 32 32 29 29 2c 75 3d 61 28 35 36 37 38 29 3b 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 50 47 49 4e 3d 22 64 74 5f 70 67 69 6e 22 2c 65 2e 50 47 4f 55 54 3d 22 64 74 5f 70 67 6f 75 74 22 2c 65 2e 49 4d 50 3d 22 64 74 5f 69 6d 70 22 2c 65 2e 49 4d Data Ascii: !function(){"use strict";var e,n={3334:function(e,n,a){a(6992),a(8674),a(7727);var i,o,t,s=a(5010),c=(a(1539),a(4747),a(3396)),l=a(6623),r=(a(4916),a(5082)),d=(a(5306),a(5322)),u=a(5678);!function(e){e.PGIN="dt_pgin",e.PGOUT="dt_pgout",e.IMP="dt_imp",e.IM
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 6e 29 7b 63 61 73 65 22 73 75 63 63 65 73 73 22 3a 59 28 29 2c 48 28 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 63 6c 6f 73 65 22 3a 59 28 29 7d 7d 29 7d 2c 48 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 75 2e 75 73 65 72 2e 67 65 74 55 69 6e 28 29 3b 65 26 26 28 74 28 4e 75 6d 62 65 72 28 65 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 2e 63 6f 6d 6d 69 74 28 22 73 65 74 41 76 61 74 61 72 22 2c 65 29 7d 28 75 2e 75 73 65 72 2e 67 65 74 41 76 61 74 61 72 28 65 2c 31 30 30 2c 22 51 51 22 29 29 29 7d 2c 59 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 63 6f 6d 6d 69 74 28 22 73 65 74 53 68 6f 77 4c 6f 67 69 6e 22 2c 21 31 29 7d 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 28 30 2c 63 2e 77 67 29 28 29 2c 28 30 2c Data Ascii: n){case"success":Y(),H();break;case"close":Y()}})},H=function(){var e=u.user.getUin();e&&(t(Number(e)),function(e){n.commit("setAvatar",e)}(u.user.getAvatar(e,100,"QQ")))},Y=function(){n.commit("setShowLogin",!1)};return function(e,n){return(0,c.wg)(),(0,
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 6d 28 6e 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 33 2a 2d 74 2c 22 73 22 29 7d 29 29 3b 76 61 72 20 75 3d 61 28 6f 2d 2e 32 29 3b 31 21 3d 3d 75 26 26 30 21 3d 3d 75 26 26 28 63 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 32 2a 2d 75 2c 22 73 22 29 2c 6c 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 32 2a 2d 75 2c 22 73 22 29 2c 72 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 32 2a 2d 75 2c 22 73 22 29 2c 64 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 Data Ascii: m(n).forEach((function(e){e.style.animationDelay="".concat(3-t,"s")}));var u=a(o-.2);1!==u&&0!==u&&(c.style.animationDelay="".concat(2-u,"s"),l.style.animationDelay="".concat(2-u,"s"),r.style.animationDelay="".concat(2-u,"s"),d.style.animationDelay=""
2024-07-20 07:21:43 UTC	13030	IN	Data Raw: 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 63 72 6f 6c 6c 22 2c 63 29 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 28 30 2c 63 2e 77 67 29 28 29 2c 28 30 2c 63 2e 69 44 29 28 22 64 69 76 22 2c 75 65 2c 5b 76 65 2c 28 30 2c 63 2e 5f 29 28 22 73 65 63 74 69 6f 6e 22 2c 6d 65 2c 5b 5f 65 2c 67 65 2c 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 70 65 2c 5b 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 66 65 2c 5b 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 41 65 2c 5b 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 22 66 69 72 73 74 2d 63 6f 6e 74 65 6e 74 5f 5f 76 69 64 65 6f 2d 70 6c 61 79 22 2c 6f 6e 43 6c 69 63 6b 3a 64 7d 2c 5b 28 30 2c 63 2e 5f 29 28 22 64 69 76 22 2c 7b 63 6c 61 73 73 3a 28 30 2c 6d 2e 43 5f 29 Data Ascii: dEventListener("scroll",c)})),function(e,n){return(0,c.wg)(),(0,c.iD)("div",ue,[ve,(0,c._)("section",me,[_e,ge,(0,c._)("div",pe,[(0,c._)("div",fe,[(0,c._)("div",Ae,[(0,c._)("div",{class:"first-content__video-play",onClick:d},[(0,c._)("div",{class:(0,m.C_)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	49810	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:43 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/scene-bg-x.6a1a9834.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:43 UTC	483	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "06e40876e3d85a102b955a1bce327e7f" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 181293 Accept-Ranges: bytes X-NWS-LOG-UUID: 14793741066142134652 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:43 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 80 00 00 04 38 08 06 00 00 00 e8 d3 c1 43 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDR8CpHYseiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: d6 06 f1 37 1e e5 f7 9f b5 a1 0a f6 b1 ac 97 e9 85 df 3d 04 a2 e1 52 1c f5 2c 60 ec eb 47 22 cf 0f c2 6f 0e a2 e5 b5 bc fc b6 98 ab d3 48 61 63 bd cf 49 79 fa e5 ab 7b 38 0e 8f 48 62 70 c0 7b 28 7e f1 8c 06 fe b2 cb f3 81 53 61 29 d0 6a db 41 04 d6 61 6f fd a6 9e f7 41 00 06 00 80 4b 78 0e 30 88 81 f8 3b 04 c2 2f 48 43 5b 7c 43 35 1c 33 55 24 a9 a1 0d 11 12 1c 83 ec 6a 33 89 97 35 83 a8 aa d5 8e 1c f7 dc 4e b9 7c 67 41 f7 66 87 97 97 75 7d 1d 9e 6f 5e 44 0c fe 23 aa 18 ec 35 93 79 3c 1f 78 e6 d9 7a 26 81 f6 61 47 5b 04 7e 06 a1 52 87 a3 b5 7f f5 fa 46 00 06 00 00 88 00 5e 8a 20 10 f5 ab 09 62 a3 1f d4 fd 2b 54 c7 31 9e 75 b3 64 d4 6f 2d 27 1e b0 e5 84 df b3 37 02 79 78 32 08 bf 9a 20 fe d6 d1 9e 07 62 89 ee 94 85 f5 70 38 e6 45 0c 76 ee 1b 91 ba 68 c4 e1 Data Ascii: 7=R,`G"oHacIy{8Hbp{(~Sa)jAaoAKx0;/HC[\|C53U$j35N\|gAfu}o^D#5y<xz&aG[~RF^ b+T1udo-'7yx2 bp8Evh
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 6c 8f e1 5d 4f 08 c0 00 00 00 a0 42 3a f1 57 34 15 8b 44 cf d3 75 17 09 3a 32 60 91 e7 6f 51 4d df d2 b8 f8 eb de 82 87 54 0b 93 d0 45 73 d5 5e 7d e1 56 f7 b1 1e 62 a7 59 59 31 03 29 98 51 9e f2 12 d0 d3 62 2d ce 0c a7 a5 10 6d d8 4d a9 78 6f e8 78 70 19 17 61 75 f9 83 7a 05 cb d1 0b 86 79 34 9d 4f c2 7b c8 3f 95 80 72 fc 96 39 dd 4e dc 00 79 0f c1 7d cd ba a8 87 8c d5 e4 35 ac 76 05 59 83 be 86 10 9c db 9e 87 10 7c 69 4f 30 53 41 b7 1b e6 78 2f f7 e1 b7 1b 41 18 bf 2a 1d 03 01 18 20 3a 44 01 03 1c 13 c6 33 1b 9b e9 8e 7e d6 22 65 3d 05 cd 74 50 f1 d7 6a 30 74 59 41 f8 ed 62 b6 e9 4d eb 06 94 cb 74 87 04 26 39 6c db b3 5c bc 2b b3 ff 16 8f 1e 3e 89 0e b6 26 9d f0 7b f4 e1 5b dd c7 44 69 49 b4 c1 bb 56 aa de a9 ef 34 43 65 77 f4 0a 36 09 d6 6a c7 a9 06 e0 Data Ascii: l]OB:W4Du:2`oQMTEs^}VbYY1)Qb-mMxoxpauzy4O{?r9Ny}5vY\|iO0SAx/A* :D3~"e=tPj0tYAbMt&9l\+>&{[DiIV4Cew6j
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 1c b4 e6 ab 3f 65 b6 08 e0 85 85 85 5b 62 ed 16 5e f8 80 b5 2a 73 4d 94 f1 bd bf c4 92 b3 d8 64 0a a0 57 ba 5e 6a 1d 92 2a 05 f8 82 9e a4 1d 4a b7 d7 23 9f bd 38 75 95 5e cf fa 63 90 6a 6a 73 ac 37 48 d0 e5 0b 50 e7 9d 64 2c b7 d3 3a 21 b4 db 37 ca cd 94 b5 41 30 0e 1f b0 09 b5 96 fe 15 b9 44 4f 00 aa fd 82 70 01 56 6d 33 08 74 f9 c6 28 88 ed 2c 8b f4 03 0c 46 b6 24 6a bc ed b0 70 b1 35 20 1e 8d b6 68 4a 9e 72 db 24 d6 99 0d 6a 13 01 2d 09 5c cb 6f 58 16 8e d5 bb 7a 7a 8f fc 2b 20 f7 26 81 7f 70 89 79 40 bd 9e 55 ce 8a e1 df 6c 0f 41 02 bf 93 97 72 87 36 a1 e9 63 70 25 73 d1 14 14 b8 99 c3 5e 94 dd 6f 21 82 7f b0 56 df ef 83 45 00 2f 2c 2c 7c 30 6f 01 0e 87 3d 31 bc c8 e0 1b c1 75 c5 10 48 fe 5a 30 20 7f fd 6d ba 08 4c 51 89 d1 ef 4d fe 92 a3 6e 96 09 79 Data Ascii: ?e[b^sMdW^jJ#8u^cjjs7HPd,:!7A0DOpVm3t(,F$jp5 hJr$j-\oXzz+ &py@UlAr6cp%s^o!VE/,,\|0o=1uHZ0 mLQMny
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 1b d8 86 46 97 36 d1 0e b3 3e 0c 92 79 4d 21 d1 7a 91 f1 bf e8 4a d6 3f 46 d6 b5 e8 47 43 47 ec 06 0e 32 31 c1 56 ac 25 f5 4e e0 52 a6 b5 a7 f3 bc 60 ed 0a d6 61 11 c0 0b 0b 77 84 79 75 01 09 bc 33 b5 f5 b8 67 10 c2 3f 68 c5 cb 92 a1 87 92 bf 2e f6 85 c2 53 7d e0 96 e3 68 e1 af c4 03 45 b2 a1 f9 55 28 41 8a 76 0e 53 65 85 a7 3a 89 c7 52 a4 3e 29 04 b4 dc 0e 5f 70 6a 81 2a 6f 4b 64 a6 9a 9b dc 08 c4 38 cc 89 ed 84 f7 34 79 ca 78 a7 1f 2b ac cc ad de 5f 50 ef 43 05 ca 1c 15 c8 48 44 ad bd c8 26 3f b4 d5 7c 9f 2e 8e fc 3d 9a bb 12 c1 d0 38 32 18 13 51 de 9c 1e 09 0d 9d 26 bf 74 b2 8d 6b 8c 39 b7 dd 83 60 e4 0a bc cb 63 90 c1 8a 2b 71 49 3f 6d 00 dc 38 c0 ef 85 6d 24 f0 db 58 d6 25 92 09 f7 27 89 f0 9e cb ff ba 17 40 60 f5 cd 30 6b 8f 80 2b 66 68 13 03 d9 43 Data Ascii: F6>yM!zJ?FGCG21V%NR`awyu3g?h.S}hEU(AvSe:R>)_pj*oKd84yx+_PCHD&?\|.=82Q&tk9`c+qI?m8m$X%'@`0k+fhC
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: b0 50 8f 12 2c 12 b8 94 a1 c1 50 9f f6 09 4b 19 f6 cd 19 e9 90 4b 1e bb 73 a0 39 24 30 0a 50 32 b9 e0 10 1e 33 27 22 38 92 04 2e 25 be 9e a5 b0 7b 3b 22 78 91 c0 7b 2c 02 78 21 08 da cb 58 a1 95 18 33 b9 f0 84 3c 9b f3 b0 88 df be 3c 26 3e 10 35 08 e2 97 71 9a 8d 87 3d f6 d9 a6 47 27 88 7d f4 33 5d 93 dc ba 8f c3 38 ff b3 a0 d4 8c 33 32 3e e2 55 bf c6 99 db 95 d9 bd 07 52 ef 78 ab 48 a0 22 87 89 fc 15 88 e6 2a ed 73 9f 37 5e d8 f2 f1 60 90 46 68 f8 93 9c b1 50 2a d2 37 01 72 1f cf 12 5b 27 2d 5b 69 4b 95 48 9c 95 78 33 90 8f c4 3b de df 59 cb 5b b0 69 ce 13 36 a6 8c 00 ff a7 24 82 c5 e5 5c bd d1 e2 74 92 a1 e6 70 6c 77 70 43 11 cd 5d 7f 15 ea 06 3e b2 74 ec 3e f7 bb 81 0d ca e2 49 64 6b 1b 04 90 c0 2a 79 41 bc a8 75 10 75 b3 8b 2d 04 10 fb 3f c8 46 04 a3 Data Ascii: P,PKKs9$0P23'"8.%{;"x{,x!X3<<&>5q=G'}3]832>URxH"s7^`FhP7r['-[iKHx3;Y[i6$\tplwpC]>t>Idk*yAuu-?F
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 23 dd 17 a3 cf db 13 6c 97 a8 92 f0 4d 2c 42 66 89 87 a4 0c f7 29 02 4a 40 8c 9f 93 6c 48 13 d0 60 f9 d7 a9 3d 40 62 00 3c e5 fc 15 c0 14 22 1e d3 1d a6 71 9b 61 e2 23 bd 46 dd 2e 9f 40 80 64 a4 fa 1d de 16 10 42 d6 37 27 d9 45 a4 22 50 37 62 1e 23 96 41 87 bf 0a 72 dd 5c 64 ca 0b cb 0b 6c 58 0c d1 b9 72 30 82 22 bf 0b fc b1 14 b0 b6 e5 05 0c 54 ac 6c c4 41 84 7c 38 ae 00 32 cd 28 e2 82 33 54 7a 3e a3 52 d7 17 82 a1 8c ad 0d 32 27 00 ea 0a 00 b8 fb 1f 0a d2 b2 df 9f 00 6e cc 81 ee 50 cf f1 a4 1e a3 7a 39 a3 ed 9b ad de 4d 9b 1b 68 67 08 5f fe 5c 68 96 1b 45 fe f2 93 06 af b2 e9 f2 4f 56 1e 78 7a 7b 46 b9 1a c4 86 df 89 20 17 9f 1e e5 87 6d 78 2a 84 bd 65 09 df b0 bd 95 4d cb e9 6e 7e 75 38 91 44 11 d8 99 ce b0 7f a6 7d aa ca f2 64 04 21 68 f3 da 92 8e 18 Data Ascii: #lM,Bf)J@lH`=@b<"qa#F.@dB7'E"P7b#Ar\dlXr0"TlA\|82(3Tz>R2'nPz9Mhg_\hEOVxz{F mx*eMn~u8D}d!h
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: c3 46 93 ef 5c 88 4f 3e e8 83 06 8d e9 20 09 8b d1 d2 7a 43 c8 09 ed f3 82 d3 3d 16 07 c4 ed c2 20 77 fd 8c f1 ce 21 47 14 31 3b 8a 0c ad cc bf b1 f4 3a 88 28 a4 56 99 40 13 99 1e 40 2f 01 cc e5 a5 bd 2c a1 bc cb d4 2e a4 bc 10 0a 42 f4 d5 7d fe fc 99 82 58 42 15 53 48 8e cd 24 be c1 51 bc d8 f1 e1 44 a5 18 60 17 54 43 ce 75 87 a5 16 5d 8d 04 ce 84 e7 98 f5 18 12 78 96 60 f8 c1 64 c5 81 a2 7d 33 1e 8a d4 59 93 be b5 d1 04 70 43 88 1e 0d 58 68 37 d5 00 68 a1 29 d3 69 54 38 f3 8e 68 c3 19 63 54 5a 85 d7 3f c3 3c 45 a2 cb 5e ea 4a c9 6d 42 57 68 2b 2d 26 d2 37 1b 6c a2 8b 99 10 e5 02 0e 69 7b fa 53 0e 74 f0 db fc 18 75 2a 63 e3 01 62 3a 03 18 29 6a 7e 9d 35 89 ee 89 dc 82 22 9b 54 ca 0f 25 bc 5d e6 c9 63 a5 ba 7c 78 80 8f a8 d3 b8 c4 be c8 14 66 b0 fb ae cc Data Ascii: F\O> zC= w!G1;:(V@@/,.B}XBSH$QD`TCu]x`d}3YpCXh7h)iT8hcTZ?<E^JmBWh+-&7li{Stu*cb:)j~5"T%]c\|xf
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 2d 9b d8 17 82 13 b5 12 d9 9e 76 d3 db ef 77 79 2b da bd bb 5e 94 f0 81 20 e2 14 f0 41 10 b8 9d 04 8e f2 b5 a3 6d ab 22 8f 45 9f 39 8f 41 a8 ba 6d 65 b7 29 a5 7e d8 ac b5 f8 29 60 51 39 9d 6d 19 5e ce 56 de 43 f6 29 9f b4 7d 08 39 29 ef e0 af a7 90 bf d1 18 65 47 af b7 f0 ff e0 55 67 ff 08 e0 1b 47 67 f5 fb 63 a2 c9 df e1 d1 be 6c bc 30 e8 42 af 04 c2 6d 1f c3 59 70 2b 89 75 c9 80 fd f4 43 4b e0 ad a3 cc ae 9d f2 91 26 93 02 9e ad 00 25 7b 1d 65 15 72 89 b1 0b 91 d9 5b f6 14 4b 0a 4c ac 49 1f 26 69 34 66 c0 e8 7b 18 e1 9b 61 95 c9 4f 20 2a 9c 84 a9 74 0a 18 fd 6a 66 b6 0e 80 3e 1a 24 df 9f 80 e3 cb 21 f1 18 5d a7 d5 41 b7 17 c4 72 7a 06 25 01 cf df d3 f9 74 a6 85 10 b0 2c 4d fe ce a3 b3 a1 87 f7 fc f4 ff 38 e4 6f 83 8b 26 7f a1 18 ea 69 b3 6e 29 b7 78 e2 Data Ascii: -vwy+^ Am"E9Ame)~)`Q9m^VC)}9)eGUgGgcl0BmYp+uCK&%{er[KLI&i4f{aO *tjf>$!]Arz%t,M8o&in)x
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 15 2f 40 7e 25 cf da d5 56 d2 fb ae ef f7 bd 25 fa 3d c2 7a 18 e7 39 ca 11 c6 1d 51 d7 ff 04 2e 75 c2 d4 4c c4 36 43 3f 44 e6 04 aa a4 d3 70 c5 06 7f ad 61 ad 23 b6 b8 bc 33 c8 43 a2 62 c0 16 c9 55 2d b0 9d d9 2e 10 f9 b5 32 2b cc 1b 7a 6e dd d0 a0 03 c0 97 c4 a4 41 e0 46 a3 d1 48 84 78 1d ac fb d8 5f d8 0d 51 2b 40 8b ad d8 98 b2 cd ef 8c e2 3b 90 e9 f5 67 9c 70 7f aa 35 47 d9 20 30 89 0e ab f9 5e 13 30 d9 d1 ba 8d 51 e7 a6 bc cd 0e 65 df 36 1d 90 8d b3 41 59 5b df 70 47 32 af c8 a0 46 7d e3 1d df e6 f9 4d b0 ed 42 16 6d 2d 81 e9 49 a7 72 95 83 bf 5e 75 5e 59 c7 6a 41 a2 35 df 37 14 ed 7e c6 40 11 02 5a bd 59 f9 e8 f3 27 ce 4e 7c a6 8a 75 53 b5 3d 56 02 b4 4d 2a c8 b2 82 bf 0d 3f f4 7b 80 fd d1 01 e0 cb a2 bb a7 46 03 0e 70 b3 72 1f e3 aa 5f f1 de 12 85 Data Ascii: /@~%V%=z9Q.uL6C?Dpa#3CbU-.2+znAFHx_Q+@;gp5G 0^0Qe6AY[pG2F}MBm-Ir^u^YjA57~@ZY'N\|uS=VM*?{Fpr_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	49809	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:43 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/qq9logo.2a076d03.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:43 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "1c27c52714af312a8698b26ac8615e25" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 14758 Accept-Ranges: bytes X-NWS-LOG-UUID: 8150727396208032106 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:43 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:43 UTC	14758	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 43 00 00 00 6c 08 06 00 00 00 f0 be d0 50 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRClPpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	49811	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:43 UTC	663	OUT	GET /im.qq.com_new/f2ff7664/img/phone.55b5179d.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:43 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "3d2ec3cad68ba80f42bd7fcfad6628db" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 73157 Accept-Ranges: bytes X-NWS-LOG-UUID: 2237292635021150180 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:43 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 73 00 00 05 4c 08 03 00 00 00 63 e5 ee ca 00 00 03 00 50 4c 54 45 f2 f2 f7 f5 f5 f8 f5 f7 ff f4 f9 ff f5 f7 fe f7 f7 ff f7 f9 ff f3 f3 f7 f3 f7 ff f5 f6 ff fa f5 ff ff f4 ff f6 f6 ff f4 f5 fb ff f3 ff 00 9c ff f4 f6 fd ff f5 fb ff f7 f9 ff f8 f7 ff f9 f4 ff f9 f1 ff f6 fc ee ee ff 00 00 00 ff ff ff ed f8 ff dc d7 d5 f1 f1 f5 00 79 ed da d5 d2 d8 d2 d0 e5 e5 e9 5c c8 ff 87 d3 ff d4 ce cc 98 98 9a e2 e1 e6 e6 e2 e0 e3 df dd ec e9 e8 1f 1e 20 d2 cb c9 8b 8b 8c ed ed f2 d0 c9 c6 e7 c5 c1 e1 dc da e8 e5 e4 4c 4c 4c e8 ed f0 f8 f6 f6 3d 3d 3e df db d8 b6 b6 b9 27 89 ef e8 e8 ed e6 bb b8 69 a8 f3 f8 f1 ff ee ec eb e5 c1 bd 4a 99 f2 de d9 d7 cc cb cf cb c3 c0 7a 7a 7d bd 9e b4 94 c0 f6 eb ca c7 bc d5 f5 fa Data Ascii: PNGIHDRsLcPLTEy\ LLL==>'iJzz}
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 4f 12 e4 5e e6 07 7e b9 f9 43 21 37 6b d6 7e 43 cf 1c 22 e7 d0 58 a5 47 41 03 c2 3e e0 cc 32 97 78 01 fb c1 73 21 89 f7 08 c6 88 80 e4 16 46 bb 28 b6 c9 55 84 64 a0 0f 1d 4b af d1 76 d7 f2 5c a5 63 e9 2e 73 81 e1 fd bf a0 e7 0d b7 c2 8b 04 b9 d7 cf a6 87 5d 2e 84 78 5b 74 93 98 7b ee e5 fd 75 2e 7f cd 0f fc f1 4e 68 4e 88 6d 8b 49 37 ae e3 d7 22 cf 9c 2d 26 81 3b 9d 2d b0 9c e7 35 5b 4c 9a 95 ba 95 bc cc af 83 0d f8 6d 5f 3c 5d 9f 13 d5 84 a8 55 90 d7 1b ea c8 08 96 16 11 0f c9 0f b9 9e f5 3d fa 56 ba be e6 2c cd 84 b9 1f 33 c6 3e a4 a2 d6 0f fe 0e 87 dc 64 9a bb f1 bd 36 77 6d db ed f7 37 66 41 6c 67 ae 02 b7 20 cf 35 f3 4e a2 66 bc c8 0b cd 3a 2a a5 95 f3 84 57 e9 d5 e4 0f 8e 91 5c 20 be ca 32 ad b3 62 25 ca 0a ea 44 e8 14 0c 91 15 9a ef a3 5c 13 e6 ae Data Ascii: O^~C!7k~C"XGA>2xs!F(UdKv\c.s].x[t{u.NhNmI7"-&;-5[Lm_<]U=V,3>d6wm7fAlg 5Nf:*W\ 2b%D\
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: 65 83 28 22 ab 73 f6 b0 2e ab 74 c7 f0 ae 38 48 ff e6 86 be 57 bc 65 d5 bb 6d 88 15 f7 1d 0d 0d 43 07 a1 9b b7 75 51 db 39 7d f1 48 9c 99 39 17 b6 d3 76 37 ce b4 cd 5f c9 18 bd 66 7f 79 b9 73 4d 43 3e 98 ac 75 55 3a 45 62 77 e0 71 62 17 17 87 fd f8 d1 fd aa d6 9a 0f 59 cd 1d 6e 4b 66 e1 c8 c7 ab f8 d4 3a 57 b3 a8 03 55 ff 20 4d b5 e3 59 d8 75 9f b0 20 a3 e7 78 a1 00 61 24 4c 25 4b fe ad 73 c4 ea 9c 96 39 bc e2 db 3c 6d c7 f6 a8 42 1a 96 75 4f 3b 19 cf 1a 49 e7 1c 57 e2 e3 b0 10 e6 d2 8a 4e 0a f8 e4 5c d7 09 be f5 29 cf 72 6d 5d b7 8d be 9f 86 85 b0 c6 e0 29 0b 17 17 04 9d 04 b5 4d db 4a d5 2b 76 24 7f d3 d4 37 f5 c4 dc 4d 5d fd 5c 62 ae 5c 4c c5 19 10 05 c2 8a 04 e2 c6 a2 07 e7 0a d2 8c 84 99 86 4e 25 63 f6 ef b2 a4 33 73 98 ec 05 a2 f0 88 5e 4c 75 b5 ba Data Ascii: e("s.t8HWemCuQ9}H9v7_fysMC>uU:EbwqbYnKf:WU MYu xa$L%Ks9<mBuO;IWN\)rm])MJ+v$7M]\b\LN%c3s^Lu
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: fd 86 be de 83 c3 24 01 42 05 3c b1 37 22 24 7e 28 79 24 13 ce 42 a5 0c d9 fa df 64 f8 96 a9 fe e0 d5 de 2c 93 5f e8 db 18 98 52 2a 99 d4 bb 1d 6b 70 26 b2 5b 58 d1 01 1c cc ad 94 c9 1f 0f 75 e5 07 ee a8 cd da 48 bf ae a0 71 92 05 92 c7 fd 75 ec 42 d5 cd 3d 4d f7 23 95 23 3b 2e b2 fc d1 38 17 5c b0 ba bd 36 8c 1c ee 0d 01 bf 95 28 55 b1 3b 9e 1e 52 26 ac db f0 e3 e5 4e da 56 22 71 e4 54 57 19 e2 7b 1b 45 1d 39 5e 39 d7 57 2c e5 32 b0 fd 41 c6 f9 e5 52 4a 1d e3 f3 75 1c 6d 11 a8 db e4 32 70 d2 6e 82 d8 dc b7 fc bc b9 b6 ce 21 f8 54 42 ab 99 93 1c c8 19 fa e7 7e bb 78 a8 7c 87 e2 a9 ea ec b0 67 4e 1b 63 56 0e c3 0a d5 c0 b6 5e b7 40 c6 b4 ed 9f 97 d9 1c 3f ff 3e 36 49 93 03 c3 d9 c2 9c 7f fa be b5 a5 c0 a2 1b c8 bd ee dc 03 e5 99 9e f2 ed 17 6e a9 35 ec 6a Data Ascii: $B<7"$~(y$Bd,_R*kp&[XuHquB=M##;.8\6(U;R&NV"qTW{E9^9W,2ARJum2pn!TB~x\|gNcV^@?>6In5j
2024-07-20 07:21:43 UTC	7621	IN	Data Raw: 72 ae 42 ef c4 fa 57 e6 dc 0b e1 44 83 85 5e 44 9e c9 2f e7 e7 4d f7 84 81 48 99 bc 43 f2 4d a2 84 c6 54 2e 59 90 cd 8e c3 91 60 06 65 3e db 61 38 9b 27 91 f3 e7 30 e7 7a 5f 4e dc 12 41 27 f5 67 eb bb e4 5c 04 a6 94 fc 16 42 98 3d 2d 3a 3a 17 03 dc 06 2c 87 30 24 f6 76 ce f1 bb f7 e9 30 e7 44 2e 15 e4 b2 40 7a 26 97 0c c2 60 76 b6 7f 77 73 6e 41 21 05 00 ce 87 60 b1 ae cd 22 9f 9e 99 16 8c b7 a8 ca 2d de 08 f2 1d 9d fb 27 d0 39 6a 44 e4 12 86 f0 7a 71 67 67 5d 3f e4 b3 7c 37 e7 02 ac 73 2e fa b8 21 54 c5 62 7c 5a e4 5d d5 0c f0 c6 4c 40 2e 6d 67 9e 78 32 df d3 39 31 cb 17 5c 76 ee f5 6a a1 1f 76 65 5b b4 c4 a3 d8 c3 f2 ed 9c f3 40 dc e5 4b 5b ce 16 61 86 9d 4a 61 03 c2 06 6c cf 34 43 3a 0c af b7 9e cf fd 53 f8 d9 97 5c b9 c8 14 3b 9d ba 09 3d fb be 7b 8e Data Ascii: rBWD^D/MHCMT.Y`e>a8'0z_NA'g\B=-::,0$v0D.@z&`vwsnA!`"-'9jDzqgg]?\|7s.!Tb\|Z]L@.mgx291\vjve[@K[aJal4C:S\;={

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	49782	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:43 UTC	781	OUT	GET /collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:43 UTC	258	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:43 GMT Content-Type: application/json; charset=utf-8 Content-Length: 58 Connection: close Server: openresty X-Powered-By: Express Access-Control-Allow-Origin: * ETag: W/"3a-Mq+Z0YrSSADKAkwAZ0tpR8ztW14"
2024-07-20 07:21:43 UTC	58	IN	Data Raw: 7b 22 72 65 74 63 6f 64 65 22 3a 30 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 73 5f 69 6e 5f 77 68 69 74 65 5f 6c 69 73 74 22 3a 66 61 6c 73 65 2c 22 72 61 74 65 22 3a 31 7d 7d Data Ascii: {"retcode":0,"result":{"is_in_white_list":false,"rate":1}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	49812	203.205.137.236	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:43 UTC	704	OUT	GET /thumbplayer-offline-log.html?max_age=3600 HTTP/1.1 Host: v.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	688	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:43 GMT Content-Type: text/html Content-Length: 33189 Connection: close Server: NWS_UGC_HY Cache-Control: must-revalidate, max-age=3600 Expires: Sat, 20 Jul 2024 08:21:42 GMT Last-Modified: Sat, 20 Jul 2024 06:30:00 GMT X-NWS-LOG-UUID: 890975d0-935d-4d0e-9dc0-cbe16f3f14fa Access-Control-Expose-Headers: X-Client-Ip Access-Control-Expose-Headers: X-Server-Ip Access-Control-Expose-Headers: X-Upstream-Ip Access-Control-Expose-Headers: Date X-Client-Ip: 8.46.123.33 X-Server-Ip: 203.205.137.236 X-UA-Compatible: IE=Edge X-Cache-Lookup: Hit From Disktank3 Access-Control-Allow-Origin: https://im.qq.com Accept-Ranges: bytes
2024-07-20 07:21:44 UTC	15696	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 54 68 75 6d 62 70 6c 61 79 65 72 20 e7 a6 bb e7 ba bf e6 97 a5 e5 bf 97 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 2e 6e 6f 6e 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 72 65 70 6f 72 74 2d Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1"/><title>Thumbplayer </title><style>.none{display:none}.report-
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 72 6e 20 50 28 65 2c 6e 29 7c 7c 74 2e 67 65 74 28 65 2c 6e 2c 72 29 7d 2c 68 61 73 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 72 65 74 75 72 6e 21 21 50 28 65 2c 6e 29 7c 7c 74 2e 68 61 73 28 65 2c 6e 29 7d 7d 29 7d 28 64 29 3b 76 61 72 20 78 2c 43 3d 22 74 68 75 6d 62 70 6c 61 79 65 72 2d 6f 66 66 6c 69 6e 65 2d 6c 6f 67 2d 22 2e 63 6f 6e 63 61 74 28 33 29 2c 54 3d 5b 22 74 68 75 6d 62 70 6c 61 79 65 72 2d 6f 66 66 6c 69 6e 65 2d 6c 6f 67 2d 32 22 2c 22 74 68 75 6d 62 70 6c 61 79 65 72 2d 6f 66 66 6c 69 6e 65 2d 6c 6f 67 2d 31 22 5d 2c 5f 3d 22 74 68 75 6d 62 70 6c 61 79 65 72 2d 6f 66 66 6c 69 6e 65 2d 64 62 2d 63 6c 65 61 6e 75 70 2d 73 74 61 74 65 22 3b 66 75 6e 63 74 69 6f 6e 20 4d 28 29 7b 76 61 72 20 74 3b 74 72 79 7b 22 66 75 6e 63 74 69 6f 6e Data Ascii: rn P(e,n)\|\|t.get(e,n,r)},has:function(e,n){return!!P(e,n)\|\|t.has(e,n)}})}(d);var x,C="thumbplayer-offline-log-".concat(3),T=["thumbplayer-offline-log-2","thumbplayer-offline-log-1"],_="thumbplayer-offline-db-cleanup-state";function M(){var t;try{"function
2024-07-20 07:21:44 UTC	1109	IN	Data Raw: 72 65 74 75 72 6e 5b 32 5d 7d 7d 29 29 7d 29 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 70 6f 72 74 4c 6f 67 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 65 2c 6e 3d 74 68 69 73 3b 72 65 74 75 72 6e 20 69 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 72 29 7b 73 77 69 74 63 68 28 72 2e 6c 61 62 65 6c 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 20 72 2e 74 72 79 73 2e 70 75 73 68 28 5b 30 2c 33 2c 34 2c 35 5d 29 2c 5b 34 2c 74 68 69 73 2e 64 62 2e 67 65 74 41 6c 6c 4c 6f 67 73 28 29 5d 3b 63 61 73 65 20 31 3a 72 65 74 75 72 6e 20 74 3d 72 2e 73 65 6e 74 28 29 2c 74 68 69 73 2e 70 72 69 6e 74 4c 6f 67 49 6e 66 6f 28 Data Ascii: return[2]}}))}))},t.prototype.reportLogs=function(){return o(this,void 0,void 0,(function(){var t,e,n=this;return i(this,(function(r){switch(r.label){case 0:return r.trys.push([0,3,4,5]),[4,this.db.getAllLogs()];case 1:return t=r.sent(),this.printLogInfo(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	49815	43.152.29.15	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:43 UTC	610	OUT	GET /web/im.qq.com/qq9_introduction_poster.jpg HTTP/1.1 Host: static-res.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:43 UTC	384	IN	HTTP/1.1 200 OK Last-Modified: Fri, 19 Jan 2024 04:35:45 GMT Etag: "7b0abe7bed4dc357226c2c4bdabcec2d" Content-Type: image/jpeg Content-Length: 81925 Accept-Ranges: bytes X-NWS-LOG-UUID: 9920933395636630303 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:43 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.29.15 Client-Ip: 8.46.123.33 Vary: Origin
2024-07-20 07:21:43 UTC	16384	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 44 00 00 ff e1 03 2e 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d Data Ascii: ExifII*DuckyD.http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xm
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 03 21 50 ae 81 20 00 95 11 fa a9 4c 60 84 4d da a0 06 7d 6d 79 4a 9a db 24 05 5a 61 2a 89 04 dd 35 19 b1 1d 69 a6 2a 3a d2 b2 9a d4 4a cd a6 13 55 9a ce aa 23 a6 99 e9 97 72 b5 1c eb 3a d3 2c fa 58 96 b2 bb ad b9 d6 7d 6d a8 c5 63 5a 61 97 6d c6 6b 2a d2 23 ad 35 19 ae 7e 9b 8c 31 ee 35 18 e9 97 7a 6e 30 c2 cb 96 a2 56 7d 37 12 b2 e9 a8 cd 63 db 71 96 3d 46 a3 16 32 e9 b8 c3 1b 3e d6 a2 58 c7 b9 f6 b7 18 65 56 0e 7e e5 75 8e 16 31 ea 37 0a c9 a8 9a c3 b9 f1 b8 cd 63 65 c3 6e 4c ba 69 18 f6 d4 4a c7 a8 d6 b0 c7 b9 88 e9 cd 62 cc 62 db 31 9d d3 4c c6 7d b5 1a ac ba 97 2d 46 2d a8 eb 6b 06 7d 7e b5 11 2a dc 4d 97 20 8b 1a 89 13 66 16 2d 80 58 55 5a 88 eb 6a 95 37 41 12 ad c0 34 9a ac 90 a9 69 4a 81 2a e8 14 ae c2 92 a0 04 8d ca 42 80 2b b1 4b 15 40 a0 00 00 Data Ascii: !P L`M}myJ$Za5i:JU#r:,X}mcZamk#5~15zn0V}7cq=F2>XeV~u17cenLiJbb1L}-F-k}~M f-XUZj7A4iJ*B+K@
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 40 64 0a f4 33 69 5e ab 72 33 a9 bd 65 70 2b d7 f1 9c 3a a3 d1 8c e9 e5 a8 a3 20 9a a1 66 98 e7 69 ca 63 52 8b 42 b3 31 8d 3c d3 17 46 69 86 8c d3 0d 19 a6 1a 33 4c 34 ba fa 25 4a a0 fa 80 fa 03 e8 1f d0 1f 40 be 80 fa a1 56 b4 c1 f4 42 cd 50 5b 70 09 96 80 04 d5 4a 9e ae 04 29 f7 60 3a 80 95 8c da 8e ab 58 ce 94 fa 98 d6 a7 a9 f5 b8 cf 48 bb 56 53 fa 09 6a 23 3e ad 54 4d ab 19 a8 ad 30 ce b5 04 56 a0 8e 96 31 62 2e 95 96 5d 37 12 a6 ab 28 51 9f 7f fd 35 19 ac 7a 6e 30 8b b5 19 f5 b6 a3 2c ba db 51 9a 8a d2 33 ea 2c 65 9d 8d 08 ab 12 b2 b2 61 b7 26 76 61 a1 16 4c 28 ca c6 b5 ce c6 7d 45 4c 47 52 61 a1 97 52 7f 1a 95 8b 11 d4 6a 30 ce b4 ac fb 8b 12 b3 c3 4c e3 3e b6 d4 66 b3 ea 46 a2 33 b1 63 36 23 11 a6 31 18 5d 31 16 4c 35 19 ac be b4 e5 b5 3d 63 0b 1a Data Ascii: @d3i^r3ep+: ficRB1<Fi3L4%J@VBP[pJ)`:XHVSj#>TM0V1b.]7(Q5zn0,Q3,ea&vaL(}ELGRaRj0L>fF3c6#1]1L5=c
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 8b 19 2c 28 00 80 80 ae 96 09 54 14 66 a6 ab 04 00 13 d4 d1 12 a6 34 85 d4 c8 22 cf aa c7 50 95 0c 0b d4 5c 54 54 c0 7a 6b 19 f4 28 b6 a3 d4 6b 1c c5 eb e1 82 43 47 a9 21 87 b4 fb 95 70 f5 a5 d7 50 67 a4 fa 94 66 0f 52 2e 2a 6d c9 80 95 01 e9 a8 cf a4 75 f6 b4 cd a9 f5 00 66 00 f4 09 69 a2 9d c3 19 f4 77 af 89 85 f8 8b 70 4f ae 70 bd 37 8d 0f 49 8b a3 d2 e1 a5 ec c6 7a fd 4f 5d 64 66 12 a9 01 81 5b 20 17 a8 03 dc 19 f4 9b 73 45 d2 ca e1 a3 30 b1 9f 50 af 48 68 f4 48 0f 4d 79 35 36 e5 64 c0 9a 4b 4b e2 62 68 49 14 65 ac 06 60 23 ae b1 56 44 bd 60 9d 18 69 e4 34 64 34 64 34 64 34 64 34 c5 00 00 00 00 00 06 50 3f 46 2e 9c ea 26 2c 57 a8 63 46 8a 72 81 e5 14 f2 0a 96 a2 c3 ca 62 9a 0b 96 23 51 5e a1 8d 4a 73 a8 8b ab 95 1a 8a 95 15 48 1c b8 05 4a cb 4a 94 58 Data Ascii: ,(Tf4"P\TTzk(kCG!pPgfR.*mufiwpOp7IzO]df[ sE0PHhHMy56dKKbhIe`#VD`i4d4d4d4d4P?F.&,WcFrb#Q^JsHJJX
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 58 d3 5e 7e a5 6a 2b 11 14 00 03 88 8f c6 ae f1 06 05 2b 30 21 2e 96 15 8d 6b 18 56 2a 62 46 53 76 22 6e 81 2d 44 a9 56 51 76 a2 7a 8b 1c aa 2c 10 bf 15 9a 9b aa b2 8c eb 72 b1 d2 2b 4c 22 c5 66 a3 a6 a3 36 26 b7 ac 79 67 76 ba cd 88 b1 a7 3f 28 ba 69 9b 19 74 d4 66 c4 5d 34 c3 3e 9a 89 63 2f d6 9c d9 f5 b5 73 ac d5 11 d2 c6 59 56 d8 67 de 9a 89 d7 c6 7d 69 a8 c3 1e f5 5a 66 b3 ba 1c ea 3b d3 a4 4a c6 ed a6 51 db 5c b9 f6 ca b6 ca 28 31 ea dc b7 23 15 1d 35 19 a8 ba 69 19 5b 72 ac 15 51 95 fd 69 96 7f 7f ad b1 62 6c f8 33 89 b8 c0 b1 1d ff 00 d5 ae 59 ef e3 1e b4 de 39 23 36 98 26 aa 23 ab 66 84 4e 73 b6 e2 c4 76 d4 67 a8 85 73 c4 75 ba a1 03 3b 6e 76 21 37 a8 2e 94 a9 54 4a a1 5d 02 39 b6 df a0 7d fc 9f 01 1f 7f 45 2e ad 9a 6a 25 46 6d db 48 00 00 00 80 Data Ascii: X^~j++0!.kV*bFSv"n-DVQvz,r+L"f6&ygv?(itf]4>c/sYVg}iZf;JQ\(1#5i[rQibl3Y9#6&#fNsvgsu;nv!7.TJ]9}E.j%FmH
2024-07-20 07:21:44 UTC	5	IN	Data Raw: d6 6a bf ff d9 Data Ascii: j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	49814	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:43 UTC	958	OUT	GET /collect/events?payload=%5B%7B%22name%22%3A%22QQ%E6%96%B0%E7%89%88%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5%E6%9B%9D%E5%85%89%22%2C%22ext1%22%3A%22%22%2C%22ext2%22%3A%22%22%2C%22ext3%22%3A%22%22%7D%5D&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	49818	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/img/qq9logo.2a076d03.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "1c27c52714af312a8698b26ac8615e25" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 14758 Accept-Ranges: bytes X-NWS-LOG-UUID: 5155176088745959198 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:44 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:44 UTC	14758	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 43 00 00 00 6c 08 06 00 00 00 f0 be d0 50 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRClPpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	49816	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460102356&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:44 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:44 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:44 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	49806	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	881	OUT	POST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460094275&from=https%3A%2F%2Fim.qq.com%2Fmobileqq%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive Content-Length: 955 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryrASGWwax6C7znt3c Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	955	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 72 41 53 47 57 77 61 78 36 43 37 7a 6e 74 33 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 65 61 63 6f 6e 2e 63 64 6e 2e 71 71 2e 63 6f 6d 2f 73 64 6b 2f 34 2e 35 2e 31 36 2f 62 65 61 63 6f 6e 5f 77 65 62 2e 6d 69 6e 2e 6a 73 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 31 31 39 39 2e 31 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 73 74 61 74 69 63 22 2c 22 69 73 Data Ascii: ------WebKitFormBoundaryrASGWwax6C7znt3cContent-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://beacon.cdn.qq.com/sdk/4.5.16/beacon_web.min.js","method":"get","duration":1199.1,"status":200,"type":"static","is
2024-07-20 07:21:44 UTC	134	IN	HTTP/1.1 204 No Content Date: Sat, 20 Jul 2024 07:21:44 GMT Connection: close Server: openresty Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	49822	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	385	OUT	GET /im.qq.com_new/f2ff7664/img/phone.55b5179d.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "3d2ec3cad68ba80f42bd7fcfad6628db" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 73157 Accept-Ranges: bytes X-NWS-LOG-UUID: 12578531278930273246 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:44 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 73 00 00 05 4c 08 03 00 00 00 63 e5 ee ca 00 00 03 00 50 4c 54 45 f2 f2 f7 f5 f5 f8 f5 f7 ff f4 f9 ff f5 f7 fe f7 f7 ff f7 f9 ff f3 f3 f7 f3 f7 ff f5 f6 ff fa f5 ff ff f4 ff f6 f6 ff f4 f5 fb ff f3 ff 00 9c ff f4 f6 fd ff f5 fb ff f7 f9 ff f8 f7 ff f9 f4 ff f9 f1 ff f6 fc ee ee ff 00 00 00 ff ff ff ed f8 ff dc d7 d5 f1 f1 f5 00 79 ed da d5 d2 d8 d2 d0 e5 e5 e9 5c c8 ff 87 d3 ff d4 ce cc 98 98 9a e2 e1 e6 e6 e2 e0 e3 df dd ec e9 e8 1f 1e 20 d2 cb c9 8b 8b 8c ed ed f2 d0 c9 c6 e7 c5 c1 e1 dc da e8 e5 e4 4c 4c 4c e8 ed f0 f8 f6 f6 3d 3d 3e df db d8 b6 b6 b9 27 89 ef e8 e8 ed e6 bb b8 69 a8 f3 f8 f1 ff ee ec eb e5 c1 bd 4a 99 f2 de d9 d7 cc cb cf cb c3 c0 7a 7a 7d bd 9e b4 94 c0 f6 eb ca c7 bc d5 f5 fa Data Ascii: PNGIHDRsLcPLTEy\ LLL==>'iJzz}
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 4f 12 e4 5e e6 07 7e b9 f9 43 21 37 6b d6 7e 43 cf 1c 22 e7 d0 58 a5 47 41 03 c2 3e e0 cc 32 97 78 01 fb c1 73 21 89 f7 08 c6 88 80 e4 16 46 bb 28 b6 c9 55 84 64 a0 0f 1d 4b af d1 76 d7 f2 5c a5 63 e9 2e 73 81 e1 fd bf a0 e7 0d b7 c2 8b 04 b9 d7 cf a6 87 5d 2e 84 78 5b 74 93 98 7b ee e5 fd 75 2e 7f cd 0f fc f1 4e 68 4e 88 6d 8b 49 37 ae e3 d7 22 cf 9c 2d 26 81 3b 9d 2d b0 9c e7 35 5b 4c 9a 95 ba 95 bc cc af 83 0d f8 6d 5f 3c 5d 9f 13 d5 84 a8 55 90 d7 1b ea c8 08 96 16 11 0f c9 0f b9 9e f5 3d fa 56 ba be e6 2c cd 84 b9 1f 33 c6 3e a4 a2 d6 0f fe 0e 87 dc 64 9a bb f1 bd 36 77 6d db ed f7 37 66 41 6c 67 ae 02 b7 20 cf 35 f3 4e a2 66 bc c8 0b cd 3a 2a a5 95 f3 84 57 e9 d5 e4 0f 8e 91 5c 20 be ca 32 ad b3 62 25 ca 0a ea 44 e8 14 0c 91 15 9a ef a3 5c 13 e6 ae Data Ascii: O^~C!7k~C"XGA>2xs!F(UdKv\c.s].x[t{u.NhNmI7"-&;-5[Lm_<]U=V,3>d6wm7fAlg 5Nf:*W\ 2b%D\
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 65 83 28 22 ab 73 f6 b0 2e ab 74 c7 f0 ae 38 48 ff e6 86 be 57 bc 65 d5 bb 6d 88 15 f7 1d 0d 0d 43 07 a1 9b b7 75 51 db 39 7d f1 48 9c 99 39 17 b6 d3 76 37 ce b4 cd 5f c9 18 bd 66 7f 79 b9 73 4d 43 3e 98 ac 75 55 3a 45 62 77 e0 71 62 17 17 87 fd f8 d1 fd aa d6 9a 0f 59 cd 1d 6e 4b 66 e1 c8 c7 ab f8 d4 3a 57 b3 a8 03 55 ff 20 4d b5 e3 59 d8 75 9f b0 20 a3 e7 78 a1 00 61 24 4c 25 4b fe ad 73 c4 ea 9c 96 39 bc e2 db 3c 6d c7 f6 a8 42 1a 96 75 4f 3b 19 cf 1a 49 e7 1c 57 e2 e3 b0 10 e6 d2 8a 4e 0a f8 e4 5c d7 09 be f5 29 cf 72 6d 5d b7 8d be 9f 86 85 b0 c6 e0 29 0b 17 17 04 9d 04 b5 4d db 4a d5 2b 76 24 7f d3 d4 37 f5 c4 dc 4d 5d fd 5c 62 ae 5c 4c c5 19 10 05 c2 8a 04 e2 c6 a2 07 e7 0a d2 8c 84 99 86 4e 25 63 f6 ef b2 a4 33 73 98 ec 05 a2 f0 88 5e 4c 75 b5 ba Data Ascii: e("s.t8HWemCuQ9}H9v7_fysMC>uU:EbwqbYnKf:WU MYu xa$L%Ks9<mBuO;IWN\)rm])MJ+v$7M]\b\LN%c3s^Lu
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: fd 86 be de 83 c3 24 01 42 05 3c b1 37 22 24 7e 28 79 24 13 ce 42 a5 0c d9 fa df 64 f8 96 a9 fe e0 d5 de 2c 93 5f e8 db 18 98 52 2a 99 d4 bb 1d 6b 70 26 b2 5b 58 d1 01 1c cc ad 94 c9 1f 0f 75 e5 07 ee a8 cd da 48 bf ae a0 71 92 05 92 c7 fd 75 ec 42 d5 cd 3d 4d f7 23 95 23 3b 2e b2 fc d1 38 17 5c b0 ba bd 36 8c 1c ee 0d 01 bf 95 28 55 b1 3b 9e 1e 52 26 ac db f0 e3 e5 4e da 56 22 71 e4 54 57 19 e2 7b 1b 45 1d 39 5e 39 d7 57 2c e5 32 b0 fd 41 c6 f9 e5 52 4a 1d e3 f3 75 1c 6d 11 a8 db e4 32 70 d2 6e 82 d8 dc b7 fc bc b9 b6 ce 21 f8 54 42 ab 99 93 1c c8 19 fa e7 7e bb 78 a8 7c 87 e2 a9 ea ec b0 67 4e 1b 63 56 0e c3 0a d5 c0 b6 5e b7 40 c6 b4 ed 9f 97 d9 1c 3f ff 3e 36 49 93 03 c3 d9 c2 9c 7f fa be b5 a5 c0 a2 1b c8 bd ee dc 03 e5 99 9e f2 ed 17 6e a9 35 ec 6a Data Ascii: $B<7"$~(y$Bd,_R*kp&[XuHquB=M##;.8\6(U;R&NV"qTW{E9^9W,2ARJum2pn!TB~x\|gNcV^@?>6In5j
2024-07-20 07:21:44 UTC	7621	IN	Data Raw: 72 ae 42 ef c4 fa 57 e6 dc 0b e1 44 83 85 5e 44 9e c9 2f e7 e7 4d f7 84 81 48 99 bc 43 f2 4d a2 84 c6 54 2e 59 90 cd 8e c3 91 60 06 65 3e db 61 38 9b 27 91 f3 e7 30 e7 7a 5f 4e dc 12 41 27 f5 67 eb bb e4 5c 04 a6 94 fc 16 42 98 3d 2d 3a 3a 17 03 dc 06 2c 87 30 24 f6 76 ce f1 bb f7 e9 30 e7 44 2e 15 e4 b2 40 7a 26 97 0c c2 60 76 b6 7f 77 73 6e 41 21 05 00 ce 87 60 b1 ae cd 22 9f 9e 99 16 8c b7 a8 ca 2d de 08 f2 1d 9d fb 27 d0 39 6a 44 e4 12 86 f0 7a 71 67 67 5d 3f e4 b3 7c 37 e7 02 ac 73 2e fa b8 21 54 c5 62 7c 5a e4 5d d5 0c f0 c6 4c 40 2e 6d 67 9e 78 32 df d3 39 31 cb 17 5c 76 ee f5 6a a1 1f 76 65 5b b4 c4 a3 d8 c3 f2 ed 9c f3 40 dc e5 4b 5b ce 16 61 86 9d 4a 61 03 c2 06 6c cf 34 43 3a 0c af b7 9e cf fd 53 f8 d9 97 5c b9 c8 14 3b 9d ba 09 3d fb be 7b 8e Data Ascii: rBWD^D/MHCMT.Y`e>a8'0z_NA'g\B=-::,0$v0D.@z&`vwsnA!`"-'9jDzqgg]?\|7s.!Tb\|Z]L@.mgx291\vjve[@K[aJal4C:S\;={

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	49820	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	664	OUT	GET /im.qq.com_new/f2ff7664/img/poster.712f34ab.jpg HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	483	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "e7ce14171ebad4b5eb07fb8a70e65f09" Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Length: 108197 Accept-Ranges: bytes X-NWS-LOG-UUID: 9245187507881913743 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:44 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 28 00 00 ff e1 03 31 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 32 2d 63 30 30 30 20 37 39 2e 31 62 36 35 61 37 39 62 34 2c 20 32 30 32 32 2f 30 36 2f 31 33 2d 32 32 3a 30 31 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 Data Ascii: ExifII*Ducky(1http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: cc d4 34 6e 4a 32 52 8e 0d 64 13 69 99 87 d1 ed c9 4a 29 a1 ea 70 bb 37 79 b7 7e da 84 dd 2e 47 06 99 d5 7b ab 4b 39 24 77 9b cc 67 38 79 2e b6 55 f5 25 4c df 59 63 f5 a0 5c de d8 8c 5c 9c d2 4b 36 3f 66 bf 31 3c 6b 1f dc 3b 98 da ed f7 53 ce 6b 4a 5e 67 8a a9 d1 ef 7d d7 eb af e8 83 fd 98 3c 3c 59 cc a9 c2 dc db 7e 5e af 5e b8 d4 c1 42 d4 29 91 d0 e8 29 8a 98 40 62 0b 52 54 80 b1 6a 46 06 54 46 2b 61 62 b6 50 1b 15 b0 b1 4a 20 02 02 80 10 80 00 4a 0d 42 50 05 20 68 4a 00 08 1a 12 80 2d 09 41 a8 0a 14 2d 00 3d 01 40 15 1a 6d f4 22 8a 17 da e9 37 a2 9c 47 98 e2 3c cd 83 c0 49 16 2c 84 90 58 e7 6e fe 6c 45 be ab b7 7e 43 ef 17 ee 26 0b 8a b6 1f 91 ca f7 75 9c 45 3b 4f 96 8d 51 33 6d 7e 5a 34 44 45 5b 1c 88 c9 0c 82 5a 8c f7 ba 87 b2 25 fc c7 b2 48 d5 e1 6c Data Ascii: 4nJ2RdiJ)p7y~.G{K9$wg8y.U%LYc\\K6?f1<k;SkJ^g}<<Y~^^B))@bRTjFTF+abPJ JBP hJ-A-=@m"7G<I,XnlE~C&uE;OQ3m~Z4DE[Z%Hl
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 78 9c 6f e3 97 c5 dd a7 ff 00 e4 8e ce e3 da f6 27 ef 7c ba 7a bc 8f 3b 2f fb 5b fd 36 ff 00 09 1d 63 8d 5d 2e df 63 e2 ee 93 ff 00 f3 42 fd 06 cb 8f 73 9f ff 00 99 5f b9 f6 cf 0b 32 7f f9 58 3d ef b7 78 6d a6 ff 00 f2 32 f5 fc a1 de cf b7 2c fb 94 df fe 70 3d b7 6a 4d 37 dc 27 9e 1e b1 7e a3 b0 f0 d9 cd ff 00 e4 61 fa 9e cd 85 36 33 78 fe 86 4f f9 33 fc 3b 4e 51 84 16 38 51 51 82 35 92 aa 31 f7 2d c4 6d 5a b5 45 45 2f fe a8 6b ed f3 b7 77 64 a7 94 99 1a c7 43 4f a1 99 8d 77 62 e3 07 5e 28 c8 63 67 7f 4f 14 b2 15 8e c4 66 5d 19 ef e4 cc 73 cc d9 7b 23 1c f3 25 22 5b cc b4 aa d6 65 c6 2f 2e fa 71 00 56 38 19 1b 51 32 ae 25 d3 29 e2 05 d0 c8 cd bc 34 c3 23 36 f0 db 96 dc b0 fc 45 92 e8 42 45 56 65 97 3a 51 63 86 f7 a9 62 3c 44 88 e8 8b 0c 86 02 08 56 7b ea Data Ascii: xo'\|z;/[6c].cBs_2X=xm2,p=jM7'~a63xO3;NQ8QQ51-mZEE/kwdCOwb^(cgOf]s{#%"[e/.qV8Q2%)4#6EBEVe:Qcb<DV{
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 60 df e6 8d ec c1 bf cd 19 db 85 d3 96 32 10 86 5b 42 10 80 06 47 90 49 ed ce 59 45 bf 24 4c 55 65 fe a3 29 bc dd 5d 39 1b 2e ec 77 92 c6 dd a6 da cd 19 f7 7b 3d cd bd bf bc d6 85 15 ea 4d d1 97 c6 a5 da 7c 8f db 12 8c 37 57 17 c5 34 ea 77 ee 4e 8d a6 78 cf b6 77 9a 3b e4 63 37 85 c4 e2 b9 55 9e c6 fa f5 33 a5 e8 e3 9c d4 53 f1 2c 52 6a 9e 55 33 45 8c 99 9c ab 56 aa af 2c 7f 03 44 25 e9 4d 67 1f 52 f2 31 c2 5f 97 fc 19 75 89 a5 58 bc 96 1f 81 63 35 be dc b9 70 f5 47 cb 89 aa 0f 96 59 af 23 0d a9 24 a8 fe 07 ff 00 f5 66 bb 78 2a 7e 97 4f c1 9a 66 af 5c 8c 97 e0 d5 da 9a 62 c5 bd 0a ad 44 48 a2 da d3 87 26 3a 54 6f f3 03 a5 53 5c 46 ae 09 fe 0c aa 94 ae 05 6d 34 58 b9 7e 02 4c 10 8d 15 3a a6 5a 95 44 9c 5d 48 a9 1b ad 0b 73 67 b5 bd b8 b7 bb 9d b5 2b d6 ba Data Ascii: `2[BGIYE$LUe)]9.w{=M\|7W4wNxw;c7U3S,RjU3EV,D%MgR1_uXc5pGY#$fx*~Of\bDH&:ToS\Fm4X~L:ZD]Hsg+
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 67 63 50 0e 35 cc 7a 02 86 99 53 2b 5c 8a b1 8b 35 34 24 a0 9e 65 c8 a2 a8 0e 35 1e 50 a0 b8 a0 38 9f 72 db ff 00 68 78 db 91 aa 3d b7 dc 8f fd 9b 3c 64 f8 99 dd bd 58 ae 42 86 79 3c 68 cd 97 51 9a 71 30 db 2d fe 92 bb 7d 4b cc b3 72 bd 25 56 53 d5 1f 32 26 5e be 5d 4f cc 00 93 f5 3f 30 54 8e c2 d9 46 e2 2a 70 69 96 b6 24 c9 47 97 dc da 76 ee b8 f0 24 16 06 ee eb 62 93 53 46 35 82 35 d9 ca cc 55 b0 e9 20 61 d2 43 9d e5 df 5e 20 37 5c 0d b6 a2 e3 6d 44 c9 6e 3a e7 44 8e 8c 21 81 cf dd 78 8e df eb f7 bf 92 a8 9a 6c 58 d6 d2 11 5b 36 59 6a 29 61 89 e7 b5 e8 c2 bb 9b 57 07 90 8a d1 d0 94 a3 72 dd 1a c4 ad d9 8a 4a 98 b3 37 65 d7 86 55 6c 65 68 d1 1b 32 ae 45 9e c9 3c 95 89 db 22 83 36 7b 20 f6 58 f2 19 d5 b2 c8 c0 b9 5a 1e 36 89 6a 2e d8 6f 27 b4 d5 a5 66 85 Data Ascii: gcP5zS+\54$e5P8rhx=<dXBy<hQq0-}Kr%VS2&^]O?0TF*pi$Gv$bSF55U aC^ 7\mDn:D!xlX[6Yj)aWrJ7eUleh2E<"6{ XZ6j.o'f
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 09 b4 f2 0a 74 8f 56 7c 86 49 35 cf 9a 15 2d 31 75 ca bc 00 68 c9 d6 ad 65 c5 96 46 78 d5 60 50 92 4e aa 55 ae 43 27 8d 01 63 54 67 51 aa 66 84 9e 59 32 e5 2c 12 37 ab 16 3e 55 29 7a 9f 98 ba 8b 6e 6d ee 29 3c 38 89 ed 4b 91 ed 63 aa 29 87 dc 62 fb 72 06 99 01 62 98 7d c2 a7 19 03 10 65 77 ba 1f 75 94 55 92 ac 19 ad 0a f3 0f bb e2 67 ab 26 a6 17 2d 2a e8 7d cf 13 32 61 d4 c1 96 95 73 c4 65 73 c4 cb a9 85 49 91 72 d4 ae 8c ae 99 14 86 52 60 cb 52 ba 37 ba 64 d4 c6 8d ce 60 cb 5a bb e2 3a ba cc 6a e2 19 5c 5c c6 0c b6 2b a3 c6 e1 89 5d 4b 88 56 e2 1c 5d 06 0c b7 c6 e0 ea e9 cd fa cb 6b 89 3f 90 b7 cc 19 74 fd d1 d5 d3 8f fc 92 16 5d ce 5c 10 32 ee 7b ac 65 78 f3 cf b9 de 79 15 fd 76 e2 5f 13 09 98 f4 df 53 18 fc 40 fa eb 4b e3 47 97 77 af 4d d1 c9 b1 ed eb Data Ascii: tV\|I5-1uheFx`PNUC'cTgQfY2,7>U)znm)<8Kc)brb}ewuUg&-*}2asesIrR`R7d`Z:j\\+]KV]k?t]\2{exyv_S@KGwM
2024-07-20 07:21:44 UTC	9893	IN	Data Raw: de 6c 3d 5b 7d d3 9a 59 46 45 32 ee 5f 71 ed df ee ed e3 75 2c da 29 87 b4 8d c4 d6 0c 35 3c 5c 7e eb 95 bf ee f6 b3 b7 e2 93 36 ed fe e8 ed 97 7d 3e f3 b5 2f 1f fe e3 af c2 61 e9 ea 13 9f b7 df 46 e4 53 84 e3 71 3c a8 f1 34 c7 71 cd 3f 30 8b 9d 09 81 5a bd 07 93 19 4e 3c c0 70 61 c5 03 54 78 32 55 00 74 c5 f0 15 db 80 48 00 f6 e2 0f 6e 3c 06 a8 2a 0e a5 76 d1 3d a4 35 59 2a 17 34 8e d2 e6 0f 67 c4 7a 92 a0 cd 27 b3 e2 0f 65 73 1e a0 60 f2 a5 f6 a3 cc 3a 54 72 25 58 6a 0b 6a 47 0e 03 a9 09 50 a0 86 a9 2a 00 80 48 0a 92 a1 04 04 a9 0a a0 15 98 2a 4a e2 11 f3 c9 3f 53 f3 05 41 24 f5 3f 30 54 f3 bd 4e 57 73 95 6e a5 c9 18 59 ab 7f 3d 57 df 25 81 94 b3 86 6f 25 79 91 13 88 4a 80 b3 08 10 58 10 20 41 20 81 88 38 86 21 51 e6 34 05 79 8d 00 1a 5d 22 47 32 c9 74 Data Ascii: l=[}YFE2_qu,)5<\~6}>/aFSq<4q?0ZN<paTx2UtHn<v=5Y4gz'es`:Tr%XjjGPHJ?SA$?0TNWsnY=W%o%yJX A 8!Q4y]"G2t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	49821	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	390	OUT	GET /im.qq.com_new/f2ff7664/img/scene-bg-x.6a1a9834.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	483	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "06e40876e3d85a102b955a1bce327e7f" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 181293 Accept-Ranges: bytes X-NWS-LOG-UUID: 15947197045576046445 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:44 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 80 00 00 04 38 08 06 00 00 00 e8 d3 c1 43 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDR8CpHYseiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: d6 06 f1 37 1e e5 f7 9f b5 a1 0a f6 b1 ac 97 e9 85 df 3d 04 a2 e1 52 1c f5 2c 60 ec eb 47 22 cf 0f c2 6f 0e a2 e5 b5 bc fc b6 98 ab d3 48 61 63 bd cf 49 79 fa e5 ab 7b 38 0e 8f 48 62 70 c0 7b 28 7e f1 8c 06 fe b2 cb f3 81 53 61 29 d0 6a db 41 04 d6 61 6f fd a6 9e f7 41 00 06 00 80 4b 78 0e 30 88 81 f8 3b 04 c2 2f 48 43 5b 7c 43 35 1c 33 55 24 a9 a1 0d 11 12 1c 83 ec 6a 33 89 97 35 83 a8 aa d5 8e 1c f7 dc 4e b9 7c 67 41 f7 66 87 97 97 75 7d 1d 9e 6f 5e 44 0c fe 23 aa 18 ec 35 93 79 3c 1f 78 e6 d9 7a 26 81 f6 61 47 5b 04 7e 06 a1 52 87 a3 b5 7f f5 fa 46 00 06 00 00 88 00 5e 8a 20 10 f5 ab 09 62 a3 1f d4 fd 2b 54 c7 31 9e 75 b3 64 d4 6f 2d 27 1e b0 e5 84 df b3 37 02 79 78 32 08 bf 9a 20 fe d6 d1 9e 07 62 89 ee 94 85 f5 70 38 e6 45 0c 76 ee 1b 91 ba 68 c4 e1 Data Ascii: 7=R,`G"oHacIy{8Hbp{(~Sa)jAaoAKx0;/HC[\|C53U$j35N\|gAfu}o^D#5y<xz&aG[~RF^ b+T1udo-'7yx2 bp8Evh
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 6c 8f e1 5d 4f 08 c0 00 00 00 a0 42 3a f1 57 34 15 8b 44 cf d3 75 17 09 3a 32 60 91 e7 6f 51 4d df d2 b8 f8 eb de 82 87 54 0b 93 d0 45 73 d5 5e 7d e1 56 f7 b1 1e 62 a7 59 59 31 03 29 98 51 9e f2 12 d0 d3 62 2d ce 0c a7 a5 10 6d d8 4d a9 78 6f e8 78 70 19 17 61 75 f9 83 7a 05 cb d1 0b 86 79 34 9d 4f c2 7b c8 3f 95 80 72 fc 96 39 dd 4e dc 00 79 0f c1 7d cd ba a8 87 8c d5 e4 35 ac 76 05 59 83 be 86 10 9c db 9e 87 10 7c 69 4f 30 53 41 b7 1b e6 78 2f f7 e1 b7 1b 41 18 bf 2a 1d 03 01 18 20 3a 44 01 03 1c 13 c6 33 1b 9b e9 8e 7e d6 22 65 3d 05 cd 74 50 f1 d7 6a 30 74 59 41 f8 ed 62 b6 e9 4d eb 06 94 cb 74 87 04 26 39 6c db b3 5c bc 2b b3 ff 16 8f 1e 3e 89 0e b6 26 9d f0 7b f4 e1 5b dd c7 44 69 49 b4 c1 bb 56 aa de a9 ef 34 43 65 77 f4 0a 36 09 d6 6a c7 a9 06 e0 Data Ascii: l]OB:W4Du:2`oQMTEs^}VbYY1)Qb-mMxoxpauzy4O{?r9Ny}5vY\|iO0SAx/A* :D3~"e=tPj0tYAbMt&9l\+>&{[DiIV4Cew6j
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 1c b4 e6 ab 3f 65 b6 08 e0 85 85 85 5b 62 ed 16 5e f8 80 b5 2a 73 4d 94 f1 bd bf c4 92 b3 d8 64 0a a0 57 ba 5e 6a 1d 92 2a 05 f8 82 9e a4 1d 4a b7 d7 23 9f bd 38 75 95 5e cf fa 63 90 6a 6a 73 ac 37 48 d0 e5 0b 50 e7 9d 64 2c b7 d3 3a 21 b4 db 37 ca cd 94 b5 41 30 0e 1f b0 09 b5 96 fe 15 b9 44 4f 00 aa fd 82 70 01 56 6d 33 08 74 f9 c6 28 88 ed 2c 8b f4 03 0c 46 b6 24 6a bc ed b0 70 b1 35 20 1e 8d b6 68 4a 9e 72 db 24 d6 99 0d 6a 13 01 2d 09 5c cb 6f 58 16 8e d5 bb 7a 7a 8f fc 2b 20 f7 26 81 7f 70 89 79 40 bd 9e 55 ce 8a e1 df 6c 0f 41 02 bf 93 97 72 87 36 a1 e9 63 70 25 73 d1 14 14 b8 99 c3 5e 94 dd 6f 21 82 7f b0 56 df ef 83 45 00 2f 2c 2c 7c 30 6f 01 0e 87 3d 31 bc c8 e0 1b c1 75 c5 10 48 fe 5a 30 20 7f fd 6d ba 08 4c 51 89 d1 ef 4d fe 92 a3 6e 96 09 79 Data Ascii: ?e[b^sMdW^jJ#8u^cjjs7HPd,:!7A0DOpVm3t(,F$jp5 hJr$j-\oXzz+ &py@UlAr6cp%s^o!VE/,,\|0o=1uHZ0 mLQMny
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 1b d8 86 46 97 36 d1 0e b3 3e 0c 92 79 4d 21 d1 7a 91 f1 bf e8 4a d6 3f 46 d6 b5 e8 47 43 47 ec 06 0e 32 31 c1 56 ac 25 f5 4e e0 52 a6 b5 a7 f3 bc 60 ed 0a d6 61 11 c0 0b 0b 77 84 79 75 01 09 bc 33 b5 f5 b8 67 10 c2 3f 68 c5 cb 92 a1 87 92 bf 2e f6 85 c2 53 7d e0 96 e3 68 e1 af c4 03 45 b2 a1 f9 55 28 41 8a 76 0e 53 65 85 a7 3a 89 c7 52 a4 3e 29 04 b4 dc 0e 5f 70 6a 81 2a 6f 4b 64 a6 9a 9b dc 08 c4 38 cc 89 ed 84 f7 34 79 ca 78 a7 1f 2b ac cc ad de 5f 50 ef 43 05 ca 1c 15 c8 48 44 ad bd c8 26 3f b4 d5 7c 9f 2e 8e fc 3d 9a bb 12 c1 d0 38 32 18 13 51 de 9c 1e 09 0d 9d 26 bf 74 b2 8d 6b 8c 39 b7 dd 83 60 e4 0a bc cb 63 90 c1 8a 2b 71 49 3f 6d 00 dc 38 c0 ef 85 6d 24 f0 db 58 d6 25 92 09 f7 27 89 f0 9e cb ff ba 17 40 60 f5 cd 30 6b 8f 80 2b 66 68 13 03 d9 43 Data Ascii: F6>yM!zJ?FGCG21V%NR`awyu3g?h.S}hEU(AvSe:R>)_pj*oKd84yx+_PCHD&?\|.=82Q&tk9`c+qI?m8m$X%'@`0k+fhC
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: b0 50 8f 12 2c 12 b8 94 a1 c1 50 9f f6 09 4b 19 f6 cd 19 e9 90 4b 1e bb 73 a0 39 24 30 0a 50 32 b9 e0 10 1e 33 27 22 38 92 04 2e 25 be 9e a5 b0 7b 3b 22 78 91 c0 7b 2c 02 78 21 08 da cb 58 a1 95 18 33 b9 f0 84 3c 9b f3 b0 88 df be 3c 26 3e 10 35 08 e2 97 71 9a 8d 87 3d f6 d9 a6 47 27 88 7d f4 33 5d 93 dc ba 8f c3 38 ff b3 a0 d4 8c 33 32 3e e2 55 bf c6 99 db 95 d9 bd 07 52 ef 78 ab 48 a0 22 87 89 fc 15 88 e6 2a ed 73 9f 37 5e d8 f2 f1 60 90 46 68 f8 93 9c b1 50 2a d2 37 01 72 1f cf 12 5b 27 2d 5b 69 4b 95 48 9c 95 78 33 90 8f c4 3b de df 59 cb 5b b0 69 ce 13 36 a6 8c 00 ff a7 24 82 c5 e5 5c bd d1 e2 74 92 a1 e6 70 6c 77 70 43 11 cd 5d 7f 15 ea 06 3e b2 74 ec 3e f7 bb 81 0d ca e2 49 64 6b 1b 04 90 c0 2a 79 41 bc a8 75 10 75 b3 8b 2d 04 10 fb 3f c8 46 04 a3 Data Ascii: P,PKKs9$0P23'"8.%{;"x{,x!X3<<&>5q=G'}3]832>URxH"s7^`FhP7r['-[iKHx3;Y[i6$\tplwpC]>t>Idk*yAuu-?F
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 23 dd 17 a3 cf db 13 6c 97 a8 92 f0 4d 2c 42 66 89 87 a4 0c f7 29 02 4a 40 8c 9f 93 6c 48 13 d0 60 f9 d7 a9 3d 40 62 00 3c e5 fc 15 c0 14 22 1e d3 1d a6 71 9b 61 e2 23 bd 46 dd 2e 9f 40 80 64 a4 fa 1d de 16 10 42 d6 37 27 d9 45 a4 22 50 37 62 1e 23 96 41 87 bf 0a 72 dd 5c 64 ca 0b cb 0b 6c 58 0c d1 b9 72 30 82 22 bf 0b fc b1 14 b0 b6 e5 05 0c 54 ac 6c c4 41 84 7c 38 ae 00 32 cd 28 e2 82 33 54 7a 3e a3 52 d7 17 82 a1 8c ad 0d 32 27 00 ea 0a 00 b8 fb 1f 0a d2 b2 df 9f 00 6e cc 81 ee 50 cf f1 a4 1e a3 7a 39 a3 ed 9b ad de 4d 9b 1b 68 67 08 5f fe 5c 68 96 1b 45 fe f2 93 06 af b2 e9 f2 4f 56 1e 78 7a 7b 46 b9 1a c4 86 df 89 20 17 9f 1e e5 87 6d 78 2a 84 bd 65 09 df b0 bd 95 4d cb e9 6e 7e 75 38 91 44 11 d8 99 ce b0 7f a6 7d aa ca f2 64 04 21 68 f3 da 92 8e 18 Data Ascii: #lM,Bf)J@lH`=@b<"qa#F.@dB7'E"P7b#Ar\dlXr0"TlA\|82(3Tz>R2'nPz9Mhg_\hEOVxz{F mx*eMn~u8D}d!h
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: c3 46 93 ef 5c 88 4f 3e e8 83 06 8d e9 20 09 8b d1 d2 7a 43 c8 09 ed f3 82 d3 3d 16 07 c4 ed c2 20 77 fd 8c f1 ce 21 47 14 31 3b 8a 0c ad cc bf b1 f4 3a 88 28 a4 56 99 40 13 99 1e 40 2f 01 cc e5 a5 bd 2c a1 bc cb d4 2e a4 bc 10 0a 42 f4 d5 7d fe fc 99 82 58 42 15 53 48 8e cd 24 be c1 51 bc d8 f1 e1 44 a5 18 60 17 54 43 ce 75 87 a5 16 5d 8d 04 ce 84 e7 98 f5 18 12 78 96 60 f8 c1 64 c5 81 a2 7d 33 1e 8a d4 59 93 be b5 d1 04 70 43 88 1e 0d 58 68 37 d5 00 68 a1 29 d3 69 54 38 f3 8e 68 c3 19 63 54 5a 85 d7 3f c3 3c 45 a2 cb 5e ea 4a c9 6d 42 57 68 2b 2d 26 d2 37 1b 6c a2 8b 99 10 e5 02 0e 69 7b fa 53 0e 74 f0 db fc 18 75 2a 63 e3 01 62 3a 03 18 29 6a 7e 9d 35 89 ee 89 dc 82 22 9b 54 ca 0f 25 bc 5d e6 c9 63 a5 ba 7c 78 80 8f a8 d3 b8 c4 be c8 14 66 b0 fb ae cc Data Ascii: F\O> zC= w!G1;:(V@@/,.B}XBSH$QD`TCu]x`d}3YpCXh7h)iT8hcTZ?<E^JmBWh+-&7li{Stu*cb:)j~5"T%]c\|xf
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 2d 9b d8 17 82 13 b5 12 d9 9e 76 d3 db ef 77 79 2b da bd bb 5e 94 f0 81 20 e2 14 f0 41 10 b8 9d 04 8e f2 b5 a3 6d ab 22 8f 45 9f 39 8f 41 a8 ba 6d 65 b7 29 a5 7e d8 ac b5 f8 29 60 51 39 9d 6d 19 5e ce 56 de 43 f6 29 9f b4 7d 08 39 29 ef e0 af a7 90 bf d1 18 65 47 af b7 f0 ff e0 55 67 ff 08 e0 1b 47 67 f5 fb 63 a2 c9 df e1 d1 be 6c bc 30 e8 42 af 04 c2 6d 1f c3 59 70 2b 89 75 c9 80 fd f4 43 4b e0 ad a3 cc ae 9d f2 91 26 93 02 9e ad 00 25 7b 1d 65 15 72 89 b1 0b 91 d9 5b f6 14 4b 0a 4c ac 49 1f 26 69 34 66 c0 e8 7b 18 e1 9b 61 95 c9 4f 20 2a 9c 84 a9 74 0a 18 fd 6a 66 b6 0e 80 3e 1a 24 df 9f 80 e3 cb 21 f1 18 5d a7 d5 41 b7 17 c4 72 7a 06 25 01 cf df d3 f9 74 a6 85 10 b0 2c 4d fe ce a3 b3 a1 87 f7 fc f4 ff 38 e4 6f 83 8b 26 7f a1 18 ea 69 b3 6e 29 b7 78 e2 Data Ascii: -vwy+^ Am"E9Ame)~)`Q9m^VC)}9)eGUgGgcl0BmYp+uCK&%{er[KLI&i4f{aO *tjf>$!]Arz%t,M8o&in)x
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 15 2f 40 7e 25 cf da d5 56 d2 fb ae ef f7 bd 25 fa 3d c2 7a 18 e7 39 ca 11 c6 1d 51 d7 ff 04 2e 75 c2 d4 4c c4 36 43 3f 44 e6 04 aa a4 d3 70 c5 06 7f ad 61 ad 23 b6 b8 bc 33 c8 43 a2 62 c0 16 c9 55 2d b0 9d d9 2e 10 f9 b5 32 2b cc 1b 7a 6e dd d0 a0 03 c0 97 c4 a4 41 e0 46 a3 d1 48 84 78 1d ac fb d8 5f d8 0d 51 2b 40 8b ad d8 98 b2 cd ef 8c e2 3b 90 e9 f5 67 9c 70 7f aa 35 47 d9 20 30 89 0e ab f9 5e 13 30 d9 d1 ba 8d 51 e7 a6 bc cd 0e 65 df 36 1d 90 8d b3 41 59 5b df 70 47 32 af c8 a0 46 7d e3 1d df e6 f9 4d b0 ed 42 16 6d 2d 81 e9 49 a7 72 95 83 bf 5e 75 5e 59 c7 6a 41 a2 35 df 37 14 ed 7e c6 40 11 02 5a bd 59 f9 e8 f3 27 ce 4e 7c a6 8a 75 53 b5 3d 56 02 b4 4d 2a c8 b2 82 bf 0d 3f f4 7b 80 fd d1 01 e0 cb a2 bb a7 46 03 0e 70 b3 72 1f e3 aa 5f f1 de 12 85 Data Ascii: /@~%V%=z9Q.uL6C?Dpa#3CbU-.2+znAFHx_Q+@;gp5G 0^0Qe6AY[pG2F}MBm-Ir^u^YjA57~@ZY'N\|uS=VM*?{Fpr_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	49825	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	676	OUT	POST /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Content-Length: 578 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / Content-Type: application/json;charset=utf-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	578	OUT	Data Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 39 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 62 53 6e 50 54 4d 38 37 52 54 41 54 65 41 62 44 64 4d 32 44 78 6e 77 77 54 30 48 70 6b 37 69 30 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 5f 31 37 32 31 34 36 30 30 39 35 36 36 37 22 2c 22 41 31 30 Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.9-web","mainAppKey":"0WEB04SGH543EALS","platformId":3,"common":{"A2":"bSnPTM87RTATeAbDdM2DxnwwT0Hpk7i0","A8":"","A12":"en-US","A17":"128010241","A23":"","A50":"","A76":"0WEB04SGH543EALS_1721460095667","A10
2024-07-20 07:21:45 UTC	620	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:44 GMT Content-Type: text/plain Content-Length: 95 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=da040b1390cacc9f0a20971d46007ee1; Expires=Sat, 20-Jul-2024 07:51:44 GMT; Path=/ Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:45 UTC	95	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 32 31 34 36 30 31 30 34 39 37 38 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d Data Ascii: {"result": 200, "srcGatewayIp": "8.46.123.33", "serverTime": "1721460104978", "msg": "success"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	49824	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	677	OUT	POST /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Content-Length: 1230 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / Content-Type: application/json;charset=utf-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	1230	OUT	Data Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 39 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 62 53 6e 50 54 4d 38 37 52 54 41 54 65 41 62 44 64 4d 32 44 78 6e 77 77 54 30 48 70 6b 37 69 30 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 5f 31 37 32 31 34 36 30 30 39 35 36 36 37 22 2c 22 41 31 30 Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.9-web","mainAppKey":"0WEB04SGH543EALS","platformId":3,"common":{"A2":"bSnPTM87RTATeAbDdM2DxnwwT0Hpk7i0","A8":"","A12":"en-US","A17":"128010241","A23":"","A50":"","A76":"0WEB04SGH543EALS_1721460095667","A10
2024-07-20 07:21:44 UTC	620	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:44 GMT Content-Type: text/plain Content-Length: 95 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=1f390918b9ad8366a7a8f2487c57475a; Expires=Sat, 20-Jul-2024 07:51:44 GMT; Path=/ Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:44 UTC	95	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 32 31 34 36 30 31 30 34 37 36 38 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d Data Ascii: {"result": 200, "srcGatewayIp": "8.46.123.33", "serverTime": "1721460104768", "msg": "success"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	49819	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	664	OUT	GET /im.qq.com_new/f2ff7664/img/page-1.9d39f9ad.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "1802ab075609934b68b194238808e6da" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 186062 Accept-Ranges: bytes X-NWS-LOG-UUID: 4910068892192894088 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:44 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:44 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 64 00 00 06 38 08 03 00 00 00 c6 42 fe d1 00 00 02 fd 50 4c 54 45 00 00 00 07 39 7d 00 3a 7d 00 3a 7e 00 3b 7e 9b b3 cd 39 62 8e f0 f1 f3 e3 e7 ed ff ff ff f6 f6 f6 ef ef ef 01 00 00 e9 e9 ea dd dd de 00 9b ff f6 ed eb a7 a7 a8 f5 e4 e2 10 11 14 ff b6 11 d4 d4 d5 22 1f 1e 5f 5e 5e 82 7f 7f af b1 b3 9e 9f a0 16 19 24 89 bc ea 3f 41 40 39 9d fb cb ca cc c1 c0 c0 bb ba bb 2a 2f 35 53 a8 f8 92 bf ea 36 33 3e 24 27 31 31 2e 39 4d 9d f1 39 96 f4 1c 1f 32 4b 4f 5c 44 47 54 37 38 47 fe fc f2 e5 e2 e3 b1 ce ed 72 6d 6e a4 cd f6 71 b7 f8 27 2a 45 a8 c8 e9 81 b6 e8 d9 e2 ee 90 8c 8d be d3 ec 9c c4 ec 3a 40 54 68 6e 7d 50 4b 51 3d 43 60 42 3f 4b 4d 5f 84 51 59 75 cd da ed 46 4d 6a 30 99 fd 28 3b 3a 62 5b 69 5a Data Ascii: PNGIHDRd8BPLTE9}:}:~;~9b"_^^$?A@9/5S63>$'11.9M92KO\DGT78Grmnq'E:@Thn}PKQ=C`B?KM_QYuFMj0(;:b[iZ
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: aa 66 53 34 50 86 ab bb 23 e2 5d 1e 65 d4 a8 29 e4 67 85 31 ec d9 1c 1e 84 49 e4 72 91 08 0c 2c ed 2a 1e 04 8c f9 f3 c6 cc ec e7 df d5 f7 01 13 84 93 ad 30 aa ea a0 6f e3 99 17 c2 7a 66 43 8c ac ee 4d ab c2 ae ea 38 58 a6 4f 6d 9e db ea 03 8a b6 7a ab 2f 3b 0a e1 d4 d6 c5 7c af f2 bd cc cf c8 f4 c5 70 dd e3 54 b8 58 a8 d6 32 e6 0b 93 4c f6 6f 6c f4 6f 1c 1e 6e 6f 6f 5f 1a 1b 43 b8 68 a9 32 1e f6 10 0e 61 0d a9 da e4 e4 b3 23 17 9e 7d f3 f2 4b 37 dd f7 d4 73 8f 3e 08 c8 2e 34 82 b0 08 90 2f 67 67 a4 88 ef 50 0f 53 05 71 ce ef aa 14 ae fc f4 1b 10 13 b5 fa 98 2e b7 e3 21 46 c6 b8 cb 7b 18 b9 5a c8 8a 62 a2 c9 a6 9d e6 01 6b cb 83 26 41 86 22 61 c9 2d 8c 2a 7f f9 25 88 c9 b1 f4 61 eb 89 f8 11 bb 10 d1 26 20 73 98 09 63 a4 4c 10 03 55 d4 22 88 e2 9c 2a 9c 20 Data Ascii: fS4P#]e)g1Ir,0ozfCM8XOmz/;\|pTX2Lolonoo_Ch2a#}K7s>.4/ggPSq.!F{Zbk&A"a-%a& scLU"*
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 66 31 34 25 90 91 0c bc a1 20 d3 0d 83 a9 28 b9 e3 3f 45 ae f0 3f a3 05 ed a4 31 bd e6 ed ee c6 7a ab 82 7a 76 da 6d 6f bd d5 07 ac c8 18 f5 db 7c 46 9d 42 99 cf 93 8d 9f 3b 1d 8c 4d 8f 60 fe 32 74 86 f2 b2 69 2b 4e 29 c4 04 b3 f6 1d fb 40 d9 e4 0c 44 8a a2 f5 76 6a 9a 75 1f 82 18 2f 94 58 75 c2 c9 40 59 db 1f 5e 03 62 b6 17 48 17 92 89 ef d8 98 95 35 0b 07 b4 a5 bb a5 13 d9 ca 9e 81 3d 1c 5c a5 a6 ee d9 d9 9c 06 c8 70 a2 e3 db 53 9f 9e 53 31 70 ae 78 4a 4d f5 1c 0c cb 40 9b 66 ec 01 19 2b 04 63 97 19 2b f2 ad 7e f6 98 8b 60 84 fc 8e 77 6c 0c 0d aa 94 0a f5 c7 4e 8c 8d 11 f0 64 8c a6 e7 a7 47 b4 0f 4e 7c 02 ad 53 d7 b0 aa 37 94 87 95 0e 16 81 97 48 30 33 10 1a 23 2b 55 88 6d 58 99 9a 9b ef b5 83 32 01 4d 43 66 8d 6c ec 69 b2 47 cd 92 d9 31 d9 78 8e cc f8 Data Ascii: f14% (?E?1zzvmo\|FB;M`2ti+N)@Dvju/Xu@Y^bH5=\pSS1pxJM@f+c+~`wlNdGN\|S7H03#+UmX2MCfliG1x
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 6e d8 3c 8e ed 64 b3 80 0c 0e 86 06 ab be 76 76 f5 8a 42 58 3d 63 0d bf 99 34 36 a7 d3 8d b5 e9 5b eb c9 fd d9 b5 82 67 a3 ed ed 20 ad b4 3a 7c a8 73 fe b1 37 ab e2 c4 34 f1 02 5c aa e3 43 28 13 ce 04 29 bc c6 3b c3 99 79 29 b0 4d a2 d2 31 5c ed 1b d3 46 36 8c 32 3e 20 23 66 fc 8e f7 64 7b f6 a4 e4 af 9a 04 13 2a 7a 19 47 7a 90 31 5d bf bf 23 9c c9 69 d3 5c 50 ac ac 97 ab 25 26 e4 a3 12 96 3d 01 b2 2a ca 87 13 94 09 64 de 38 e4 55 9c e1 d4 32 90 d9 e7 74 db 1a 84 b7 68 5d 34 5d 17 6f ba b5 ca be e1 c5 32 d3 ff 62 16 be a6 ec ff 05 19 ad cc 54 f0 95 93 01 94 14 93 a6 58 8c c3 a9 c4 cc a2 b5 27 49 98 38 d9 2e 71 32 29 df 4b 71 d1 e5 27 64 75 29 b3 44 23 29 99 66 2c be eb 22 be f5 6e 4a 1c 07 ea 2c f7 f6 42 20 8c 8c f1 95 22 6b 61 82 e2 ab a1 0a d5 f4 11 c3 Data Ascii: n<dvvBX=c46[g :\|s74\C();y)M1\F62> #fd{zGz1]#i\P%&=d8U2th]4]o2bTX'I8.q2)Kq'du)D#)f,"nJ,B "ka
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: d0 cc ec 93 e5 30 cb 2d d3 2d ca fe b7 04 3e 67 84 6c 5a 00 16 11 5b b2 5e 36 01 bf 14 20 2b 97 89 16 a7 21 9b a4 49 cb ed 4a 91 57 ab 07 69 d4 3b b4 26 50 66 d6 c7 61 df 68 33 ba e4 63 e2 ab a8 43 3d 08 db b8 9f 99 9e 0e d9 19 6f 2f 61 d6 9d 37 c4 54 cd c5 2a a4 c7 ba 3f 10 64 6e 64 07 13 20 43 69 0a 62 5b 5a 68 c6 09 03 31 17 86 e6 bd b4 0b 74 b8 cc a7 93 64 03 a6 86 0d 70 d3 db 38 e9 0d 55 8b a4 26 12 26 3d 0d 64 52 30 b2 91 20 cb 10 3b 3c 75 b1 be c6 2f 6c e2 79 76 be 83 6a 8f fc 89 31 4e dc 8b 7b c7 cc f8 58 ac d3 8d 82 2a 93 4d 1f 45 3c c6 ba 6d 8a aa 66 62 b6 07 a8 8b e0 af a9 ff a0 20 eb 94 99 c2 a4 32 d7 62 f5 2e 21 c6 99 19 99 d8 ba cf c4 56 80 c4 97 f7 82 d3 bd 8f cd 56 be 4f 16 83 45 4e 9a 3c 61 b3 97 10 be 36 b8 c2 69 4d ec 0a a2 7f eb 64 53 Data Ascii: 0-->glZ[^6 +!IJWi;&Pfah3cC=o/a7T?dnd Cib[Zh1tdp8U&&=dR0 ;<u/lyvj1N{XME<mfb 2b.!VVOEN<a6iMdS
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 1e 4e 87 00 b0 9d 04 5e 00 67 eb 6b 83 53 2a 13 c8 6e 12 65 86 8b 64 64 85 ae 76 e8 8e bd 2d 6d ab 2a eb f4 13 27 48 52 76 4c b7 17 d8 6a 90 fa 3a d7 b3 b2 50 05 b7 98 4a 02 92 ad 68 99 35 24 a2 35 ce b0 05 22 30 86 aa 13 43 86 09 04 d1 4e 24 61 88 18 15 8a 39 5c ec db 19 9e e2 52 08 1e 21 0d 59 e0 4b 02 5a 6b a3 25 27 13 55 fd b1 8b 93 dd c8 8e e4 71 43 43 3e 04 ae 46 99 94 ad 08 17 eb 90 bd fa 85 86 4c 73 76 af 18 16 3c a8 6a 39 7a f1 75 0c ab a2 02 fe 74 7e 56 fa 98 40 d6 b9 ba 68 e5 72 40 c5 0c 89 a1 50 ce e5 c1 ce 12 1f bd 9d 44 1d 7c d0 0f 33 cf d1 90 f1 a1 3f 45 4f 14 eb c8 7a ca 0f 20 05 04 61 0a 46 7f ab 1d d1 6b 7c d7 9d 8c c4 90 71 9d 2d 21 81 29 2f 48 48 f0 13 6c 58 6a 47 89 4e 50 6c 8a 68 55 14 59 9c 93 39 4a ad 3f 4f 96 93 87 d2 e9 c1 1c ac Data Ascii: N^gkSneddv-m'HRvLj:PJh5$5"0CN$a9\R!YKZk%'UqCC>FLsv<j9zut~V@hr@PD\|3?EOz aFk\|q-!)/HHlXjGNPlhUY9J?O
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 5e 99 36 ba 8a cc a6 26 85 4f ff 4f 3d 84 88 e1 b3 49 18 a8 8d 18 f6 c9 62 0a 89 ba 37 98 ef 41 cb 65 a6 8c 12 9a 2f 63 c9 a6 d3 b1 37 65 e7 e7 e7 87 65 99 83 21 eb 15 04 19 62 86 22 d6 3c 64 2b 7d c8 c2 fa f3 93 e3 b5 c7 3f b8 bb b9 51 de d5 f6 ad e1 c6 30 a7 10 7e f3 ca e8 0e b1 80 59 fb 89 8b 25 22 f3 15 11 a7 d4 41 1b de 31 20 c6 d5 6d 8c 99 0a 96 14 d7 56 d3 60 1b d9 c5 06 64 95 c9 d0 28 46 43 d1 a4 d4 39 ff 5b 92 af 6a 16 3e 90 69 b5 97 e6 49 25 61 e9 1b 5c 65 54 ac cb aa af 9c 73 64 6d a2 92 d6 ca f0 66 ce 82 22 7f 8d 1e 1c 93 f0 ca 12 cd 1b 95 63 8b 7b c1 a1 05 67 9a d5 98 5b 56 43 aa b5 4c fe b3 ba 07 a3 c3 3d a3 db 98 2d 9d 81 80 74 bd a8 b5 c2 98 8d 2b da 5a f1 7b 42 6c 41 cd 2e 19 41 b6 f3 0f 7b e7 0f da 44 14 c7 71 15 17 13 d2 45 c4 2a 4a 34 Data Ascii: ^6&OO=Ib7Ae/c7ee!b"<d+}?Q0~Y%"A1 mV`d(FC9[j>iI%a\eTsdmf"c{g[VCL=-t+Z{BlA.A{DqE*J4
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 77 3d 09 19 2a de d2 d4 28 59 0f 82 cc 03 e3 52 9d 2c ee 47 ef 18 2e 3e c6 4e 56 2b 5c 34 4d 6f 7a 9f a3 a2 61 55 53 f9 96 24 be 65 8e 0f 80 ec b7 df 80 b2 57 00 b2 d7 e6 17 8b 7b 7b 7b af 4e ee 00 60 b0 56 ca 27 84 d8 53 83 e3 c3 c3 91 71 a7 a7 27 32 31 13 7c 9c 4a e7 53 cd 8e 7b 70 70 80 90 65 12 04 19 33 26 64 84 4c 4f 7a 58 b3 1f 7a 9b ec a2 b5 9c b9 bc 2c 97 91 ae 72 f9 f2 b2 00 90 ad 08 9a 40 bd 37 b4 c9 62 6a bf b0 19 32 70 2c a5 30 43 f1 9b 5e 0d 32 32 cd 0e f6 4f c1 52 0d 25 18 32 bc 50 63 41 e6 40 ee 23 aa 40 16 c5 dc 87 3d 5c b4 4e 21 cc 94 19 44 86 a2 2c f7 93 62 64 27 b3 53 c6 4e a6 46 8b 08 d9 eb bf 7d f9 1b c4 8b fb fb d0 0f 2d 10 2b ef 00 62 00 d9 34 22 16 6c 7e 33 bc f9 d6 5b 91 66 a7 39 f5 fe 5c 69 6e 74 6d 22 95 4a cd a6 3e 03 c8 8e 20 Data Ascii: w=*(YR,G.>NV+\4MozaUS$eW{{{N`V'Sq'21\|JS{ppe3&dLOzXz,r@7bj2p,0C^22OR%2PcA@#@=\N!D,bd'SNF}-+b4"l~3[f9\intm"J>
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 49 18 03 62 de 7a b4 5c d8 e5 f2 bf 9c ca 0e c4 8c 93 36 31 8b 6a d9 c2 0c 6c a2 20 db 31 a9 95 af ed b9 fe f4 cd 9b d7 af 5f 7e 9e 4e a7 27 0e ca b3 d9 64 3c a9 f3 4f 5b cb c9 04 2a 3a cb 76 08 ce 1e 7e fc f5 e5 d7 b7 6f 5f 2f 37 1b a1 72 da 8e 84 0f 5d 78 11 49 f8 3a b6 c8 98 6d c1 1b c2 7d 03 08 bf 29 53 0e ad 5f 41 f8 37 7b e7 12 da 4c 15 c5 71 5c b8 98 4c 32 7d 8c 9d 26 91 90 b4 4b 45 4b 41 41 f0 01 22 e8 62 40 14 c4 8d 2f 04 15 dc a4 32 8a 04 8d 08 4e 35 f8 e8 58 eb 62 6a 36 ce 42 4c 21 06 12 dd 08 56 5d 28 08 01 89 e8 d2 55 95 88 0b a9 8a 88 88 0f 3c 77 ce dc 9c dc 9e dc 4e 2a 34 10 ed 7f d2 c9 bc fa 7d 88 df 8f ff 3d e7 9e 39 37 9e 06 1b b1 e4 f9 ca 00 b1 2d 6f 18 31 73 2f c2 60 f1 b9 57 ef bf 53 40 76 77 72 cb 0f bc 0d 1f a7 c9 ce 06 99 42 18 7e Data Ascii: Ibz\61jl 1_~N'd<O[:v~o_/7r]xI:m})S_A7{Lq\L2}&KEKAA"b@/2N5Xbj6BL!V](U<wN4}=97-o1s/`WS@vwrB~
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: d4 76 ab 92 8b 3e f4 cf f1 db 6d 4e 96 60 34 b6 f5 71 f5 cf f2 39 7b b1 5a a8 ae 95 40 94 fd e0 31 99 f0 95 74 d2 49 a5 cc 94 03 fd a4 e1 19 ba 74 24 41 69 93 18 00 69 c2 41 27 8b 5f 6f e1 2f a7 a4 2e ef a9 34 bf 76 d2 42 f0 79 42 07 50 32 b2 51 df 6a f0 bd ff ab 34 1b 4e 68 ad 0c 6d e1 d0 6d 6c f7 bf 18 a6 e4 f1 98 7e 9a ec ba a3 d5 2e 4e 4e 4e d6 44 21 e2 7a e0 b9 5d 17 05 90 d5 dd ba 88 17 0b 14 90 2d 16 0a 0b 4f 3d f9 d6 9d 36 40 76 9b 30 32 23 75 76 e3 97 8d 5f ae 5e 83 f4 22 0c ca 10 32 41 d9 61 4e a6 76 e7 d6 bf 3f 34 7f 5f 5c 06 c8 2e b4 aa ad bd 73 e5 73 5f 55 0b 6b 95 4a a9 1f 30 b2 93 a1 6d d1 fe 3e 8e 93 cc 8a d3 39 61 3d 89 64 c6 c9 e0 83 0c cb cc 48 ac d1 fe c8 8e 63 a4 69 bf 7f a6 87 20 63 21 fd 14 2e e6 e0 95 a4 5c 32 13 9d 4a 67 27 fe af Data Ascii: v>mN`4q9{Z@1tIt$AiiA'_o/.4vByBP2Qj4Nhmml~.NNND!z]-O=6@v02#uv_^"2AaNv?4_\.ss_UkJ0m>9a=dHci c!.\2Jg'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	49826	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	876	OUT	POST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive Content-Length: 2434 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8KhgcSm1rDSgySnP Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:44 UTC	2434	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 38 4b 68 67 63 53 6d 31 72 44 53 67 79 53 6e 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 66 32 66 66 37 36 36 34 2f 6a 73 2f 76 75 65 2d 63 68 75 6e 6b 2e 62 63 39 63 32 35 38 35 2e 6a 73 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 30 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 74 79 70 65 22 Data Ascii: ------WebKitFormBoundary8KhgcSm1rDSgySnPContent-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/js/vue-chunk.bc9c2585.js","method":"get","duration":0,"status":200,"type"
2024-07-20 07:21:45 UTC	134	IN	HTTP/1.1 204 No Content Date: Sat, 20 Jul 2024 07:21:45 GMT Connection: close Server: openresty Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	49823	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:44 UTC	590	OUT	GET /collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:47 UTC	202	IN	HTTP/1.1 403 Forbidden Date: Sat, 20 Jul 2024 07:21:45 GMT Content-Type: text/plain Content-Length: 13 Connection: close Server: openresty X-Powered-By: Express Access-Control-Allow-Origin: *
2024-07-20 07:21:47 UTC	13	IN	Data Raw: 34 30 33 20 66 6f 72 62 69 64 64 65 6e Data Ascii: 403 forbidden

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	49828	43.152.29.20	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:45 UTC	382	OUT	GET /web/im.qq.com/qq9_introduction_poster.jpg HTTP/1.1 Host: static-res.qq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:45 UTC	385	IN	HTTP/1.1 200 OK Last-Modified: Fri, 19 Jan 2024 04:35:45 GMT Etag: "7b0abe7bed4dc357226c2c4bdabcec2d" Content-Type: image/jpeg Content-Length: 81925 Accept-Ranges: bytes X-NWS-LOG-UUID: 14286948405054529708 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:45 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.29.20 Client-Ip: 8.46.123.33 Vary: Origin
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 44 00 00 ff e1 03 2e 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d Data Ascii: ExifII*DuckyD.http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xm
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 03 21 50 ae 81 20 00 95 11 fa a9 4c 60 84 4d da a0 06 7d 6d 79 4a 9a db 24 05 5a 61 2a 89 04 dd 35 19 b1 1d 69 a6 2a 3a d2 b2 9a d4 4a cd a6 13 55 9a ce aa 23 a6 99 e9 97 72 b5 1c eb 3a d3 2c fa 58 96 b2 bb ad b9 d6 7d 6d a8 c5 63 5a 61 97 6d c6 6b 2a d2 23 ad 35 19 ae 7e 9b 8c 31 ee 35 18 e9 97 7a 6e 30 c2 cb 96 a2 56 7d 37 12 b2 e9 a8 cd 63 db 71 96 3d 46 a3 16 32 e9 b8 c3 1b 3e d6 a2 58 c7 b9 f6 b7 18 65 56 0e 7e e5 75 8e 16 31 ea 37 0a c9 a8 9a c3 b9 f1 b8 cd 63 65 c3 6e 4c ba 69 18 f6 d4 4a c7 a8 d6 b0 c7 b9 88 e9 cd 62 cc 62 db 31 9d d3 4c c6 7d b5 1a ac ba 97 2d 46 2d a8 eb 6b 06 7d 7e b5 11 2a dc 4d 97 20 8b 1a 89 13 66 16 2d 80 58 55 5a 88 eb 6a 95 37 41 12 ad c0 34 9a ac 90 a9 69 4a 81 2a e8 14 ae c2 92 a0 04 8d ca 42 80 2b b1 4b 15 40 a0 00 00 Data Ascii: !P L`M}myJ$Za5i:JU#r:,X}mcZamk#5~15zn0V}7cq=F2>XeV~u17cenLiJbb1L}-F-k}~M f-XUZj7A4iJ*B+K@
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 40 64 0a f4 33 69 5e ab 72 33 a9 bd 65 70 2b d7 f1 9c 3a a3 d1 8c e9 e5 a8 a3 20 9a a1 66 98 e7 69 ca 63 52 8b 42 b3 31 8d 3c d3 17 46 69 86 8c d3 0d 19 a6 1a 33 4c 34 ba fa 25 4a a0 fa 80 fa 03 e8 1f d0 1f 40 be 80 fa a1 56 b4 c1 f4 42 cd 50 5b 70 09 96 80 04 d5 4a 9e ae 04 29 f7 60 3a 80 95 8c da 8e ab 58 ce 94 fa 98 d6 a7 a9 f5 b8 cf 48 bb 56 53 fa 09 6a 23 3e ad 54 4d ab 19 a8 ad 30 ce b5 04 56 a0 8e 96 31 62 2e 95 96 5d 37 12 a6 ab 28 51 9f 7f fd 35 19 ac 7a 6e 30 8b b5 19 f5 b6 a3 2c ba db 51 9a 8a d2 33 ea 2c 65 9d 8d 08 ab 12 b2 b2 61 b7 26 76 61 a1 16 4c 28 ca c6 b5 ce c6 7d 45 4c 47 52 61 a1 97 52 7f 1a 95 8b 11 d4 6a 30 ce b4 ac fb 8b 12 b3 c3 4c e3 3e b6 d4 66 b3 ea 46 a2 33 b1 63 36 23 11 a6 31 18 5d 31 16 4c 35 19 ac be b4 e5 b5 3d 63 0b 1a Data Ascii: @d3i^r3ep+: ficRB1<Fi3L4%J@VBP[pJ)`:XHVSj#>TM0V1b.]7(Q5zn0,Q3,ea&vaL(}ELGRaRj0L>fF3c6#1]1L5=c
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 8b 19 2c 28 00 80 80 ae 96 09 54 14 66 a6 ab 04 00 13 d4 d1 12 a6 34 85 d4 c8 22 cf aa c7 50 95 0c 0b d4 5c 54 54 c0 7a 6b 19 f4 28 b6 a3 d4 6b 1c c5 eb e1 82 43 47 a9 21 87 b4 fb 95 70 f5 a5 d7 50 67 a4 fa 94 66 0f 52 2e 2a 6d c9 80 95 01 e9 a8 cf a4 75 f6 b4 cd a9 f5 00 66 00 f4 09 69 a2 9d c3 19 f4 77 af 89 85 f8 8b 70 4f ae 70 bd 37 8d 0f 49 8b a3 d2 e1 a5 ec c6 7a fd 4f 5d 64 66 12 a9 01 81 5b 20 17 a8 03 dc 19 f4 9b 73 45 d2 ca e1 a3 30 b1 9f 50 af 48 68 f4 48 0f 4d 79 35 36 e5 64 c0 9a 4b 4b e2 62 68 49 14 65 ac 06 60 23 ae b1 56 44 bd 60 9d 18 69 e4 34 64 34 64 34 64 34 64 34 c5 00 00 00 00 00 06 50 3f 46 2e 9c ea 26 2c 57 a8 63 46 8a 72 81 e5 14 f2 0a 96 a2 c3 ca 62 9a 0b 96 23 51 5e a1 8d 4a 73 a8 8b ab 95 1a 8a 95 15 48 1c b8 05 4a cb 4a 94 58 Data Ascii: ,(Tf4"P\TTzk(kCG!pPgfR.*mufiwpOp7IzO]df[ sE0PHhHMy56dKKbhIe`#VD`i4d4d4d4d4P?F.&,WcFrb#Q^JsHJJX
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 58 d3 5e 7e a5 6a 2b 11 14 00 03 88 8f c6 ae f1 06 05 2b 30 21 2e 96 15 8d 6b 18 56 2a 62 46 53 76 22 6e 81 2d 44 a9 56 51 76 a2 7a 8b 1c aa 2c 10 bf 15 9a 9b aa b2 8c eb 72 b1 d2 2b 4c 22 c5 66 a3 a6 a3 36 26 b7 ac 79 67 76 ba cd 88 b1 a7 3f 28 ba 69 9b 19 74 d4 66 c4 5d 34 c3 3e 9a 89 63 2f d6 9c d9 f5 b5 73 ac d5 11 d2 c6 59 56 d8 67 de 9a 89 d7 c6 7d 69 a8 c3 1e f5 5a 66 b3 ba 1c ea 3b d3 a4 4a c6 ed a6 51 db 5c b9 f6 ca b6 ca 28 31 ea dc b7 23 15 1d 35 19 a8 ba 69 19 5b 72 ac 15 51 95 fd 69 96 7f 7f ad b1 62 6c f8 33 89 b8 c0 b1 1d ff 00 d5 ae 59 ef e3 1e b4 de 39 23 36 98 26 aa 23 ab 66 84 4e 73 b6 e2 c4 76 d4 67 a8 85 73 c4 75 ba a1 03 3b 6e 76 21 37 a8 2e 94 a9 54 4a a1 5d 02 39 b6 df a0 7d fc 9f 01 1f 7f 45 2e ad 9a 6a 25 46 6d db 48 00 00 00 80 Data Ascii: X^~j++0!.kV*bFSv"n-DVQvz,r+L"f6&ygv?(itf]4>c/sYVg}iZf;JQ\(1#5i[rQibl3Y9#6&#fNsvgsu;nv!7.TJ]9}E.j%FmH
2024-07-20 07:21:45 UTC	5	IN	Data Raw: d6 6a bf ff d9 Data Ascii: j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	49830	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:45 UTC	386	OUT	GET /im.qq.com_new/f2ff7664/img/poster.712f34ab.jpg HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:45 UTC	484	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "e7ce14171ebad4b5eb07fb8a70e65f09" Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Length: 108197 Accept-Ranges: bytes X-NWS-LOG-UUID: 13102478466935904266 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:45 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 28 00 00 ff e1 03 31 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 32 2d 63 30 30 30 20 37 39 2e 31 62 36 35 61 37 39 62 34 2c 20 32 30 32 32 2f 30 36 2f 31 33 2d 32 32 3a 30 31 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 Data Ascii: ExifII*Ducky(1http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: cc d4 34 6e 4a 32 52 8e 0d 64 13 69 99 87 d1 ed c9 4a 29 a1 ea 70 bb 37 79 b7 7e da 84 dd 2e 47 06 99 d5 7b ab 4b 39 24 77 9b cc 67 38 79 2e b6 55 f5 25 4c df 59 63 f5 a0 5c de d8 8c 5c 9c d2 4b 36 3f 66 bf 31 3c 6b 1f dc 3b 98 da ed f7 53 ce 6b 4a 5e 67 8a a9 d1 ef 7d d7 eb af e8 83 fd 98 3c 3c 59 cc a9 c2 dc db 7e 5e af 5e b8 d4 c1 42 d4 29 91 d0 e8 29 8a 98 40 62 0b 52 54 80 b1 6a 46 06 54 46 2b 61 62 b6 50 1b 15 b0 b1 4a 20 02 02 80 10 80 00 4a 0d 42 50 05 20 68 4a 00 08 1a 12 80 2d 09 41 a8 0a 14 2d 00 3d 01 40 15 1a 6d f4 22 8a 17 da e9 37 a2 9c 47 98 e2 3c cd 83 c0 49 16 2c 84 90 58 e7 6e fe 6c 45 be ab b7 7e 43 ef 17 ee 26 0b 8a b6 1f 91 ca f7 75 9c 45 3b 4f 96 8d 51 33 6d 7e 5a 34 44 45 5b 1c 88 c9 0c 82 5a 8c f7 ba 87 b2 25 fc c7 b2 48 d5 e1 6c Data Ascii: 4nJ2RdiJ)p7y~.G{K9$wg8y.U%LYc\\K6?f1<k;SkJ^g}<<Y~^^B))@bRTjFTF+abPJ JBP hJ-A-=@m"7G<I,XnlE~C&uE;OQ3m~Z4DE[Z%Hl
2024-07-20 07:21:45 UTC	16384	IN	Data Raw: 78 9c 6f e3 97 c5 dd a7 ff 00 e4 8e ce e3 da f6 27 ef 7c ba 7a bc 8f 3b 2f fb 5b fd 36 ff 00 09 1d 63 8d 5d 2e df 63 e2 ee 93 ff 00 f3 42 fd 06 cb 8f 73 9f ff 00 99 5f b9 f6 cf 0b 32 7f f9 58 3d ef b7 78 6d a6 ff 00 f2 32 f5 fc a1 de cf b7 2c fb 94 df fe 70 3d b7 6a 4d 37 dc 27 9e 1e b1 7e a3 b0 f0 d9 cd ff 00 e4 61 fa 9e cd 85 36 33 78 fe 86 4f f9 33 fc 3b 4e 51 84 16 38 51 51 82 35 92 aa 31 f7 2d c4 6d 5a b5 45 45 2f fe a8 6b ed f3 b7 77 64 a7 94 99 1a c7 43 4f a1 99 8d 77 62 e3 07 5e 28 c8 63 67 7f 4f 14 b2 15 8e c4 66 5d 19 ef e4 cc 73 cc d9 7b 23 1c f3 25 22 5b cc b4 aa d6 65 c6 2f 2e fa 71 00 56 38 19 1b 51 32 ae 25 d3 29 e2 05 d0 c8 cd bc 34 c3 23 36 f0 db 96 dc b0 fc 45 92 e8 42 45 56 65 97 3a 51 63 86 f7 a9 62 3c 44 88 e8 8b 0c 86 02 08 56 7b ea Data Ascii: xo'\|z;/[6c].cBs_2X=xm2,p=jM7'~a63xO3;NQ8QQ51-mZEE/kwdCOwb^(cgOf]s{#%"[e/.qV8Q2%)4#6EBEVe:Qcb<DV{
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 60 df e6 8d ec c1 bf cd 19 db 85 d3 96 32 10 86 5b 42 10 80 06 47 90 49 ed ce 59 45 bf 24 4c 55 65 fe a3 29 bc dd 5d 39 1b 2e ec 77 92 c6 dd a6 da cd 19 f7 7b 3d cd bd bf bc d6 85 15 ea 4d d1 97 c6 a5 da 7c 8f db 12 8c 37 57 17 c5 34 ea 77 ee 4e 8d a6 78 cf b6 77 9a 3b e4 63 37 85 c4 e2 b9 55 9e c6 fa f5 33 a5 e8 e3 9c d4 53 f1 2c 52 6a 9e 55 33 45 8c 99 9c ab 56 aa af 2c 7f 03 44 25 e9 4d 67 1f 52 f2 31 c2 5f 97 fc 19 75 89 a5 58 bc 96 1f 81 63 35 be dc b9 70 f5 47 cb 89 aa 0f 96 59 af 23 0d a9 24 a8 fe 07 ff 00 f5 66 bb 78 2a 7e 97 4f c1 9a 66 af 5c 8c 97 e0 d5 da 9a 62 c5 bd 0a ad 44 48 a2 da d3 87 26 3a 54 6f f3 03 a5 53 5c 46 ae 09 fe 0c aa 94 ae 05 6d 34 58 b9 7e 02 4c 10 8d 15 3a a6 5a 95 44 9c 5d 48 a9 1b ad 0b 73 67 b5 bd b8 b7 bb 9d b5 2b d6 ba Data Ascii: `2[BGIYE$LUe)]9.w{=M\|7W4wNxw;c7U3S,RjU3EV,D%MgR1_uXc5pGY#$fx*~Of\bDH&:ToS\Fm4X~L:ZD]Hsg+
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 67 63 50 0e 35 cc 7a 02 86 99 53 2b 5c 8a b1 8b 35 34 24 a0 9e 65 c8 a2 a8 0e 35 1e 50 a0 b8 a0 38 9f 72 db ff 00 68 78 db 91 aa 3d b7 dc 8f fd 9b 3c 64 f8 99 dd bd 58 ae 42 86 79 3c 68 cd 97 51 9a 71 30 db 2d fe 92 bb 7d 4b cc b3 72 bd 25 56 53 d5 1f 32 26 5e be 5d 4f cc 00 93 f5 3f 30 54 8e c2 d9 46 e2 2a 70 69 96 b6 24 c9 47 97 dc da 76 ee b8 f0 24 16 06 ee eb 62 93 53 46 35 82 35 d9 ca cc 55 b0 e9 20 61 d2 43 9d e5 df 5e 20 37 5c 0d b6 a2 e3 6d 44 c9 6e 3a e7 44 8e 8c 21 81 cf dd 78 8e df eb f7 bf 92 a8 9a 6c 58 d6 d2 11 5b 36 59 6a 29 61 89 e7 b5 e8 c2 bb 9b 57 07 90 8a d1 d0 94 a3 72 dd 1a c4 ad d9 8a 4a 98 b3 37 65 d7 86 55 6c 65 68 d1 1b 32 ae 45 9e c9 3c 95 89 db 22 83 36 7b 20 f6 58 f2 19 d5 b2 c8 c0 b9 5a 1e 36 89 6a 2e d8 6f 27 b4 d5 a5 66 85 Data Ascii: gcP5zS+\54$e5P8rhx=<dXBy<hQq0-}Kr%VS2&^]O?0TF*pi$Gv$bSF55U aC^ 7\mDn:D!xlX[6Yj)aWrJ7eUleh2E<"6{ XZ6j.o'f
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 09 b4 f2 0a 74 8f 56 7c 86 49 35 cf 9a 15 2d 31 75 ca bc 00 68 c9 d6 ad 65 c5 96 46 78 d5 60 50 92 4e aa 55 ae 43 27 8d 01 63 54 67 51 aa 66 84 9e 59 32 e5 2c 12 37 ab 16 3e 55 29 7a 9f 98 ba 8b 6e 6d ee 29 3c 38 89 ed 4b 91 ed 63 aa 29 87 dc 62 fb 72 06 99 01 62 98 7d c2 a7 19 03 10 65 77 ba 1f 75 94 55 92 ac 19 ad 0a f3 0f bb e2 67 ab 26 a6 17 2d 2a e8 7d cf 13 32 61 d4 c1 96 95 73 c4 65 73 c4 cb a9 85 49 91 72 d4 ae 8c ae 99 14 86 52 60 cb 52 ba 37 ba 64 d4 c6 8d ce 60 cb 5a bb e2 3a ba cc 6a e2 19 5c 5c c6 0c b6 2b a3 c6 e1 89 5d 4b 88 56 e2 1c 5d 06 0c b7 c6 e0 ea e9 cd fa cb 6b 89 3f 90 b7 cc 19 74 fd d1 d5 d3 8f fc 92 16 5d ce 5c 10 32 ee 7b ac 65 78 f3 cf b9 de 79 15 fd 76 e2 5f 13 09 98 f4 df 53 18 fc 40 fa eb 4b e3 47 97 77 af 4d d1 c9 b1 ed eb Data Ascii: tV\|I5-1uheFx`PNUC'cTgQfY2,7>U)znm)<8Kc)brb}ewuUg&-*}2asesIrR`R7d`Z:j\\+]KV]k?t]\2{exyv_S@KGwM
2024-07-20 07:21:46 UTC	9893	IN	Data Raw: de 6c 3d 5b 7d d3 9a 59 46 45 32 ee 5f 71 ed df ee ed e3 75 2c da 29 87 b4 8d c4 d6 0c 35 3c 5c 7e eb 95 bf ee f6 b3 b7 e2 93 36 ed fe e8 ed 97 7d 3e f3 b5 2f 1f fe e3 af c2 61 e9 ea 13 9f b7 df 46 e4 53 84 e3 71 3c a8 f1 34 c7 71 cd 3f 30 8b 9d 09 81 5a bd 07 93 19 4e 3c c0 70 61 c5 03 54 78 32 55 00 74 c5 f0 15 db 80 48 00 f6 e2 0f 6e 3c 06 a8 2a 0e a5 76 d1 3d a4 35 59 2a 17 34 8e d2 e6 0f 67 c4 7a 92 a0 cd 27 b3 e2 0f 65 73 1e a0 60 f2 a5 f6 a3 cc 3a 54 72 25 58 6a 0b 6a 47 0e 03 a9 09 50 a0 86 a9 2a 00 80 48 0a 92 a1 04 04 a9 0a a0 15 98 2a 4a e2 11 f3 c9 3f 53 f3 05 41 24 f5 3f 30 54 f3 bd 4e 57 73 95 6e a5 c9 18 59 ab 7f 3d 57 df 25 81 94 b3 86 6f 25 79 91 13 88 4a 80 b3 08 10 58 10 20 41 20 81 88 38 86 21 51 e6 34 05 79 8d 00 1a 5d 22 47 32 c9 74 Data Ascii: l=[}YFE2_qu,)5<\~6}>/aFSq<4q?0ZN<paTx2UtHn<v=5Y4gz'es`:Tr%XjjGPHJ?SA$?0TNWsnY=W%o%yJX A 8!Q4y]"G2t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	49829	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:45 UTC	678	OUT	POST /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive Content-Length: 16276 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/plain, / Content-Type: application/json;charset=utf-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:45 UTC	16276	OUT	Data Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 39 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 62 53 6e 50 54 4d 38 37 52 54 41 54 65 41 62 44 64 4d 32 44 78 6e 77 77 54 30 48 70 6b 37 69 30 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 5f 31 37 32 31 34 36 30 30 39 35 36 36 37 22 2c 22 41 31 30 Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.9-web","mainAppKey":"0WEB04SGH543EALS","platformId":3,"common":{"A2":"bSnPTM87RTATeAbDdM2DxnwwT0Hpk7i0","A8":"","A12":"en-US","A17":"128010241","A23":"","A50":"","A76":"0WEB04SGH543EALS_1721460095667","A10
2024-07-20 07:21:46 UTC	620	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:45 GMT Content-Type: text/plain Content-Length: 95 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close Set-Cookie: tgw_l7_route=89fd50286e79ee8f210e0bb0b74c1a6a; Expires=Sat, 20-Jul-2024 07:51:45 GMT; Path=/ Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:46 UTC	95	IN	Data Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 32 31 34 36 30 31 30 35 39 37 37 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d Data Ascii: {"result": 200, "srcGatewayIp": "8.46.123.33", "serverTime": "1721460105977", "msg": "success"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	49831	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:45 UTC	442	OUT	GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
2024-07-20 07:21:46 UTC	542	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:46 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:46 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.5	49834	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:46 UTC	386	OUT	GET /im.qq.com_new/f2ff7664/img/page-1.9d39f9ad.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:46 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "1802ab075609934b68b194238808e6da" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 186062 Accept-Ranges: bytes X-NWS-LOG-UUID: 9873378511102443050 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:46 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 64 00 00 06 38 08 03 00 00 00 c6 42 fe d1 00 00 02 fd 50 4c 54 45 00 00 00 07 39 7d 00 3a 7d 00 3a 7e 00 3b 7e 9b b3 cd 39 62 8e f0 f1 f3 e3 e7 ed ff ff ff f6 f6 f6 ef ef ef 01 00 00 e9 e9 ea dd dd de 00 9b ff f6 ed eb a7 a7 a8 f5 e4 e2 10 11 14 ff b6 11 d4 d4 d5 22 1f 1e 5f 5e 5e 82 7f 7f af b1 b3 9e 9f a0 16 19 24 89 bc ea 3f 41 40 39 9d fb cb ca cc c1 c0 c0 bb ba bb 2a 2f 35 53 a8 f8 92 bf ea 36 33 3e 24 27 31 31 2e 39 4d 9d f1 39 96 f4 1c 1f 32 4b 4f 5c 44 47 54 37 38 47 fe fc f2 e5 e2 e3 b1 ce ed 72 6d 6e a4 cd f6 71 b7 f8 27 2a 45 a8 c8 e9 81 b6 e8 d9 e2 ee 90 8c 8d be d3 ec 9c c4 ec 3a 40 54 68 6e 7d 50 4b 51 3d 43 60 42 3f 4b 4d 5f 84 51 59 75 cd da ed 46 4d 6a 30 99 fd 28 3b 3a 62 5b 69 5a Data Ascii: PNGIHDRd8BPLTE9}:}:~;~9b"_^^$?A@9/5S63>$'11.9M92KO\DGT78Grmnq'E:@Thn}PKQ=C`B?KM_QYuFMj0(;:b[iZ
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: aa 66 53 34 50 86 ab bb 23 e2 5d 1e 65 d4 a8 29 e4 67 85 31 ec d9 1c 1e 84 49 e4 72 91 08 0c 2c ed 2a 1e 04 8c f9 f3 c6 cc ec e7 df d5 f7 01 13 84 93 ad 30 aa ea a0 6f e3 99 17 c2 7a 66 43 8c ac ee 4d ab c2 ae ea 38 58 a6 4f 6d 9e db ea 03 8a b6 7a ab 2f 3b 0a e1 d4 d6 c5 7c af f2 bd cc cf c8 f4 c5 70 dd e3 54 b8 58 a8 d6 32 e6 0b 93 4c f6 6f 6c f4 6f 1c 1e 6e 6f 6f 5f 1a 1b 43 b8 68 a9 32 1e f6 10 0e 61 0d a9 da e4 e4 b3 23 17 9e 7d f3 f2 4b 37 dd f7 d4 73 8f 3e 08 c8 2e 34 82 b0 08 90 2f 67 67 a4 88 ef 50 0f 53 05 71 ce ef aa 14 ae fc f4 1b 10 13 b5 fa 98 2e b7 e3 21 46 c6 b8 cb 7b 18 b9 5a c8 8a 62 a2 c9 a6 9d e6 01 6b cb 83 26 41 86 22 61 c9 2d 8c 2a 7f f9 25 88 c9 b1 f4 61 eb 89 f8 11 bb 10 d1 26 20 73 98 09 63 a4 4c 10 03 55 d4 22 88 e2 9c 2a 9c 20 Data Ascii: fS4P#]e)g1Ir,0ozfCM8XOmz/;\|pTX2Lolonoo_Ch2a#}K7s>.4/ggPSq.!F{Zbk&A"a-%a& scLU"*
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 66 31 34 25 90 91 0c bc a1 20 d3 0d 83 a9 28 b9 e3 3f 45 ae f0 3f a3 05 ed a4 31 bd e6 ed ee c6 7a ab 82 7a 76 da 6d 6f bd d5 07 ac c8 18 f5 db 7c 46 9d 42 99 cf 93 8d 9f 3b 1d 8c 4d 8f 60 fe 32 74 86 f2 b2 69 2b 4e 29 c4 04 b3 f6 1d fb 40 d9 e4 0c 44 8a a2 f5 76 6a 9a 75 1f 82 18 2f 94 58 75 c2 c9 40 59 db 1f 5e 03 62 b6 17 48 17 92 89 ef d8 98 95 35 0b 07 b4 a5 bb a5 13 d9 ca 9e 81 3d 1c 5c a5 a6 ee d9 d9 9c 06 c8 70 a2 e3 db 53 9f 9e 53 31 70 ae 78 4a 4d f5 1c 0c cb 40 9b 66 ec 01 19 2b 04 63 97 19 2b f2 ad 7e f6 98 8b 60 84 fc 8e 77 6c 0c 0d aa 94 0a f5 c7 4e 8c 8d 11 f0 64 8c a6 e7 a7 47 b4 0f 4e 7c 02 ad 53 d7 b0 aa 37 94 87 95 0e 16 81 97 48 30 33 10 1a 23 2b 55 88 6d 58 99 9a 9b ef b5 83 32 01 4d 43 66 8d 6c ec 69 b2 47 cd 92 d9 31 d9 78 8e cc f8 Data Ascii: f14% (?E?1zzvmo\|FB;M`2ti+N)@Dvju/Xu@Y^bH5=\pSS1pxJM@f+c+~`wlNdGN\|S7H03#+UmX2MCfliG1x
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 6e d8 3c 8e ed 64 b3 80 0c 0e 86 06 ab be 76 76 f5 8a 42 58 3d 63 0d bf 99 34 36 a7 d3 8d b5 e9 5b eb c9 fd d9 b5 82 67 a3 ed ed 20 ad b4 3a 7c a8 73 fe b1 37 ab e2 c4 34 f1 02 5c aa e3 43 28 13 ce 04 29 bc c6 3b c3 99 79 29 b0 4d a2 d2 31 5c ed 1b d3 46 36 8c 32 3e 20 23 66 fc 8e f7 64 7b f6 a4 e4 af 9a 04 13 2a 7a 19 47 7a 90 31 5d bf bf 23 9c c9 69 d3 5c 50 ac ac 97 ab 25 26 e4 a3 12 96 3d 01 b2 2a ca 87 13 94 09 64 de 38 e4 55 9c e1 d4 32 90 d9 e7 74 db 1a 84 b7 68 5d 34 5d 17 6f ba b5 ca be e1 c5 32 d3 ff 62 16 be a6 ec ff 05 19 ad cc 54 f0 95 93 01 94 14 93 a6 58 8c c3 a9 c4 cc a2 b5 27 49 98 38 d9 2e 71 32 29 df 4b 71 d1 e5 27 64 75 29 b3 44 23 29 99 66 2c be eb 22 be f5 6e 4a 1c 07 ea 2c f7 f6 42 20 8c 8c f1 95 22 6b 61 82 e2 ab a1 0a d5 f4 11 c3 Data Ascii: n<dvvBX=c46[g :\|s74\C();y)M1\F62> #fd{zGz1]#i\P%&=d8U2th]4]o2bTX'I8.q2)Kq'du)D#)f,"nJ,B "ka
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: d0 cc ec 93 e5 30 cb 2d d3 2d ca fe b7 04 3e 67 84 6c 5a 00 16 11 5b b2 5e 36 01 bf 14 20 2b 97 89 16 a7 21 9b a4 49 cb ed 4a 91 57 ab 07 69 d4 3b b4 26 50 66 d6 c7 61 df 68 33 ba e4 63 e2 ab a8 43 3d 08 db b8 9f 99 9e 0e d9 19 6f 2f 61 d6 9d 37 c4 54 cd c5 2a a4 c7 ba 3f 10 64 6e 64 07 13 20 43 69 0a 62 5b 5a 68 c6 09 03 31 17 86 e6 bd b4 0b 74 b8 cc a7 93 64 03 a6 86 0d 70 d3 db 38 e9 0d 55 8b a4 26 12 26 3d 0d 64 52 30 b2 91 20 cb 10 3b 3c 75 b1 be c6 2f 6c e2 79 76 be 83 6a 8f fc 89 31 4e dc 8b 7b c7 cc f8 58 ac d3 8d 82 2a 93 4d 1f 45 3c c6 ba 6d 8a aa 66 62 b6 07 a8 8b e0 af a9 ff a0 20 eb 94 99 c2 a4 32 d7 62 f5 2e 21 c6 99 19 99 d8 ba cf c4 56 80 c4 97 f7 82 d3 bd 8f cd 56 be 4f 16 83 45 4e 9a 3c 61 b3 97 10 be 36 b8 c2 69 4d ec 0a a2 7f eb 64 53 Data Ascii: 0-->glZ[^6 +!IJWi;&Pfah3cC=o/a7T?dnd Cib[Zh1tdp8U&&=dR0 ;<u/lyvj1N{XME<mfb 2b.!VVOEN<a6iMdS
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 1e 4e 87 00 b0 9d 04 5e 00 67 eb 6b 83 53 2a 13 c8 6e 12 65 86 8b 64 64 85 ae 76 e8 8e bd 2d 6d ab 2a eb f4 13 27 48 52 76 4c b7 17 d8 6a 90 fa 3a d7 b3 b2 50 05 b7 98 4a 02 92 ad 68 99 35 24 a2 35 ce b0 05 22 30 86 aa 13 43 86 09 04 d1 4e 24 61 88 18 15 8a 39 5c ec db 19 9e e2 52 08 1e 21 0d 59 e0 4b 02 5a 6b a3 25 27 13 55 fd b1 8b 93 dd c8 8e e4 71 43 43 3e 04 ae 46 99 94 ad 08 17 eb 90 bd fa 85 86 4c 73 76 af 18 16 3c a8 6a 39 7a f1 75 0c ab a2 02 fe 74 7e 56 fa 98 40 d6 b9 ba 68 e5 72 40 c5 0c 89 a1 50 ce e5 c1 ce 12 1f bd 9d 44 1d 7c d0 0f 33 cf d1 90 f1 a1 3f 45 4f 14 eb c8 7a ca 0f 20 05 04 61 0a 46 7f ab 1d d1 6b 7c d7 9d 8c c4 90 71 9d 2d 21 81 29 2f 48 48 f0 13 6c 58 6a 47 89 4e 50 6c 8a 68 55 14 59 9c 93 39 4a ad 3f 4f 96 93 87 d2 e9 c1 1c ac Data Ascii: N^gkSneddv-m'HRvLj:PJh5$5"0CN$a9\R!YKZk%'UqCC>FLsv<j9zut~V@hr@PD\|3?EOz aFk\|q-!)/HHlXjGNPlhUY9J?O
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 5e 99 36 ba 8a cc a6 26 85 4f ff 4f 3d 84 88 e1 b3 49 18 a8 8d 18 f6 c9 62 0a 89 ba 37 98 ef 41 cb 65 a6 8c 12 9a 2f 63 c9 a6 d3 b1 37 65 e7 e7 e7 87 65 99 83 21 eb 15 04 19 62 86 22 d6 3c 64 2b 7d c8 c2 fa f3 93 e3 b5 c7 3f b8 bb b9 51 de d5 f6 ad e1 c6 30 a7 10 7e f3 ca e8 0e b1 80 59 fb 89 8b 25 22 f3 15 11 a7 d4 41 1b de 31 20 c6 d5 6d 8c 99 0a 96 14 d7 56 d3 60 1b d9 c5 06 64 95 c9 d0 28 46 43 d1 a4 d4 39 ff 5b 92 af 6a 16 3e 90 69 b5 97 e6 49 25 61 e9 1b 5c 65 54 ac cb aa af 9c 73 64 6d a2 92 d6 ca f0 66 ce 82 22 7f 8d 1e 1c 93 f0 ca 12 cd 1b 95 63 8b 7b c1 a1 05 67 9a d5 98 5b 56 43 aa b5 4c fe b3 ba 07 a3 c3 3d a3 db 98 2d 9d 81 80 74 bd a8 b5 c2 98 8d 2b da 5a f1 7b 42 6c 41 cd 2e 19 41 b6 f3 0f 7b e7 0f da 44 14 c7 71 15 17 13 d2 45 c4 2a 4a 34 Data Ascii: ^6&OO=Ib7Ae/c7ee!b"<d+}?Q0~Y%"A1 mV`d(FC9[j>iI%a\eTsdmf"c{g[VCL=-t+Z{BlA.A{DqE*J4
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 77 3d 09 19 2a de d2 d4 28 59 0f 82 cc 03 e3 52 9d 2c ee 47 ef 18 2e 3e c6 4e 56 2b 5c 34 4d 6f 7a 9f a3 a2 61 55 53 f9 96 24 be 65 8e 0f 80 ec b7 df 80 b2 57 00 b2 d7 e6 17 8b 7b 7b 7b af 4e ee 00 60 b0 56 ca 27 84 d8 53 83 e3 c3 c3 91 71 a7 a7 27 32 31 13 7c 9c 4a e7 53 cd 8e 7b 70 70 80 90 65 12 04 19 33 26 64 84 4c 4f 7a 58 b3 1f 7a 9b ec a2 b5 9c b9 bc 2c 97 91 ae 72 f9 f2 b2 00 90 ad 08 9a 40 bd 37 b4 c9 62 6a bf b0 19 32 70 2c a5 30 43 f1 9b 5e 0d 32 32 cd 0e f6 4f c1 52 0d 25 18 32 bc 50 63 41 e6 40 ee 23 aa 40 16 c5 dc 87 3d 5c b4 4e 21 cc 94 19 44 86 a2 2c f7 93 62 64 27 b3 53 c6 4e a6 46 8b 08 d9 eb bf 7d f9 1b c4 8b fb fb d0 0f 2d 10 2b ef 00 62 00 d9 34 22 16 6c 7e 33 bc f9 d6 5b 91 66 a7 39 f5 fe 5c 69 6e 74 6d 22 95 4a cd a6 3e 03 c8 8e 20 Data Ascii: w=*(YR,G.>NV+\4MozaUS$eW{{{N`V'Sq'21\|JS{ppe3&dLOzXz,r@7bj2p,0C^22OR%2PcA@#@=\N!D,bd'SNF}-+b4"l~3[f9\intm"J>
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: 49 18 03 62 de 7a b4 5c d8 e5 f2 bf 9c ca 0e c4 8c 93 36 31 8b 6a d9 c2 0c 6c a2 20 db 31 a9 95 af ed b9 fe f4 cd 9b d7 af 5f 7e 9e 4e a7 27 0e ca b3 d9 64 3c a9 f3 4f 5b cb c9 04 2a 3a cb 76 08 ce 1e 7e fc f5 e5 d7 b7 6f 5f 2f 37 1b a1 72 da 8e 84 0f 5d 78 11 49 f8 3a b6 c8 98 6d c1 1b c2 7d 03 08 bf 29 53 0e ad 5f 41 f8 37 7b e7 12 da 4c 15 c5 71 5c b8 98 4c 32 7d 8c 9d 26 91 90 b4 4b 45 4b 41 41 f0 01 22 e8 62 40 14 c4 8d 2f 04 15 dc a4 32 8a 04 8d 08 4e 35 f8 e8 58 eb 62 6a 36 ce 42 4c 21 06 12 dd 08 56 5d 28 08 01 89 e8 d2 55 95 88 0b a9 8a 88 88 0f 3c 77 ce dc 9c dc 9e dc 4e 2a 34 10 ed 7f d2 c9 bc fa 7d 88 df 8f ff 3d e7 9e 39 37 9e 06 1b b1 e4 f9 ca 00 b1 2d 6f 18 31 73 2f c2 60 f1 b9 57 ef bf 53 40 76 77 72 cb 0f bc 0d 1f a7 c9 ce 06 99 42 18 7e Data Ascii: Ibz\61jl 1_~N'd<O[:v~o_/7r]xI:m})S_A7{Lq\L2}&KEKAA"b@/2N5Xbj6BL!V](U<wN4}=97-o1s/`WS@vwrB~
2024-07-20 07:21:46 UTC	16384	IN	Data Raw: d4 76 ab 92 8b 3e f4 cf f1 db 6d 4e 96 60 34 b6 f5 71 f5 cf f2 39 7b b1 5a a8 ae 95 40 94 fd e0 31 99 f0 95 74 d2 49 a5 cc 94 03 fd a4 e1 19 ba 74 24 41 69 93 18 00 69 c2 41 27 8b 5f 6f e1 2f a7 a4 2e ef a9 34 bf 76 d2 42 f0 79 42 07 50 32 b2 51 df 6a f0 bd ff ab 34 1b 4e 68 ad 0c 6d e1 d0 6d 6c f7 bf 18 a6 e4 f1 98 7e 9a ec ba a3 d5 2e 4e 4e 4e d6 44 21 e2 7a e0 b9 5d 17 05 90 d5 dd ba 88 17 0b 14 90 2d 16 0a 0b 4f 3d f9 d6 9d 36 40 76 9b 30 32 23 75 76 e3 97 8d 5f ae 5e 83 f4 22 0c ca 10 32 41 d9 61 4e a6 76 e7 d6 bf 3f 34 7f 5f 5c 06 c8 2e b4 aa ad bd 73 e5 73 5f 55 0b 6b 95 4a a9 1f 30 b2 93 a1 6d d1 fe 3e 8e 93 cc 8a d3 39 61 3d 89 64 c6 c9 e0 83 0c cb cc 48 ac d1 fe c8 8e 63 a4 69 bf 7f a6 87 20 63 21 fd 14 2e e6 e0 95 a4 5c 32 13 9d 4a 67 27 fe af Data Ascii: v>mN`4q9{Z@1tIt$AiiA'_o/.4vByBP2Qj4Nhmml~.NNND!z]-O=6@v02#uv_^"2AaNv?4_\.ss_UkJ0m>9a=dHci c!.\2Jg'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	49836	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:46 UTC	664	OUT	GET /im.qq.com_new/f2ff7664/img/page-2.f6af1bfb.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:47 UTC	483	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "717967bdb03dee08d45e00c98e1c7835" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 1168126 Accept-Ranges: bytes X-NWS-LOG-UUID: 6094954165862980796 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:47 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 5f 00 00 06 30 08 06 00 00 00 8d dc f5 41 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDR_0ApHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: e3 f7 8d be a4 95 0c 0e 14 3a 0b ab ef 3b b1 dc 3a 15 35 bc ba 23 ae 34 f3 45 43 29 38 fb 9d 2c 64 d6 b4 45 3c 7c 6d b6 6e d1 02 64 86 ef 1e c2 c2 1c 30 2e 69 0d 95 03 cc c6 ab 0d 90 46 ec 2e 81 8b 18 33 7f 4f be 4e 42 12 00 0f 0e 52 15 78 1d fb 0c f8 52 78 23 01 a6 f5 28 b3 de 9a f7 51 66 e1 9d 4f a6 55 64 46 18 d3 2e 60 08 22 00 d5 c1 0c e5 8e 7c 5b ed 64 63 08 3e 5f 6a 03 24 37 02 f6 3a e8 a3 08 56 4d 56 8b 03 9f 05 0b 58 d8 70 68 b4 1a 60 c2 19 f6 82 c0 0b d2 a3 ec 7a 3d 6d 56 d8 79 57 30 e7 6d 85 34 16 97 21 5f 12 87 f4 9d cc 3b b1 74 fe 1f ad 7c 05 dd 2c ab a5 20 10 54 b2 ed 9f 5f fe f2 57 2f 10 f0 6a 9a 06 b6 d4 eb d1 6e de 13 ae 87 6a de a3 c7 82 79 96 44 bf f3 b4 38 af 5a 46 eb 23 1d f0 4a e2 36 db 7f 3a fd d2 c3 12 89 22 12 26 6e 17 e5 a1 c9 bc Data Ascii: :;:5#4EC)8,dE<\|mnd0.iF.3ONBRxRx#(QfOUdF.`"\|[dc>_j$7:VMVXph`z=mVyW0m4!_;t\|, T_W/jnjyD8ZF#J6:"&n
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: 75 e9 41 85 c8 d6 83 d9 03 52 4f 95 6f 29 ea cc b2 fb 37 6f 96 c8 07 cf 7a dc f9 4e 37 4a 1d c2 09 db 7d 9d 3d e1 0f 23 af b3 2a f7 4b 54 cc 42 e4 5f 67 6f 6b bb e0 bb 15 0b d3 96 1f 73 b3 9b 41 46 e2 d5 42 e3 cc 6b 20 3b 18 46 cf 16 1d f5 c5 f4 2a c8 b3 cf 36 c9 8e 47 9f d8 06 16 12 1a 28 e1 84 c7 fe cb f7 b3 11 d6 0e fc ae d6 11 bc 5f a7 8d ef 58 e5 ef bf 1c 28 1e c3 8e 67 bf 18 b7 37 0e 19 c2 e0 45 61 a6 d6 06 d1 5f b0 57 42 07 43 bd a6 c9 2c 66 3b 66 b3 ac 24 00 db 41 07 a7 54 10 6b 0b e7 11 a4 e6 19 7d 03 da 0e 82 bd bc 0c 53 1f 00 ec 47 40 ae 40 84 59 f8 ab 7a 73 a4 17 ee 29 a1 b1 26 00 f0 a3 57 45 67 8b 95 76 f4 3d dc 08 30 46 ba 8d 8f f6 6b 20 53 2a 16 38 7f f8 9d 1b b1 00 00 11 6c 2b bd 1b 94 1f 39 e4 25 7a 48 72 17 90 0f 65 29 ad 10 d2 25 bc d3 Data Ascii: uAROo)7ozN7J}=#KTB_goksAFBk ;F6G(_X(g7Ea_WBC,f;f$ATk}SG@@Yzs)&WEgv=0Fk S*8l+9%zHre)%
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: e8 ca 0c af 6d 7a dc e4 71 cb 3e 0b e5 f3 f6 5c 5e 50 d5 40 54 85 89 6a 43 f2 8c e5 96 82 55 9f 69 50 71 51 6e ec 61 12 85 c8 d9 87 9c 23 5c 17 92 02 4c 2a f1 48 f7 03 b1 13 ae 31 e7 fa b1 48 6c 62 5a 95 fb fc 1d 4b a8 43 24 7c f1 b8 12 a2 58 a5 2d f4 c0 56 b8 de bd eb ed 33 b6 7c f5 30 10 44 ab fc 9d 2d 43 bc 69 fe 9a 8f 96 4b 9f d7 6f 59 ee 39 3e 3b 8b f3 be 3a 0c 75 e8 4a 7d e9 98 b9 e9 ab 27 02 51 27 df b7 65 c5 7c 56 0d 01 1e bf 7f f2 9e b3 df a6 7a d1 7b a1 fd 86 f7 e2 f3 94 8f 7e 47 be 4f df d9 c2 13 2e bf f6 8b fe 26 f0 64 a5 55 79 7f 11 01 b9 a5 df e0 fa c4 76 94 6b b1 fd b5 5c a6 cc 7a 8c df 7c 24 3c 7f c9 d4 2b ef 03 90 ef e6 7d 6f cb 85 df c4 fa 01 4c 4b 49 6c 9d b4 2c 5b dd f4 2d 6a 5f 69 13 2d 8f 6d 47 ae 1b d7 5b eb ab ed 67 c7 93 96 d7 be Data Ascii: mzq>\^P@TjCUiPqQna#\L*H1HlbZKC$\|X-V3\|0D-CiKoY9>;:uJ}'Q'e\|Vz{~GO.&dUyvk\z\|$<+}oLKIl,[-j_i-mG[g
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: 53 ab 96 aa 92 ac 44 fe 71 8d d9 1e cc 45 f0 15 6d 8b 3c 44 c2 36 da 73 78 95 ae b0 41 7b 0d a9 5f 2c eb 40 01 62 ab c5 fd 4e e6 f7 64 bf e1 85 d0 af a2 a4 c7 17 2d 93 08 7e 6f 26 6e 2a 43 39 c4 f3 2d 2e b5 a7 3a 3c 80 a6 46 b7 99 1c 96 e4 db ad 90 e1 f1 c5 00 c2 7a 0e b6 c9 c6 8b 9d e7 20 30 ba b3 cb 04 22 7d 2e db 42 94 ab ef 74 9f a5 ba 55 a6 6c b1 38 ae 1c 5b 3e 35 81 e3 77 da 64 13 03 34 ff 5b 66 1c 34 54 5f 1c dc 00 81 30 e5 fe 5b 17 1e 4a 53 eb 58 89 5e 12 45 bd d9 32 81 bc f9 17 3c 44 82 de ce b7 7c 2d c8 2b 16 9f 32 ef e9 3b 3c de 9c 8c 17 2e d4 d2 7c 8b a4 47 fb 23 26 e8 ab 20 dd e8 86 41 34 1f 98 60 0b 73 55 00 c2 4e 54 04 39 b7 11 ba 2d 0f ff ec 0f 6a b2 b1 c5 f1 dc 6d b3 7f 43 b4 85 43 e9 3a 32 ab 10 94 ce b5 6a 58 ec 8c 49 e3 80 54 3a 5b 9d Data Ascii: SDqEm<D6sxA{_,@bNd-~o&n*C9-.:<Fz 0"}.BtUl8[>5wd4[f4T_0[JSX^E2<D\|-+2;<.\|G#& A4`sUNT9-jmCC:2jXIT:[
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: ad ab a0 87 41 a5 5b 63 92 0c a1 8a ab 82 9d 51 90 3a 0e f6 db 5c 8e ca 76 b4 8b df b1 5c ba f4 79 0b b4 ee 57 56 37 35 b7 78 49 b5 6b 28 ff b6 aa 24 39 21 4f a2 02 c8 50 25 ad 5d 25 55 a5 7c 74 8a 34 1a 38 96 16 aa 69 1e c8 fc c0 09 50 89 74 ca 68 35 b0 a3 87 90 21 3a f9 e8 54 ea f1 cf 8b 22 9c d4 d0 f1 2a 42 2a 6b 35 cf 49 75 75 8f 63 1a a5 b3 af de 95 d8 7a f4 3e 3a da 99 48 df 57 04 42 8e 85 b9 88 a1 03 08 ec 35 b4 98 b3 73 2d bb ed cd da 13 7b 3a d6 5a c1 2e aa 18 22 e0 c2 fa ee 0f 59 3d 72 30 64 e0 5e fb 34 ef 75 b5 4b 48 9a 3f a6 52 b7 05 64 14 2d 69 5f 39 50 d0 ac 1f 27 e9 3d b0 57 41 75 b3 9e 86 8b 8f 23 02 a5 c3 c8 74 22 09 47 c5 f7 48 b2 26 6a 8b a3 31 87 c4 20 49 5a cb 91 4d ec 91 4e 90 02 c0 10 d8 41 51 8b e3 75 a1 8a 58 78 a6 8d d2 2d d7 61 Data Ascii: A[cQ:\v\yWV75xIk($9!OP%]%U\|t48iPth5!:T"Bk5Iuucz>:HWB5s-{:Z."Y=r0d^4uKH?Rd-i_9P'=WAu#t"GH&j1 IZMNAQuXx-a
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: dc 9b 46 aa 81 df 80 b9 24 29 f3 8d ec f9 85 4d c2 76 c4 58 61 16 31 96 a3 e1 31 b6 4f ea 51 a6 f2 b5 5a c0 b0 41 f6 de a7 67 cd f2 b5 af 60 4b 9a 40 d7 40 01 63 22 d3 c3 cd 70 5f 3a a9 51 cd 37 e4 7f d7 87 78 9f a4 d3 f1 8a cb 96 0e 9c d2 f4 6a 0d 1f 43 93 e3 42 0e 73 d9 34 19 a3 ec 73 28 f8 2b 7c 0b 6b 5c 11 cb fd 25 96 ea ae 3b a1 6d 1e 2b f6 35 2e d8 42 74 94 01 a6 0b e1 14 d6 1d 9f 9f b7 51 31 52 7f 19 65 26 df ca a8 bb 55 1a 91 46 79 d6 11 b2 81 07 de f6 f9 e7 67 0d 96 72 23 2b b3 a1 b8 1f 3e ab 8d 86 40 3e c4 7a a1 79 f7 33 12 17 b3 e8 8d 5c 0e f1 59 dd b7 84 70 82 ec 11 7d 05 24 94 13 2b ab bf ab 81 ab 9b 7a 5e 99 4c f9 26 ff bb 7a f5 6a 38 ff 9e 5f ab c5 7c 4b 48 32 ce 3a 86 5b 1f 8c 57 be f1 6d 42 b4 21 c9 ed 52 12 e5 97 34 3f 03 bf 6b 7c 57 c1 Data Ascii: F$)MvXa11OQZAg`K@@c"p_:Q7xjCBs4s(+\|k\%;m+5.BtQ1Re&UFygr#+>@>zy3\Yp}$+z^L&zj8_\|KH2:[WmB!R4?k\|W
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: 5e 06 c6 16 6e 6a 7e 21 0f c4 9f fb 7f 5f 7f c7 c6 c6 e0 3d 4d 41 4b 35 6a 62 e2 ef d8 24 d9 71 12 0b fd 0e 6d ae d0 ed 26 ea 55 a2 ac dd 8a 0d 4d 41 5d e7 80 56 5f c8 3c 9e 46 7e 37 36 41 4a 34 c5 53 b3 36 51 ba 36 82 56 95 e2 7d 69 93 21 59 9e af 65 96 2e 23 65 b6 43 2a 01 48 4c cf d5 d0 56 86 2a 95 4b 17 84 4e 12 9c d4 d2 50 1b cb 51 26 a8 0e 85 74 95 81 56 51 79 05 fa aa 8c 68 03 df 7b fd 7e ea d0 cb 64 a1 8b 8e be c4 b2 87 40 f4 41 7f 48 9b 9b 1d 89 c9 81 17 0e ea bf 2f ec e2 4b 59 6c 20 48 8d c7 0b 01 60 08 3a c7 fb f6 f6 90 76 f6 76 e9 55 16 c2 27 8b 50 d4 db ba e1 1f 4f 9d 15 bc c9 bc 3a cb 35 bf c0 97 2b 33 4f 79 01 b8 4e 21 21 31 d6 c9 5e 07 8b 74 45 27 73 f5 ed b7 f9 8f 86 9d 9a f6 46 41 62 c2 d6 89 23 a5 9d aa 74 ff d1 72 38 04 60 30 12 11 73 Data Ascii: ^nj~!_=MAK5jb$qm&UMA]V_<F~76AJ4S6Q6V}i!Ye.#eCHLVKNPQ&tVQyh{~d@AH/KYl H`:vvU'PO:5+3OyN!!1^tE'sFAb#tr8`0s
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: a5 70 6b 28 1d 26 80 19 12 29 d3 35 46 e9 dc 49 90 ef eb 3c 7f 47 7e af ab db c8 e4 7d 01 c0 4b 3a 5e 46 fc b7 84 f5 65 78 0b 19 c1 d9 2c 0b 6a 4e 68 0a 5a 09 95 3f fc 51 02 c3 4c 40 a0 23 b2 8e 23 de cb cd c0 34 3e 0c 97 2e 5e 92 3c 0d cf df 39 88 c2 6e 48 97 e2 45 fa 58 b8 f8 04 9e 9b 07 d4 8b 07 e2 e7 4b 77 49 de 79 b2 fa 82 c6 94 59 08 b5 55 e1 c2 e7 89 3e 53 37 f1 45 c2 0b 17 56 85 2c 6f 27 07 6d e5 e4 13 8a 89 ab 09 a8 b2 f0 43 c5 b5 db 93 7c a0 e6 f7 39 34 a6 8b d8 38 20 97 36 96 25 6f ae 4d 21 bb 7a b8 85 4e 5d 0f 82 b2 1c ba b0 65 c7 d5 f6 5c a1 90 ce 02 f9 c4 af 43 d6 13 3b 56 76 ec 60 38 a0 3e 0b 08 4a e0 a1 16 0d 75 79 a9 ac 74 6e 69 cc 03 3e 14 9a 95 52 80 c8 52 60 f4 ff e9 55 4a 8c d1 46 84 b2 31 7a 09 4b 0a 66 5a bf 35 46 48 7b 61 c9 07 09 Data Ascii: pk(&)5FI<G~}K:^Fex,jNhZ?QL@##4>.^<9nHEXKwIyYU>S7EV,o'mC\|948 6%oM!zN]e\C;Vv`8>Juytni>RR`UJF1zKfZ5FH{a
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: 75 d3 aa 7d 34 79 59 8b 45 34 09 c4 a4 f5 d6 31 e0 57 3e a0 bc 73 59 d2 76 0c c6 ee 5b 5e a8 92 1c 99 a4 69 2f 13 a5 63 43 fe b2 c9 82 27 5c e6 e0 a6 87 5c 5a b5 09 b9 8a d6 ed ae 03 16 8a 07 26 85 c2 d5 6a 96 05 50 80 81 ad 6d 1a ac de 14 90 31 37 ab ae 83 a6 69 34 81 2e a4 dc 6d 52 aa a8 fd 18 c4 06 20 2f e8 40 30 06 90 73 22 0f 52 a1 50 ad c5 55 6a 0f fc 0f ab 57 9f 25 ba 35 50 84 93 ce b8 15 f7 1f 61 9c 1b 0c 14 dc f3 ce 45 80 25 c9 69 a7 49 8f af f4 76 a4 1d 84 a5 51 5c d2 a6 1a 92 a0 bc 52 d7 88 3a f8 80 92 78 68 e2 53 61 de e4 f7 9d 99 42 4e bb 4a 2c c2 75 50 17 b9 81 c4 15 05 a1 92 9f b2 71 89 7d 3d 24 0f e7 71 de a9 3b 6a 5d e0 73 40 f5 1e 72 36 11 25 3d 19 c6 64 c9 65 9c 26 00 6f da 58 25 37 7a 7a 4e e9 9e 81 6f 48 6b 86 0d 3c 93 10 6e 7b 0e d0 Data Ascii: u}4yYE41W>sYv[^i/cC'\\Z&jPm17i4.mR /@0s"RPUjW%5PaE%iIvQ\R:xhSaBNJ,uPq}=$q;j]s@r6%=de&oX%7zzNoHk<n{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	49837	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:46 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/guild-1.45f490cc.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:47 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "798149665dd41bebfa1a29b345d8a887" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 55620 Accept-Ranges: bytes X-NWS-LOG-UUID: 11106806683308571441 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:47 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 65 5d 73 d2 ca ad 9a ad aa 38 9d fb 46 58 80 36 91 f1 bf b3 c0 51 6a 93 de e0 e9 74 b9 f3 90 b7 e1 43 4f 68 d5 e2 ee 80 8b 9f 51 73 98 51 a7 f9 8b bc e8 91 bf ea 39 98 f5 3a 9b fe 23 28 48 ad d0 f3 37 9f f9 a7 cb f0 66 b2 f7 86 bc eb 30 99 fd 5b aa f7 b8 d5 f3 53 4c 63 98 c1 ec b4 cd ed e6 eb f3 d4 dd ee ad c9 ea 9c c8 f2 a3 cd f7 a3 c4 ea c3 d6 ee cc d7 eb 7a c0 f9 6f bb fa 73 b5 f3 98 ac d4 b1 d7 f7 c9 dd f4 45 9f f8 ad 85 8d bd d1 ec 56 55 6a 81 b6 e9 e3 e2 ec ef e9 ea 4e a2 f2 93 a4 cd eb e0 e2 60 5c 71 2a 31 53 82 bd f3 90 9b bf 66 71 9a da e6 f4 6c 64 77 be dc f7 31 47 98 6e 6c 82 39 3a 56 8e c2 f5 8b 81 9a 7e 88 a9 87 79 8c b2 Data Ascii: PNGIHDRF?PLTEe]s8FX6QjtCOhQsQ9:#(H7f0[SLczosEVUjN`\q*1Sfqldw1Gnl9:V~y
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: a2 f2 07 9c 55 b7 cf 84 db 6e 57 da f4 c5 36 1e fa 74 dd bb db 36 94 45 f2 08 31 2e ea 2a 77 4f 8c c8 e6 c7 8a 9b 22 97 54 0b 2d 62 57 96 2c 0e bb ed a6 fb eb 2a b8 5a b4 b6 bb b6 a3 b7 b9 2e a2 70 e9 be 9a fd ea 37 7e ed d9 b5 d5 25 1d 29 a7 0d 55 f2 bb 3d 8b e4 54 d6 c6 15 36 46 1d 9c d9 eb b7 19 ff e6 b8 7f 34 9b 1a 92 14 e9 6e 93 b4 4d c7 46 5a c4 e6 2f 59 09 c5 b4 4d 0b 48 38 6f 43 6c dc 54 0b 57 64 f4 8c 00 ac bd c2 e6 19 5a cf 66 c0 83 12 7b c5 34 53 58 0e d6 bb 0e 2d 2d 34 a3 fc 10 a3 c1 e0 b9 a2 b8 31 0c 67 21 59 c3 b5 b7 92 15 f5 13 c3 63 48 00 6c 27 4f da 13 2b 6f 5d f3 f5 c9 ef 7e 46 d7 26 62 6b 29 e9 00 e0 7d d7 33 8c 28 7f 13 96 c5 bd 0f 68 ed 04 88 10 b5 dd 35 88 f0 91 d4 4e 1c 80 3e d8 0d 70 88 4b c0 d8 d9 1e 9a af dc 56 be ed 9a 06 9e 64 Data Ascii: UnW6t6E1.wO"T-bW,Z.p7~%)U=T6F4nMFZ/YMH8oClTWdZf{4SX--41g!YcHl'O+o]~F&bk)}3(h5N>pKVd
2024-07-20 07:21:47 UTC	16384	IN	Data Raw: ef 78 b4 ac 01 68 80 42 36 05 31 dc e8 8e fb a8 d9 93 fa be b5 e3 cf 36 42 3e 6f c4 3f 1c fb 92 f5 db 6f 8f 81 8d c5 00 ac 58 5c bf 71 cd fa 35 c9 13 74 2a f9 85 49 af bc 32 23 f1 1b 73 c1 66 65 a1 19 6c 36 21 f1 77 d9 2a ff d3 6b f6 4d 46 57 45 05 f3 9c 5d 51 61 54 85 80 0c 66 37 28 af 9c 5e 51 98 11 1d 5d cd a6 9f 95 5d c5 c5 d1 9f f8 c8 27 cb d2 e8 ad a5 27 96 8c 61 9b f5 0c b6 cf 90 a1 04 2d a7 4d 23 21 d9 e0 f4 ab 5e 7b d5 97 97 28 41 79 ad 96 94 e4 33 33 26 86 0b 5c 0b d8 0c 39 03 2f 91 c1 2c b0 c5 3b b3 f3 dc 7d 1b 2e bf 71 f9 0d 91 f3 33 73 c4 9f d5 56 0a b3 5d a5 59 77 ee b7 35 de 81 19 c7 b7 81 ed f8 97 8f ef 38 8e 68 b9 dc 79 2f 19 b3 41 0d 68 5a ac cd 0d 35 56 6b 3f 60 ea 2d 66 f1 36 57 51 3b e4 32 17 04 8c 8e 70 86 62 3b 65 23 1c 05 ad c2 e5 Data Ascii: xhB616B>o?oX\q5tI2#sfel6!wkMFWE]QaTf7(^Q]]''a-M#!^{(Ay33&\9/,;}.q3sV]Yw58hy/AhZ5Vk?`-f6WQ;2pb;e#
2024-07-20 07:21:47 UTC	6468	IN	Data Raw: b5 88 4d c2 6c 1b c7 6f cc d5 59 d3 d6 50 e7 d8 2a 7c 65 b5 a2 f6 4b 66 db 9b 63 aa bd 44 02 39 3a b8 0a b5 92 53 f3 31 92 98 44 ca 6a c2 56 c8 97 f6 10 9d 75 86 b4 72 1a 0f 0e 6e 83 19 37 d4 79 46 9f 32 34 0e 36 57 5b db 6e 53 cb a6 bc 16 9a b6 6a 79 82 c2 be 26 db 4f cd 67 0d 99 73 63 29 08 62 19 a2 63 63 33 5a 8c 1e fa ea 4b 60 43 a2 86 ba ca bd 09 b5 a1 45 eb 0d 40 8d ca 9f 57 a1 26 f5 f4 8a 1a 21 af 8a 9a 7f 54 20 34 6a 0c 92 e8 6d 78 c3 62 fc a2 be fb c6 0b a7 a6 aa 9a b6 c7 74 28 4c f2 ee b4 f2 02 9f 55 0b 5e 0a c0 5c 4a 3e e0 e5 d0 1c 53 e4 b6 9f 5a 95 db a0 b6 b1 b1 f1 29 81 b2 a9 89 a6 6d 50 7d e9 29 15 1a c8 6c ec 79 08 22 c3 36 aa 8f 3b a3 60 1b 14 34 a8 f9 d8 3f b4 b2 a6 ee 04 5b b7 61 5b 53 1b d8 b0 c0 b8 2a d8 68 df 12 ab 41 6d 79 39 0c 0e Data Ascii: MloYP\|eKfcD9:S1DjVurn7yF246W[nSjy&Ogsc)bcc3ZK`CE@W&!T 4jmxbt(LU^\J>SZ)mP})ly"6;`4?[a[ShAmy9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	49838	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:47 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460105360&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:47 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:47 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:47 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	49817	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:47 UTC	875	OUT	POST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive Content-Length: 700 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryHAobz6spUQFZMod4 Accept: / Origin: https://im.qq.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:47 UTC	700	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 48 41 6f 62 7a 36 73 70 55 51 46 5a 4d 6f 64 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2d 72 65 73 2e 71 71 2e 63 6f 6d 2f 77 65 62 2f 69 6d 2e 71 71 2e 63 6f 6d 2f 71 71 39 5f 69 6e 74 72 6f 64 75 63 74 69 6f 6e 5f 70 6f 73 74 65 72 2e 6a 70 67 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 31 35 31 35 2e 37 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 74 79 70 65 22 Data Ascii: ------WebKitFormBoundaryHAobz6spUQFZMod4Content-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://static-res.qq.com/web/im.qq.com/qq9_introduction_poster.jpg","method":"get","duration":1515.7,"status":200,"type"
2024-07-20 07:21:47 UTC	134	IN	HTTP/1.1 204 No Content Date: Sat, 20 Jul 2024 07:21:47 GMT Connection: close Server: openresty Access-Control-Allow-Origin: *

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	49840	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:47 UTC	442	OUT	GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
2024-07-20 07:21:48 UTC	542	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:48 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:48 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	49842	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:48 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/img/guild-1.45f490cc.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:48 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "798149665dd41bebfa1a29b345d8a887" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 55620 Accept-Ranges: bytes X-NWS-LOG-UUID: 6487124478688935868 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:48 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:48 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 65 5d 73 d2 ca ad 9a ad aa 38 9d fb 46 58 80 36 91 f1 bf b3 c0 51 6a 93 de e0 e9 74 b9 f3 90 b7 e1 43 4f 68 d5 e2 ee 80 8b 9f 51 73 98 51 a7 f9 8b bc e8 91 bf ea 39 98 f5 3a 9b fe 23 28 48 ad d0 f3 37 9f f9 a7 cb f0 66 b2 f7 86 bc eb 30 99 fd 5b aa f7 b8 d5 f3 53 4c 63 98 c1 ec b4 cd ed e6 eb f3 d4 dd ee ad c9 ea 9c c8 f2 a3 cd f7 a3 c4 ea c3 d6 ee cc d7 eb 7a c0 f9 6f bb fa 73 b5 f3 98 ac d4 b1 d7 f7 c9 dd f4 45 9f f8 ad 85 8d bd d1 ec 56 55 6a 81 b6 e9 e3 e2 ec ef e9 ea 4e a2 f2 93 a4 cd eb e0 e2 60 5c 71 2a 31 53 82 bd f3 90 9b bf 66 71 9a da e6 f4 6c 64 77 be dc f7 31 47 98 6e 6c 82 39 3a 56 8e c2 f5 8b 81 9a 7e 88 a9 87 79 8c b2 Data Ascii: PNGIHDRF?PLTEe]s8FX6QjtCOhQsQ9:#(H7f0[SLczosEVUjN`\q*1Sfqldw1Gnl9:V~y
2024-07-20 07:21:48 UTC	16384	IN	Data Raw: a2 f2 07 9c 55 b7 cf 84 db 6e 57 da f4 c5 36 1e fa 74 dd bb db 36 94 45 f2 08 31 2e ea 2a 77 4f 8c c8 e6 c7 8a 9b 22 97 54 0b 2d 62 57 96 2c 0e bb ed a6 fb eb 2a b8 5a b4 b6 bb b6 a3 b7 b9 2e a2 70 e9 be 9a fd ea 37 7e ed d9 b5 d5 25 1d 29 a7 0d 55 f2 bb 3d 8b e4 54 d6 c6 15 36 46 1d 9c d9 eb b7 19 ff e6 b8 7f 34 9b 1a 92 14 e9 6e 93 b4 4d c7 46 5a c4 e6 2f 59 09 c5 b4 4d 0b 48 38 6f 43 6c dc 54 0b 57 64 f4 8c 00 ac bd c2 e6 19 5a cf 66 c0 83 12 7b c5 34 53 58 0e d6 bb 0e 2d 2d 34 a3 fc 10 a3 c1 e0 b9 a2 b8 31 0c 67 21 59 c3 b5 b7 92 15 f5 13 c3 63 48 00 6c 27 4f da 13 2b 6f 5d f3 f5 c9 ef 7e 46 d7 26 62 6b 29 e9 00 e0 7d d7 33 8c 28 7f 13 96 c5 bd 0f 68 ed 04 88 10 b5 dd 35 88 f0 91 d4 4e 1c 80 3e d8 0d 70 88 4b c0 d8 d9 1e 9a af dc 56 be ed 9a 06 9e 64 Data Ascii: UnW6t6E1.wO"T-bW,Z.p7~%)U=T6F4nMFZ/YMH8oClTWdZf{4SX--41g!YcHl'O+o]~F&bk)}3(h5N>pKVd
2024-07-20 07:21:48 UTC	16384	IN	Data Raw: ef 78 b4 ac 01 68 80 42 36 05 31 dc e8 8e fb a8 d9 93 fa be b5 e3 cf 36 42 3e 6f c4 3f 1c fb 92 f5 db 6f 8f 81 8d c5 00 ac 58 5c bf 71 cd fa 35 c9 13 74 2a f9 85 49 af bc 32 23 f1 1b 73 c1 66 65 a1 19 6c 36 21 f1 77 d9 2a ff d3 6b f6 4d 46 57 45 05 f3 9c 5d 51 61 54 85 80 0c 66 37 28 af 9c 5e 51 98 11 1d 5d cd a6 9f 95 5d c5 c5 d1 9f f8 c8 27 cb d2 e8 ad a5 27 96 8c 61 9b f5 0c b6 cf 90 a1 04 2d a7 4d 23 21 d9 e0 f4 ab 5e 7b d5 97 97 28 41 79 ad 96 94 e4 33 33 26 86 0b 5c 0b d8 0c 39 03 2f 91 c1 2c b0 c5 3b b3 f3 dc 7d 1b 2e bf 71 f9 0d 91 f3 33 73 c4 9f d5 56 0a b3 5d a5 59 77 ee b7 35 de 81 19 c7 b7 81 ed f8 97 8f ef 38 8e 68 b9 dc 79 2f 19 b3 41 0d 68 5a ac cd 0d 35 56 6b 3f 60 ea 2d 66 f1 36 57 51 3b e4 32 17 04 8c 8e 70 86 62 3b 65 23 1c 05 ad c2 e5 Data Ascii: xhB616B>o?oX\q5tI2#sfel6!wkMFWE]QaTf7(^Q]]''a-M#!^{(Ay33&\9/,;}.q3sV]Yw58hy/AhZ5Vk?`-f6WQ;2pb;e#
2024-07-20 07:21:48 UTC	6468	IN	Data Raw: b5 88 4d c2 6c 1b c7 6f cc d5 59 d3 d6 50 e7 d8 2a 7c 65 b5 a2 f6 4b 66 db 9b 63 aa bd 44 02 39 3a b8 0a b5 92 53 f3 31 92 98 44 ca 6a c2 56 c8 97 f6 10 9d 75 86 b4 72 1a 0f 0e 6e 83 19 37 d4 79 46 9f 32 34 0e 36 57 5b db 6e 53 cb a6 bc 16 9a b6 6a 79 82 c2 be 26 db 4f cd 67 0d 99 73 63 29 08 62 19 a2 63 63 33 5a 8c 1e fa ea 4b 60 43 a2 86 ba ca bd 09 b5 a1 45 eb 0d 40 8d ca 9f 57 a1 26 f5 f4 8a 1a 21 af 8a 9a 7f 54 20 34 6a 0c 92 e8 6d 78 c3 62 fc a2 be fb c6 0b a7 a6 aa 9a b6 c7 74 28 4c f2 ee b4 f2 02 9f 55 0b 5e 0a c0 5c 4a 3e e0 e5 d0 1c 53 e4 b6 9f 5a 95 db a0 b6 b1 b1 f1 29 81 b2 a9 89 a6 6d 50 7d e9 29 15 1a c8 6c ec 79 08 22 c3 36 aa 8f 3b a3 60 1b 14 34 a8 f9 d8 3f b4 b2 a6 ee 04 5b b7 61 5b 53 1b d8 b0 c0 b8 2a d8 68 df 12 ab 41 6d 79 39 0c 0e Data Ascii: MloYP\|eKfcD9:S1DjVurn7yF246W[nSjy&Ogsc)bcc3ZK`CE@W&!T 4jmxbt(LU^\J>SZ)mP})ly"6;`4?[a[ShAmy9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	49839	43.137.221.145	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:48 UTC	728	OUT	OPTIONS /collect?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=dbb120f4-feae-47d3-94a7-aceac2cfd64a&env=production&platform=3&netType=3&vp=1034%20%20870&sr=1280%20%201024&sessionId=session-1721460101579&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1 Host: aegis.qq.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type Origin: https://im.qq.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://im.qq.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:58 UTC	404	IN	HTTP/1.1 204 No Content Date: Sat, 20 Jul 2024 07:21:58 GMT Connection: close Server: openresty Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization Access-Control-Max-Age: 86400 Cross-Origin-Resource-Policy: cross-origin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	49843	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:48 UTC	670	OUT	GET /im.qq.com_new/f2ff7664/img/guild-logo-1.c1c08300.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:48 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "596e73982012010e6a3972c0e0d848c1" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10520 Accept-Ranges: bytes X-NWS-LOG-UUID: 8662812206843189274 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:48 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:48 UTC	10520	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 03 00 50 4c 54 45 00 00 00 c5 94 20 9b 51 2a 90 09 06 f6 50 35 cc 90 50 88 5c 46 aa 7f 72 e5 71 37 df b4 42 ec c3 7a df 25 1e f3 62 4a d7 bb 9a d9 b6 58 d2 a3 43 f8 b7 aa ca 9a 2f e8 b4 50 cd 9d 37 ec e3 b4 9c 60 3c ec e1 96 f7 72 3d fa 69 41 47 00 01 3f 00 00 4f 00 01 ff e1 c1 31 01 01 2b 02 01 69 35 0b fe fe fc fe d6 b5 59 00 01 fe dd b9 2f 11 05 38 00 00 5e 30 0a 65 02 01 71 3c 11 45 21 08 52 29 09 fe d4 ae 3a 1a 06 fd cd ad fd e8 b8 27 04 01 97 41 1a 22 08 02 02 2c 95 b5 77 08 01 35 a3 fd a0 58 88 04 01 ca 9c a2 6f 03 01 ab 7c 4f a9 56 2d a2 4d 24 96 4a 22 7b 3e 1a e6 7b 4a d6 74 45 b1 1a 06 f8 cb a9 cd 67 3b 95 05 02 f7 c4 a2 ed b6 93 ff 5e 39 bf Data Ascii: PNGIHDRyy$~{PLTE QP5P\Frq7Bz%bJXC/P7`<r=iAG?O1+i5Y/8^0eq<E!R):'A",w5Xo\|OV-M$J"{>{JtEg;^9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	49845	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:48 UTC	386	OUT	GET /im.qq.com_new/f2ff7664/img/page-2.f6af1bfb.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:49 UTC	483	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "717967bdb03dee08d45e00c98e1c7835" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 1168126 Accept-Ranges: bytes X-NWS-LOG-UUID: 5821652708521932907 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:49 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 5f 00 00 06 30 08 06 00 00 00 8d dc f5 41 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDR_0ApHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: e3 f7 8d be a4 95 0c 0e 14 3a 0b ab ef 3b b1 dc 3a 15 35 bc ba 23 ae 34 f3 45 43 29 38 fb 9d 2c 64 d6 b4 45 3c 7c 6d b6 6e d1 02 64 86 ef 1e c2 c2 1c 30 2e 69 0d 95 03 cc c6 ab 0d 90 46 ec 2e 81 8b 18 33 7f 4f be 4e 42 12 00 0f 0e 52 15 78 1d fb 0c f8 52 78 23 01 a6 f5 28 b3 de 9a f7 51 66 e1 9d 4f a6 55 64 46 18 d3 2e 60 08 22 00 d5 c1 0c e5 8e 7c 5b ed 64 63 08 3e 5f 6a 03 24 37 02 f6 3a e8 a3 08 56 4d 56 8b 03 9f 05 0b 58 d8 70 68 b4 1a 60 c2 19 f6 82 c0 0b d2 a3 ec 7a 3d 6d 56 d8 79 57 30 e7 6d 85 34 16 97 21 5f 12 87 f4 9d cc 3b b1 74 fe 1f ad 7c 05 dd 2c ab a5 20 10 54 b2 ed 9f 5f fe f2 57 2f 10 f0 6a 9a 06 b6 d4 eb d1 6e de 13 ae 87 6a de a3 c7 82 79 96 44 bf f3 b4 38 af 5a 46 eb 23 1d f0 4a e2 36 db 7f 3a fd d2 c3 12 89 22 12 26 6e 17 e5 a1 c9 bc Data Ascii: :;:5#4EC)8,dE<\|mnd0.iF.3ONBRxRx#(QfOUdF.`"\|[dc>_j$7:VMVXph`z=mVyW0m4!_;t\|, T_W/jnjyD8ZF#J6:"&n
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 75 e9 41 85 c8 d6 83 d9 03 52 4f 95 6f 29 ea cc b2 fb 37 6f 96 c8 07 cf 7a dc f9 4e 37 4a 1d c2 09 db 7d 9d 3d e1 0f 23 af b3 2a f7 4b 54 cc 42 e4 5f 67 6f 6b bb e0 bb 15 0b d3 96 1f 73 b3 9b 41 46 e2 d5 42 e3 cc 6b 20 3b 18 46 cf 16 1d f5 c5 f4 2a c8 b3 cf 36 c9 8e 47 9f d8 06 16 12 1a 28 e1 84 c7 fe cb f7 b3 11 d6 0e fc ae d6 11 bc 5f a7 8d ef 58 e5 ef bf 1c 28 1e c3 8e 67 bf 18 b7 37 0e 19 c2 e0 45 61 a6 d6 06 d1 5f b0 57 42 07 43 bd a6 c9 2c 66 3b 66 b3 ac 24 00 db 41 07 a7 54 10 6b 0b e7 11 a4 e6 19 7d 03 da 0e 82 bd bc 0c 53 1f 00 ec 47 40 ae 40 84 59 f8 ab 7a 73 a4 17 ee 29 a1 b1 26 00 f0 a3 57 45 67 8b 95 76 f4 3d dc 08 30 46 ba 8d 8f f6 6b 20 53 2a 16 38 7f f8 9d 1b b1 00 00 11 6c 2b bd 1b 94 1f 39 e4 25 7a 48 72 17 90 0f 65 29 ad 10 d2 25 bc d3 Data Ascii: uAROo)7ozN7J}=#KTB_goksAFBk ;F6G(_X(g7Ea_WBC,f;f$ATk}SG@@Yzs)&WEgv=0Fk S*8l+9%zHre)%
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: e8 ca 0c af 6d 7a dc e4 71 cb 3e 0b e5 f3 f6 5c 5e 50 d5 40 54 85 89 6a 43 f2 8c e5 96 82 55 9f 69 50 71 51 6e ec 61 12 85 c8 d9 87 9c 23 5c 17 92 02 4c 2a f1 48 f7 03 b1 13 ae 31 e7 fa b1 48 6c 62 5a 95 fb fc 1d 4b a8 43 24 7c f1 b8 12 a2 58 a5 2d f4 c0 56 b8 de bd eb ed 33 b6 7c f5 30 10 44 ab fc 9d 2d 43 bc 69 fe 9a 8f 96 4b 9f d7 6f 59 ee 39 3e 3b 8b f3 be 3a 0c 75 e8 4a 7d e9 98 b9 e9 ab 27 02 51 27 df b7 65 c5 7c 56 0d 01 1e bf 7f f2 9e b3 df a6 7a d1 7b a1 fd 86 f7 e2 f3 94 8f 7e 47 be 4f df d9 c2 13 2e bf f6 8b fe 26 f0 64 a5 55 79 7f 11 01 b9 a5 df e0 fa c4 76 94 6b b1 fd b5 5c a6 cc 7a 8c df 7c 24 3c 7f c9 d4 2b ef 03 90 ef e6 7d 6f cb 85 df c4 fa 01 4c 4b 49 6c 9d b4 2c 5b dd f4 2d 6a 5f 69 13 2d 8f 6d 47 ae 1b d7 5b eb ab ed 67 c7 93 96 d7 be Data Ascii: mzq>\^P@TjCUiPqQna#\L*H1HlbZKC$\|X-V3\|0D-CiKoY9>;:uJ}'Q'e\|Vz{~GO.&dUyvk\z\|$<+}oLKIl,[-j_i-mG[g
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 53 ab 96 aa 92 ac 44 fe 71 8d d9 1e cc 45 f0 15 6d 8b 3c 44 c2 36 da 73 78 95 ae b0 41 7b 0d a9 5f 2c eb 40 01 62 ab c5 fd 4e e6 f7 64 bf e1 85 d0 af a2 a4 c7 17 2d 93 08 7e 6f 26 6e 2a 43 39 c4 f3 2d 2e b5 a7 3a 3c 80 a6 46 b7 99 1c 96 e4 db ad 90 e1 f1 c5 00 c2 7a 0e b6 c9 c6 8b 9d e7 20 30 ba b3 cb 04 22 7d 2e db 42 94 ab ef 74 9f a5 ba 55 a6 6c b1 38 ae 1c 5b 3e 35 81 e3 77 da 64 13 03 34 ff 5b 66 1c 34 54 5f 1c dc 00 81 30 e5 fe 5b 17 1e 4a 53 eb 58 89 5e 12 45 bd d9 32 81 bc f9 17 3c 44 82 de ce b7 7c 2d c8 2b 16 9f 32 ef e9 3b 3c de 9c 8c 17 2e d4 d2 7c 8b a4 47 fb 23 26 e8 ab 20 dd e8 86 41 34 1f 98 60 0b 73 55 00 c2 4e 54 04 39 b7 11 ba 2d 0f ff ec 0f 6a b2 b1 c5 f1 dc 6d b3 7f 43 b4 85 43 e9 3a 32 ab 10 94 ce b5 6a 58 ec 8c 49 e3 80 54 3a 5b 9d Data Ascii: SDqEm<D6sxA{_,@bNd-~o&n*C9-.:<Fz 0"}.BtUl8[>5wd4[f4T_0[JSX^E2<D\|-+2;<.\|G#& A4`sUNT9-jmCC:2jXIT:[
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: ad ab a0 87 41 a5 5b 63 92 0c a1 8a ab 82 9d 51 90 3a 0e f6 db 5c 8e ca 76 b4 8b df b1 5c ba f4 79 0b b4 ee 57 56 37 35 b7 78 49 b5 6b 28 ff b6 aa 24 39 21 4f a2 02 c8 50 25 ad 5d 25 55 a5 7c 74 8a 34 1a 38 96 16 aa 69 1e c8 fc c0 09 50 89 74 ca 68 35 b0 a3 87 90 21 3a f9 e8 54 ea f1 cf 8b 22 9c d4 d0 f1 2a 42 2a 6b 35 cf 49 75 75 8f 63 1a a5 b3 af de 95 d8 7a f4 3e 3a da 99 48 df 57 04 42 8e 85 b9 88 a1 03 08 ec 35 b4 98 b3 73 2d bb ed cd da 13 7b 3a d6 5a c1 2e aa 18 22 e0 c2 fa ee 0f 59 3d 72 30 64 e0 5e fb 34 ef 75 b5 4b 48 9a 3f a6 52 b7 05 64 14 2d 69 5f 39 50 d0 ac 1f 27 e9 3d b0 57 41 75 b3 9e 86 8b 8f 23 02 a5 c3 c8 74 22 09 47 c5 f7 48 b2 26 6a 8b a3 31 87 c4 20 49 5a cb 91 4d ec 91 4e 90 02 c0 10 d8 41 51 8b e3 75 a1 8a 58 78 a6 8d d2 2d d7 61 Data Ascii: A[cQ:\v\yWV75xIk($9!OP%]%U\|t48iPth5!:T"Bk5Iuucz>:HWB5s-{:Z."Y=r0d^4uKH?Rd-i_9P'=WAu#t"GH&j1 IZMNAQuXx-a
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: dc 9b 46 aa 81 df 80 b9 24 29 f3 8d ec f9 85 4d c2 76 c4 58 61 16 31 96 a3 e1 31 b6 4f ea 51 a6 f2 b5 5a c0 b0 41 f6 de a7 67 cd f2 b5 af 60 4b 9a 40 d7 40 01 63 22 d3 c3 cd 70 5f 3a a9 51 cd 37 e4 7f d7 87 78 9f a4 d3 f1 8a cb 96 0e 9c d2 f4 6a 0d 1f 43 93 e3 42 0e 73 d9 34 19 a3 ec 73 28 f8 2b 7c 0b 6b 5c 11 cb fd 25 96 ea ae 3b a1 6d 1e 2b f6 35 2e d8 42 74 94 01 a6 0b e1 14 d6 1d 9f 9f b7 51 31 52 7f 19 65 26 df ca a8 bb 55 1a 91 46 79 d6 11 b2 81 07 de f6 f9 e7 67 0d 96 72 23 2b b3 a1 b8 1f 3e ab 8d 86 40 3e c4 7a a1 79 f7 33 12 17 b3 e8 8d 5c 0e f1 59 dd b7 84 70 82 ec 11 7d 05 24 94 13 2b ab bf ab 81 ab 9b 7a 5e 99 4c f9 26 ff bb 7a f5 6a 38 ff 9e 5f ab c5 7c 4b 48 32 ce 3a 86 5b 1f 8c 57 be f1 6d 42 b4 21 c9 ed 52 12 e5 97 34 3f 03 bf 6b 7c 57 c1 Data Ascii: F$)MvXa11OQZAg`K@@c"p_:Q7xjCBs4s(+\|k\%;m+5.BtQ1Re&UFygr#+>@>zy3\Yp}$+z^L&zj8_\|KH2:[WmB!R4?k\|W
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 5e 06 c6 16 6e 6a 7e 21 0f c4 9f fb 7f 5f 7f c7 c6 c6 e0 3d 4d 41 4b 35 6a 62 e2 ef d8 24 d9 71 12 0b fd 0e 6d ae d0 ed 26 ea 55 a2 ac dd 8a 0d 4d 41 5d e7 80 56 5f c8 3c 9e 46 7e 37 36 41 4a 34 c5 53 b3 36 51 ba 36 82 56 95 e2 7d 69 93 21 59 9e af 65 96 2e 23 65 b6 43 2a 01 48 4c cf d5 d0 56 86 2a 95 4b 17 84 4e 12 9c d4 d2 50 1b cb 51 26 a8 0e 85 74 95 81 56 51 79 05 fa aa 8c 68 03 df 7b fd 7e ea d0 cb 64 a1 8b 8e be c4 b2 87 40 f4 41 7f 48 9b 9b 1d 89 c9 81 17 0e ea bf 2f ec e2 4b 59 6c 20 48 8d c7 0b 01 60 08 3a c7 fb f6 f6 90 76 f6 76 e9 55 16 c2 27 8b 50 d4 db ba e1 1f 4f 9d 15 bc c9 bc 3a cb 35 bf c0 97 2b 33 4f 79 01 b8 4e 21 21 31 d6 c9 5e 07 8b 74 45 27 73 f5 ed b7 f9 8f 86 9d 9a f6 46 41 62 c2 d6 89 23 a5 9d aa 74 ff d1 72 38 04 60 30 12 11 73 Data Ascii: ^nj~!_=MAK5jb$qm&UMA]V_<F~76AJ4S6Q6V}i!Ye.#eCHLVKNPQ&tVQyh{~d@AH/KYl H`:vvU'PO:5+3OyN!!1^tE'sFAb#tr8`0s
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: a5 70 6b 28 1d 26 80 19 12 29 d3 35 46 e9 dc 49 90 ef eb 3c 7f 47 7e af ab db c8 e4 7d 01 c0 4b 3a 5e 46 fc b7 84 f5 65 78 0b 19 c1 d9 2c 0b 6a 4e 68 0a 5a 09 95 3f fc 51 02 c3 4c 40 a0 23 b2 8e 23 de cb cd c0 34 3e 0c 97 2e 5e 92 3c 0d cf df 39 88 c2 6e 48 97 e2 45 fa 58 b8 f8 04 9e 9b 07 d4 8b 07 e2 e7 4b 77 49 de 79 b2 fa 82 c6 94 59 08 b5 55 e1 c2 e7 89 3e 53 37 f1 45 c2 0b 17 56 85 2c 6f 27 07 6d e5 e4 13 8a 89 ab 09 a8 b2 f0 43 c5 b5 db 93 7c a0 e6 f7 39 34 a6 8b d8 38 20 97 36 96 25 6f ae 4d 21 bb 7a b8 85 4e 5d 0f 82 b2 1c ba b0 65 c7 d5 f6 5c a1 90 ce 02 f9 c4 af 43 d6 13 3b 56 76 ec 60 38 a0 3e 0b 08 4a e0 a1 16 0d 75 79 a9 ac 74 6e 69 cc 03 3e 14 9a 95 52 80 c8 52 60 f4 ff e9 55 4a 8c d1 46 84 b2 31 7a 09 4b 0a 66 5a bf 35 46 48 7b 61 c9 07 09 Data Ascii: pk(&)5FI<G~}K:^Fex,jNhZ?QL@##4>.^<9nHEXKwIyYU>S7EV,o'mC\|948 6%oM!zN]e\C;Vv`8>Juytni>RR`UJF1zKfZ5FH{a
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 75 d3 aa 7d 34 79 59 8b 45 34 09 c4 a4 f5 d6 31 e0 57 3e a0 bc 73 59 d2 76 0c c6 ee 5b 5e a8 92 1c 99 a4 69 2f 13 a5 63 43 fe b2 c9 82 27 5c e6 e0 a6 87 5c 5a b5 09 b9 8a d6 ed ae 03 16 8a 07 26 85 c2 d5 6a 96 05 50 80 81 ad 6d 1a ac de 14 90 31 37 ab ae 83 a6 69 34 81 2e a4 dc 6d 52 aa a8 fd 18 c4 06 20 2f e8 40 30 06 90 73 22 0f 52 a1 50 ad c5 55 6a 0f fc 0f ab 57 9f 25 ba 35 50 84 93 ce b8 15 f7 1f 61 9c 1b 0c 14 dc f3 ce 45 80 25 c9 69 a7 49 8f af f4 76 a4 1d 84 a5 51 5c d2 a6 1a 92 a0 bc 52 d7 88 3a f8 80 92 78 68 e2 53 61 de e4 f7 9d 99 42 4e bb 4a 2c c2 75 50 17 b9 81 c4 15 05 a1 92 9f b2 71 89 7d 3d 24 0f e7 71 de a9 3b 6a 5d e0 73 40 f5 1e 72 36 11 25 3d 19 c6 64 c9 65 9c 26 00 6f da 58 25 37 7a 7a 4e e9 9e 81 6f 48 6b 86 0d 3c 93 10 6e 7b 0e d0 Data Ascii: u}4yYE41W>sYv[^i/cC'\\Z&jPm17i4.mR /@0s"RPUjW%5PaE%iIvQ\R:xhSaBNJ,uPq}=$q;j]s@r6%=de&oX%7zzNoHk<n{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	49844	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:48 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/guild-2.bb8e2315.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:49 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "1e7c5eadb5e51e5f94daf988419923dd" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 57081 Accept-Ranges: bytes X-NWS-LOG-UUID: 2363842214698114560 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:49 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f8 08 03 00 00 00 b7 f2 33 ea 00 00 03 00 50 4c 54 45 00 00 00 4c 76 87 45 65 78 2b 1c 16 43 26 18 52 2f 1b 8d 8a 88 87 85 87 47 5d 67 3c 28 20 5c 67 6e 61 47 35 3c 22 14 70 78 7d ae 98 83 22 18 14 0e 0c 0b 29 1d 18 61 88 9c 5a 32 1d 1a 12 0e 51 2c 19 56 2f 1b f6 f5 f1 4b 29 18 a6 a3 a1 2e 24 21 5c 85 99 97 b1 be 52 7d 90 5f 34 1d 64 38 20 46 26 16 75 9b a8 4c 79 8c 3a 1f 13 a3 ba c5 a4 9e 9a 65 3d 25 32 22 1a 40 22 14 85 a6 b4 91 ad bc 38 27 1f 35 2b 27 f4 f0 eb c5 cc d3 56 81 94 9e 99 97 5d 39 23 a4 b6 be 7a 9f ab 8d 8d 91 6a 41 29 9c b6 c2 69 92 a5 6c 3d 22 22 1f 20 c2 c5 cc ad a8 a5 b8 b2 b1 19 17 17 76 41 26 32 1a 10 b1 ac ab 62 8d a0 a5 a7 aa 41 2d 23 9e 9c 9e 47 74 87 8c a9 b7 97 Data Ascii: PNGIHDR3PLTELvEex+C&R/G]g<( \gnaG5<"px}")aZ2Q,V/K).$!\R}_4d8 F&uLy:e=%2"@"8'5+'V]9#zjA)il="" vA&2bA-#Gt
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: e5 3c 27 89 61 51 6e 03 24 4e 2f a5 77 21 ec 08 90 17 29 c9 9e 6f 33 dd 82 79 cb 50 e0 f5 c2 7b 5e 18 ce cf c3 ee a0 75 62 e7 c6 07 8f 3e f0 e8 a3 8f d6 4c 4e ae ad ad 6d 6e 66 a6 ab c1 8d ff da 21 50 83 3c 14 51 2d b4 f2 99 28 95 78 22 5e 42 8c cd 83 b7 f4 c2 6e 78 44 62 53 f3 42 5f 38 d9 eb b0 6a 28 32 0a e2 de 80 94 8d ec 65 76 97 af c7 4d f9 58 67 94 2c b1 86 86 be fb e3 30 1d 12 52 91 63 ba cc 36 e8 0f 70 db cb e6 84 bf 99 a5 cb b0 ec f3 ad 0c 45 d2 63 a0 d6 46 f2 6d 0a 1d ec 65 af 5c 99 b0 bd 22 9e 67 20 25 e0 d1 11 f7 74 10 b9 4d 83 cb 3d 05 b4 ff 8d 6a 66 a6 a9 c1 e3 05 67 d8 58 91 7c b7 81 d2 31 13 07 49 91 94 10 b8 76 85 4c 40 13 7b 0c ca 14 bb e2 3a 2c 90 18 8d 53 3e aa 44 e0 bc 00 b5 b7 95 4e 1b 4b ca c7 fb 3a 2e 24 fc 11 81 8d 59 58 e7 fe d8 Data Ascii: <'aQn$N/w!)o3yP{^ub>LNmnf!P<Q-(x"^BnxDbSB_8j(2evMXg,0Rc6pEcFme\"g %tM=jfgX\|1IvL@{:,S>DNK:.$YX
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: ac 7a cc 31 b8 89 e2 2a 83 4d ae 11 a3 d1 98 31 ce 0e cc 38 1b 8f 76 63 06 a9 9b 8e 70 9a 50 0e 66 a2 b6 72 f6 b3 6b 8b eb 87 aa bd ad 95 b5 a4 4e ed 9d c5 e7 bd 1e 6a fa 6e e7 a8 cb 52 c9 0f 5a e5 ef b0 f6 ae a8 1c 93 b3 6f 34 e4 11 98 44 7c a5 ea dd ba 0c 36 a7 60 33 35 53 0c 96 ef 46 5b 7f 0a 61 f0 89 a4 db 14 b9 f2 cb 8b 6a 0b 1b ba d9 b5 58 79 7d 72 78 28 d8 b0 c5 5e 8b 93 c5 cd e2 b9 7a b3 a1 50 22 9c 42 35 66 1e f4 0f ff 17 db dd 51 b0 29 27 a9 2b 60 bf 5e 0f 39 5f c8 6b 48 b2 d2 3c 41 1a ce 60 28 f9 3f 43 6f 7d 56 e5 50 b6 15 b7 0f 1f b6 a6 b7 f6 d7 c2 cb 07 8a 1a 6b 90 0a 24 db db 66 81 04 35 c8 45 c3 c0 fb d4 9e 43 50 03 1a d6 d1 d4 d1 46 95 3a 8a 8d bc 4e d5 c3 d4 7a c8 a3 35 02 1a 6a 88 8d 5e 1c 42 d4 08 b1 88 ed 2b 6c 88 2d 1c 9e ef dd 79 ba Data Ascii: z1*M18vcpPfrkNjnRZo4D\|6`35SF[ajXy}rx(^zP"B5fQ)'+`^9_kH<A`(?Co}VPk$f5ECPF:Nz5j^B+l-y
2024-07-20 07:21:49 UTC	7929	IN	Data Raw: bc 60 b3 d9 9d 6e 7a 1b d0 a9 0d 92 98 a8 4e 27 87 3f 80 19 3b 0a e3 3f 58 41 cb d0 da 5f 09 9d 61 4c 92 8d d2 a3 e5 52 0f b1 5d ef fe e1 07 67 d8 ec b3 a4 34 74 83 da 54 21 d2 4f 06 06 36 8e 60 c6 6c 2e 67 da 84 fd 2c e3 5e c1 c8 da e4 5a 99 0f 56 47 cc df 0c da d5 4a 8f 53 16 f3 0c 89 58 32 9f ee 6d 6f 97 cc 88 2e e2 87 1c 0a 63 4e db bf b6 bb f9 de c5 d6 7c ab 08 4b e1 66 16 33 6d ef 5d bd bb 5d e3 23 9e 7c f2 de 3b 1f bb e7 e1 c7 1f 47 38 ad dd 62 86 d8 46 75 5c 8a da ea 7c 2a 83 09 e7 71 cc 67 a4 9f d4 9f 6c ed 5c dc 5c 6d d1 4d 8f d8 ba a8 6d 07 68 d8 d8 f5 61 fb 06 ff 6b 1b 0b dc e5 f4 a7 38 a6 cf 96 86 0c 53 35 10 bd 12 49 a6 3d 7e 14 e4 88 31 e0 59 5c 4c a1 8e e3 07 79 ab 54 ff c1 46 16 c6 c0 14 77 85 c8 a6 69 03 93 b4 8e d1 cb ee 01 5b 39 05 16 Data Ascii: `nzN'?;?XA_aLR]g4tT!O6`l.g,^ZVGJSX2mo.cN\|Kf3m]]#\|;G8bFu\\|*qgl\\mMmhak8S5I=~1Y\LyTFwi[9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	49846	129.226.106.210	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:49 UTC	442	OUT	GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1 Host: otheve.beacon.qq.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: tgw_l7_route=dbedd7d9ea6bcb5d78d1fcdb8b9b8009
2024-07-20 07:21:49 UTC	542	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:49 GMT Content-Type: text/plain Content-Length: 32 Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46" Connection: close error-type: unsupport-type Access-Control-Max-Age: 600 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: x-requested-with,content-type
2024-07-20 07:21:49 UTC	32	IN	Data Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d Data Ascii: {"error-type": "unsupport-type"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	49847	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:49 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/guild-4.cf504f86.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:49 UTC	480	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "2ba7372c1cc901630fceca0f23915ffc" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 53552 Accept-Ranges: bytes X-NWS-LOG-UUID: 258804174178619101 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:49 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 f7 50 4c 54 45 29 2c 4a 97 a4 ca 1c 1e 35 2d 27 38 37 52 91 30 30 46 7f a2 dd 4c 67 ab ab d3 fa 45 5b 91 5f 73 b7 3a 47 73 7a 8e dd 14 1f 3d 76 85 ca 2f 3c 74 66 76 b7 2c 40 6a 91 aa e5 9e c9 ee 4f 68 a6 20 20 32 08 0d 20 32 2b 3b 22 1f 2e 07 09 18 19 19 29 22 23 37 37 2e 3e 1c 1c 2f 28 22 32 2d 26 36 1f 1a 29 02 03 0e 0d 15 31 0a 10 2a 0f 19 39 28 25 38 18 14 23 23 26 3d 3b 32 43 2c 29 3d 30 2d 43 14 19 32 0f 11 22 1a 1f 38 11 15 2a 18 24 46 12 1e 40 26 2a 44 11 0d 1a 2e 30 4b 41 36 48 23 34 60 1e 2e 58 2d 3b 63 24 2d 4d 18 27 50 43 3b 4e 2b 35 56 4b 6c b7 e0 d3 d5 d8 b9 c1 da cf d2 36 35 4e 8d e9 f8 64 8f e3 50 71 bf 4a 40 53 46 63 b1 e1 c9 cf 57 Data Ascii: PNGIHDRF?PLTE),J5-'87R00FLgE[_s:Gsz=v/<tfv,@jOh 2 2+;".)"#77.>/("2-&6)19(%8##&=;2C,)=0-C2"8$F@&*D.0KA6H#4`.X-;c$-M'PC;N+5VKl65NdPqJ@SFcW
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: f7 ba af eb be af fb ba 55 d2 65 7a f3 71 a1 0c 6e 41 60 82 45 33 c8 24 8f aa e2 9b 2e a5 61 82 f3 fe d0 60 f2 fe d0 94 13 68 53 c0 9d 8e 1b 67 a9 d8 ca 9b 0c cf b2 84 53 4d 05 2d b0 b0 fb f5 92 45 ec 9e 46 6d 48 ce 0e 79 50 34 59 9a ad fe ae 22 97 3a f4 95 77 c9 d2 56 6c d6 59 61 e7 db 2b db da 90 db f6 3d f2 91 db ae 3e 19 0c 6e 3b 09 2b 50 5b ed 1f 76 34 ef 60 af d4 46 b8 a1 37 1c e5 aa 8c 7d e4 6b c6 2d b2 0d 65 d7 af 5e e9 dc 5a 5c 4b cd cf 37 72 26 6a 76 5f b9 4a c9 de 93 cd 35 3d cd 54 4d 26 93 03 10 f3 16 c2 ad 1c b9 15 5f b9 da d3 c3 0a 6a b2 5c fb 92 34 62 49 e4 36 67 fa 9c 07 31 c6 28 2f 37 6f 70 c3 34 ee 4c 53 ed ff 3c 78 19 37 a5 72 f8 4b 96 c1 5c c1 1e 72 0b c7 b5 58 70 70 5d ff a0 34 e4 fc a4 09 ce 91 13 37 47 2a c8 f6 cc 78 ea 6f d8 7c f1 Data Ascii: UezqnA`E3$.a`hSgSM-EFmHyP4Y":wVlYa+=>n;+P[v4`F7}k-e^Z\K7r&jv_J5=TM&_j\4bI6g1(/7op4LS<x7rK\rXpp]47G*xo\|
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 8d e7 6f c1 c6 0d 1a 51 8b 41 8b 51 c3 0c 1c c8 74 f4 0b 33 6a fe f2 2f e8 62 4e d2 8b 4d 37 f6 46 a1 b6 51 a2 66 36 fc 0b 4b 91 5b 0d 31 09 d8 a6 4e 3d f9 38 d8 88 4a ac 49 f9 3c 06 b8 ed 84 db 4f 3a c9 b3 9e cf 7f fa d8 b1 ad 6e 7d 8b b0 11 4f 1a b7 cd ac 66 da eb 06 1b bc 66 4b 6c dc 0f 9e 8d dd 20 dd 36 bb 01 36 06 03 73 18 1c 6c 92 1b 0b 97 78 09 19 8f b0 91 c1 39 6c c8 4d 31 89 19 53 d6 5f 6a 19 b8 9a ac 77 d8 6a 2f 5e 3c 61 dc ba 2f f5 f7 75 1d 0e b0 d1 67 fe f0 c6 03 50 4b b7 ad 80 d6 8a fd 70 73 7a cb e6 a9 84 4a f9 93 4f 16 ad 15 26 0f c8 3c 65 a9 ad 6b b2 38 b7 07 62 3b 39 40 23 98 d4 ed 1b 77 76 eb 1d b1 c1 ed 93 ac 6d 90 bb d5 3c 36 07 cd 1e a0 45 d8 8c 17 06 38 b5 4b 16 b5 68 6d 73 29 00 31 49 4a 88 6d e2 c8 7b ce 2e 01 db 1e b0 4d dd 92 89 Data Ascii: oQAQt3j/bNM7FQf6K[1N=8JI<O:n}OffKl 66slx9lM1S_jwj/^<a/ugPKpszJO&<ek8b;9@#wvm<6E8Khms)1IJm{.M
2024-07-20 07:21:49 UTC	4400	IN	Data Raw: 72 c0 65 6b 97 4c bd 1b 52 99 08 30 c0 81 ad bf 94 5f 4a 97 cd 5c d1 7c fd 9d d7 db 79 73 f5 ca 77 4a af 2d 04 1b 1b de e2 e6 07 37 b0 85 7e 03 9a 74 f6 3b 21 34 3b 66 7e c2 23 be f5 94 92 11 3b 23 09 32 1e d3 e2 c5 1f 7e f8 20 77 3b f6 7c 46 db dc e3 03 0d e7 c7 5c cb 61 18 3f 1c 1b 66 23 40 6a c6 16 fc 9e 03 93 52 46 11 25 95 d7 7b 62 18 cd 5e 76 6f 74 54 22 67 91 e3 66 93 6c 54 b3 4f 3c 27 29 55 05 ba ae 09 04 c8 94 20 48 aa 73 98 ac 76 34 5f 01 63 5a c7 4b d8 08 8f 58 4d ec 24 b8 45 d8 4c 75 4d 75 93 2f ca 59 2b 9b f1 e2 ed 5f 19 9b 3e 6f 68 20 a1 94 e7 b2 a6 cf ab a9 a1 69 c3 4d 77 01 0e 68 4c d7 78 0b dc 6c 37 7d 13 35 7e ab 30 eb 83 cd 2a e1 90 4b 32 49 67 c0 5b e1 56 bf f0 6e dd cd a1 62 af 0a d1 4b 5a 29 53 b1 20 b8 85 2b 25 60 33 bf 51 58 d9 f4 Data Ascii: rekLR0_J\\|yswJ-7~t;!4;f~#;#2~ w;\|F\a?f#@jRF%{b^votT"gflTO<')U Hsv4_cZKXM$ELuMu/Y+_>oh iMwhLxl7}5~0*K2Ig[VnbKZ)S +%`3QX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	49848	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:49 UTC	670	OUT	GET /im.qq.com_new/f2ff7664/img/guild-logo-4.2763deef.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:49 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "3d023d568da1bc239ae899b20fc628a8" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 11928 Accept-Ranges: bytes X-NWS-LOG-UUID: 6759425442050384079 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:49 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:49 UTC	11928	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 03 00 50 4c 54 45 00 00 00 31 39 5f 23 27 3b 5a 5c 8c cd d1 d5 32 38 64 db df e5 4e 52 b9 25 2d 50 22 26 47 23 2c 53 68 9b d8 33 3e 64 26 2d 4d 1e 21 3c 3d 49 78 1a 1e 33 4b 51 ab 3c 43 7f 48 5b aa 3a 44 71 c5 cb d1 f6 f9 fb 3b 45 9b ff fd ff 2a 2b 3b 17 1b 2a 1d 22 31 2c 2d 3e fc fd fe 25 27 38 29 26 34 16 18 25 23 25 33 3b 35 43 13 15 21 2f 30 42 1c 1e 2c 2d 2a 37 41 38 46 31 2d 3c 2c 33 4c 20 25 45 25 2c 44 1f 24 3c 37 31 3f 1f 24 35 23 29 3f 31 38 51 1b 20 38 3e 42 5f 29 36 56 48 53 7c 37 4a 76 3d 4e 7d 30 3f 6a 36 2e 38 49 52 73 37 3e 5a 33 41 62 2a 2f 47 33 33 46 2d 3a 64 50 58 93 3d 4a 6c 41 47 65 4d 59 7c 34 44 6d 40 56 88 32 3a 57 25 30 4e 4a Data Ascii: PNGIHDRyy$~{PLTE19_#';Z\28dNR%-P"&G#,Sh3>d&-M!<=Ix3KQ<CH[:Dq;E+;"1,->%'8)&4%#%3;5C!/0B,-7A8F1-<,3L %E%,D$<71?$5#)?18Q 8>B_)6VHS\|7Jv=N}0?j6.8IRs7>Z3Ab*/G33F-:dPX=JlAGeMY\|4Dm@V2:W%0NJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	49849	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:49 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/guild-5.fe6684a7.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:49 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "2c24916fcb318129cc24af2a9aca8d3d" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 62227 Accept-Ranges: bytes X-NWS-LOG-UUID: 4614047195775685125 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:49 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 0c 0f 10 65 70 77 0e 10 13 1d 23 25 ff ff ff ed f5 f9 28 2e 31 4d 56 5b 41 49 4d 32 39 3d 18 1c 1e 20 24 26 0e 12 14 0d 10 12 10 14 16 12 16 18 0b 0e 10 03 04 04 05 06 06 14 18 19 14 19 1c 09 0c 0d 17 1a 1c 13 18 1b 11 13 14 fe ff ff 28 2e 30 07 09 0a 1f 25 28 23 2a 2c 1a 21 24 26 2b 2d 17 1c 20 18 1e 22 21 27 29 1e 22 24 2a 2f 33 2b 31 35 18 1d 1e 15 1b 1f 1a 1f 20 27 2c 2f 1c 21 22 39 40 44 2d 34 38 32 39 3d 2f 36 3b 24 29 2a 1c 23 27 3b 43 46 36 3e 42 3c 45 49 0b 0d 0d 3f 47 4c 20 28 2c 21 25 24 34 3c 40 24 2c 30 14 16 16 50 5b 60 44 4d 52 42 4b 51 49 53 59 4b 55 5b 27 2f 33 47 51 57 30 37 38 4d 57 5d 41 49 4e 52 5d 63 45 4f 55 55 Data Ascii: PNGIHDRF?PLTEepw#%(.1MV[AIM29= $&(.0%(#,!$&+- "!')"$/3+15 ',/!"9@D-4829=/6;$)*#';CF6>B<EI?GL (,!%$4<@$,0P[`DMRBKQISYKU['/3GQW078MW]AINR]cEOUU
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: c4 c4 68 63 b4 d1 d1 b5 45 d0 da ad c9 5f d6 62 a3 4b 5a 7a 67 07 9d e8 6f d2 72 bc 38 5a 73 a5 6f b4 a3 67 66 49 38 c9 44 11 dc 32 d8 e0 23 41 ce 8c 56 6d 36 2e 5d 39 63 76 ee 7a 7f 47 b6 4b 84 ff 09 7f 2f 07 ff 88 e4 c1 96 3a 83 ad da d2 df c5 59 ed e6 a1 f2 f4 45 56 c2 b1 8d da 91 b8 8f 86 f0 56 e0 c3 a0 c5 e3 e5 70 93 b9 33 0f 47 ef 57 e7 4e 55 47 c4 1c 74 8e 70 f0 77 7e c9 c2 90 76 dc b0 e2 a6 f6 7f 50 95 54 1e 94 e9 46 39 49 00 67 fe 6c 5c 6a 53 df 5e 89 4c 52 9c 4f 81 e4 9f 8e db 85 8b c4 05 20 36 c0 06 5e fe ae 76 ae ae a0 e5 ec 2a 93 c9 1c 60 32 08 90 c1 71 3e 49 a0 6d f9 44 13 eb 8a 3b 8f 47 0c b5 75 86 d5 09 9d 4a 37 d8 32 34 d4 f2 59 64 a4 ff de 03 16 36 ea 04 5d 77 9e 3e 37 b7 a9 ab ba 39 35 c8 33 c0 b4 49 0a 62 73 a3 b3 b9 43 61 c2 49 ce 9f Data Ascii: hcE_bKZzgor8ZsogfI8D2#AVm6.]9cvzGK/:YEVVp3GWNUGtpw~vPTF9Igl\jS^LRO 6^v*`2q>ImD;GuJ724Yd6]w>7953IbsCaI
2024-07-20 07:21:49 UTC	16384	IN	Data Raw: 92 85 02 a9 40 0e 5b 99 57 2f 68 75 57 c7 1e 56 f6 71 2d dd 7a 7d de b3 f9 c0 b2 65 57 ef b8 9c 7d a0 fa 2e 4a cc b4 73 d6 ad eb be a4 a9 30 90 41 75 6a 38 2f 2b 89 f8 21 f9 25 eb 34 c6 3c 9b bf e4 f0 bd 79 34 6a 5b 81 b8 21 84 c0 b3 e1 d3 cc ad d5 c0 cc b8 19 36 47 4b d1 69 24 10 51 53 ce d6 a4 ad 32 e2 56 12 b8 7a 36 65 f0 d6 60 8c 28 56 d3 ec 21 fe d0 29 0e 8a 9c 4d a4 80 91 ad 09 8e f7 92 da 45 43 58 d0 74 b2 bd 31 cd dc c5 5c ef 8e a9 65 22 26 c1 c9 1d 1c 95 c6 1d 60 bf 70 ef 2c 53 25 aa 61 20 62 d7 94 5e 13 8f 91 b4 c1 cd f2 b6 c9 c5 8f ce 3f 4a e4 5f 19 b7 fb 1e 6b 66 11 89 8b 24 e1 b6 b0 b0 d5 a0 55 b8 c5 d5 71 ad 95 bb c3 88 2e c7 8e 52 e8 3f 21 63 68 ca c5 17 e8 17 ce ee 84 44 73 76 82 06 35 22 12 12 ee c7 6e 7f f6 d9 a3 47 01 87 c8 5c 62 2a db Data Ascii: @[W/huWVq-z}eW}.Js0Auj8/+!%4<y4j[!6GKi$QS2Vz6e`(V!)MECXt1\e"&`p,S%a b^?J_kf$Uq.R?!chDsv5"nG\b*
2024-07-20 07:21:49 UTC	13075	IN	Data Raw: ba 8a 80 29 38 f4 4c e1 ba 88 22 39 0e eb 11 1e 57 af e4 a9 6a 81 99 ce 70 93 86 ff d5 b9 88 bb 29 31 70 97 92 9b e6 36 68 af ac 3f d8 3c 71 20 19 11 b4 e4 40 b4 b3 5c 45 9a 35 82 87 46 71 d8 12 23 7d 93 83 93 fd 0b 7e da cf 19 b7 35 19 c8 3d ba a8 2a ce 01 4d e8 5f e9 29 2a bd a1 0f 18 4c 20 d9 3b 6b 46 52 9a 93 2e de d4 73 b9 e0 75 8f ce ec 34 36 3f 2b 6c de ca ca c6 f3 1e b2 db 9d 45 03 6f f5 fa 60 f3 73 b9 62 aa b0 c5 27 38 be 57 52 0e 0b 59 1b 7b be c8 71 0a 9b 3d 3d a1 23 9f 2f 32 7f b6 03 23 59 c8 f9 c2 16 ea 52 65 4d e4 dc 74 3d dd 22 13 6c 48 1e 47 d9 28 75 5a cb db a9 6f de 42 4f a8 4e db e2 a1 17 10 74 2f ba 1f 21 4b fe 9f 4c af 3f dd ef 19 b0 93 19 37 90 0b 3c c9 ba e0 06 36 d0 41 4e d0 44 4e a3 14 9c e2 1d 3b 27 ca 6c e3 94 5a 0c 20 b1 30 cd Data Ascii: )8L"9Wjp)1p6h?<q @\E5Fq#}~5=M_)L ;kFR.su46?+lEo`sb'8WRY{q==#/2#YReMt="lHG(uZoBONt/!KL?7<6ANDN;'lZ 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	49851	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:49 UTC	392	OUT	GET /im.qq.com_new/f2ff7664/img/guild-logo-1.c1c08300.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	479	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "596e73982012010e6a3972c0e0d848c1" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10520 Accept-Ranges: bytes X-NWS-LOG-UUID: 38456764143332930 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:49 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	10520	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 03 00 50 4c 54 45 00 00 00 c5 94 20 9b 51 2a 90 09 06 f6 50 35 cc 90 50 88 5c 46 aa 7f 72 e5 71 37 df b4 42 ec c3 7a df 25 1e f3 62 4a d7 bb 9a d9 b6 58 d2 a3 43 f8 b7 aa ca 9a 2f e8 b4 50 cd 9d 37 ec e3 b4 9c 60 3c ec e1 96 f7 72 3d fa 69 41 47 00 01 3f 00 00 4f 00 01 ff e1 c1 31 01 01 2b 02 01 69 35 0b fe fe fc fe d6 b5 59 00 01 fe dd b9 2f 11 05 38 00 00 5e 30 0a 65 02 01 71 3c 11 45 21 08 52 29 09 fe d4 ae 3a 1a 06 fd cd ad fd e8 b8 27 04 01 97 41 1a 22 08 02 02 2c 95 b5 77 08 01 35 a3 fd a0 58 88 04 01 ca 9c a2 6f 03 01 ab 7c 4f a9 56 2d a2 4d 24 96 4a 22 7b 3e 1a e6 7b 4a d6 74 45 b1 1a 06 f8 cb a9 cd 67 3b 95 05 02 f7 c4 a2 ed b6 93 ff 5e 39 bf Data Ascii: PNGIHDRyy$~{PLTE QP5P\Frq7Bz%bJXC/P7`<r=iAG?O1+i5Y/8^0eq<E!R):'A",w5Xo\|OV-M$J"{>{JtEg;^9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	49850	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:49 UTC	670	OUT	GET /im.qq.com_new/f2ff7664/img/guild-logo-5.87d757fd.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "ccdbdfb8d84b291edb24946be9957719" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 9080 Accept-Ranges: bytes X-NWS-LOG-UUID: 15169493934291617609 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:49 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	9080	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 02 f4 50 4c 54 45 00 00 00 0c 12 16 c9 d7 e0 f1 fe ff fe 54 44 9f ae b7 b0 bc c3 ff 8b 5a dd cc c5 fe c0 7b db e8 ef d6 e3 eb ee fa ff c8 d7 df ce d9 e0 fe 83 53 0e 1a 20 f8 ff ff dc e7 f3 ef fb ff cd da e2 e7 f4 fc fe 6c 4b 20 2b 31 ff 80 53 db e7 f1 15 20 26 c4 d3 db c9 d9 e0 fe d4 85 fd 72 4d eb c0 7a d4 e1 e9 ff 6c 4a 31 3e 46 13 1c 24 d3 e0 e9 ee f9 ff ef fa ff d2 dd e6 10 1a 21 ff 7e 53 cb d7 df 19 25 2b f1 fc ff d7 e3 ec 19 23 2a 5f 6b 72 b4 bf cb f3 9f 62 d0 dd e4 ff 7f 53 eb f7 fe 13 1d 23 f2 fb fe ff d2 7e 98 a6 b1 0c 17 1d c0 cf d7 c2 cf d8 2d 38 40 ff b9 74 ff 6f 4b f1 fc ff 7c 8d 96 55 64 6d 11 1b 21 db e9 f0 ff 9b 62 ff 85 58 ff 5a 48 c2 Data Ascii: PNGIHDRyy$~{PLTETDZ{S lK +1S &rMzlJ1>F$!~S%+#_krbS#~-8@toK\|Udm!bXZH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	49854	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/img/guild-2.bb8e2315.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	480	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "1e7c5eadb5e51e5f94daf988419923dd" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 57081 Accept-Ranges: bytes X-NWS-LOG-UUID: 944987938950610018 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f8 08 03 00 00 00 b7 f2 33 ea 00 00 03 00 50 4c 54 45 00 00 00 4c 76 87 45 65 78 2b 1c 16 43 26 18 52 2f 1b 8d 8a 88 87 85 87 47 5d 67 3c 28 20 5c 67 6e 61 47 35 3c 22 14 70 78 7d ae 98 83 22 18 14 0e 0c 0b 29 1d 18 61 88 9c 5a 32 1d 1a 12 0e 51 2c 19 56 2f 1b f6 f5 f1 4b 29 18 a6 a3 a1 2e 24 21 5c 85 99 97 b1 be 52 7d 90 5f 34 1d 64 38 20 46 26 16 75 9b a8 4c 79 8c 3a 1f 13 a3 ba c5 a4 9e 9a 65 3d 25 32 22 1a 40 22 14 85 a6 b4 91 ad bc 38 27 1f 35 2b 27 f4 f0 eb c5 cc d3 56 81 94 9e 99 97 5d 39 23 a4 b6 be 7a 9f ab 8d 8d 91 6a 41 29 9c b6 c2 69 92 a5 6c 3d 22 22 1f 20 c2 c5 cc ad a8 a5 b8 b2 b1 19 17 17 76 41 26 32 1a 10 b1 ac ab 62 8d a0 a5 a7 aa 41 2d 23 9e 9c 9e 47 74 87 8c a9 b7 97 Data Ascii: PNGIHDR3PLTELvEex+C&R/G]g<( \gnaG5<"px}")aZ2Q,V/K).$!\R}_4d8 F&uLy:e=%2"@"8'5+'V]9#zjA)il="" vA&2bA-#Gt
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: e5 3c 27 89 61 51 6e 03 24 4e 2f a5 77 21 ec 08 90 17 29 c9 9e 6f 33 dd 82 79 cb 50 e0 f5 c2 7b 5e 18 ce cf c3 ee a0 75 62 e7 c6 07 8f 3e f0 e8 a3 8f d6 4c 4e ae ad ad 6d 6e 66 a6 ab c1 8d ff da 21 50 83 3c 14 51 2d b4 f2 99 28 95 78 22 5e 42 8c cd 83 b7 f4 c2 6e 78 44 62 53 f3 42 5f 38 d9 eb b0 6a 28 32 0a e2 de 80 94 8d ec 65 76 97 af c7 4d f9 58 67 94 2c b1 86 86 be fb e3 30 1d 12 52 91 63 ba cc 36 e8 0f 70 db cb e6 84 bf 99 a5 cb b0 ec f3 ad 0c 45 d2 63 a0 d6 46 f2 6d 0a 1d ec 65 af 5c 99 b0 bd 22 9e 67 20 25 e0 d1 11 f7 74 10 b9 4d 83 cb 3d 05 b4 ff 8d 6a 66 a6 a9 c1 e3 05 67 d8 58 91 7c b7 81 d2 31 13 07 49 91 94 10 b8 76 85 4c 40 13 7b 0c ca 14 bb e2 3a 2c 90 18 8d 53 3e aa 44 e0 bc 00 b5 b7 95 4e 1b 4b ca c7 fb 3a 2e 24 fc 11 81 8d 59 58 e7 fe d8 Data Ascii: <'aQn$N/w!)o3yP{^ub>LNmnf!P<Q-(x"^BnxDbSB_8j(2evMXg,0Rc6pEcFme\"g %tM=jfgX\|1IvL@{:,S>DNK:.$YX
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: ac 7a cc 31 b8 89 e2 2a 83 4d ae 11 a3 d1 98 31 ce 0e cc 38 1b 8f 76 63 06 a9 9b 8e 70 9a 50 0e 66 a2 b6 72 f6 b3 6b 8b eb 87 aa bd ad 95 b5 a4 4e ed 9d c5 e7 bd 1e 6a fa 6e e7 a8 cb 52 c9 0f 5a e5 ef b0 f6 ae a8 1c 93 b3 6f 34 e4 11 98 44 7c a5 ea dd ba 0c 36 a7 60 33 35 53 0c 96 ef 46 5b 7f 0a 61 f0 89 a4 db 14 b9 f2 cb 8b 6a 0b 1b ba d9 b5 58 79 7d 72 78 28 d8 b0 c5 5e 8b 93 c5 cd e2 b9 7a b3 a1 50 22 9c 42 35 66 1e f4 0f ff 17 db dd 51 b0 29 27 a9 2b 60 bf 5e 0f 39 5f c8 6b 48 b2 d2 3c 41 1a ce 60 28 f9 3f 43 6f 7d 56 e5 50 b6 15 b7 0f 1f b6 a6 b7 f6 d7 c2 cb 07 8a 1a 6b 90 0a 24 db db 66 81 04 35 c8 45 c3 c0 fb d4 9e 43 50 03 1a d6 d1 d4 d1 46 95 3a 8a 8d bc 4e d5 c3 d4 7a c8 a3 35 02 1a 6a 88 8d 5e 1c 42 d4 08 b1 88 ed 2b 6c 88 2d 1c 9e ef dd 79 ba Data Ascii: z1*M18vcpPfrkNjnRZo4D\|6`35SF[ajXy}rx(^zP"B5fQ)'+`^9_kH<A`(?Co}VPk$f5ECPF:Nz5j^B+l-y
2024-07-20 07:21:50 UTC	7929	IN	Data Raw: bc 60 b3 d9 9d 6e 7a 1b d0 a9 0d 92 98 a8 4e 27 87 3f 80 19 3b 0a e3 3f 58 41 cb d0 da 5f 09 9d 61 4c 92 8d d2 a3 e5 52 0f b1 5d ef fe e1 07 67 d8 ec b3 a4 34 74 83 da 54 21 d2 4f 06 06 36 8e 60 c6 6c 2e 67 da 84 fd 2c e3 5e c1 c8 da e4 5a 99 0f 56 47 cc df 0c da d5 4a 8f 53 16 f3 0c 89 58 32 9f ee 6d 6f 97 cc 88 2e e2 87 1c 0a 63 4e db bf b6 bb f9 de c5 d6 7c ab 08 4b e1 66 16 33 6d ef 5d bd bb 5d e3 23 9e 7c f2 de 3b 1f bb e7 e1 c7 1f 47 38 ad dd 62 86 d8 46 75 5c 8a da ea 7c 2a 83 09 e7 71 cc 67 a4 9f d4 9f 6c ed 5c dc 5c 6d d1 4d 8f d8 ba a8 6d 07 68 d8 d8 f5 61 fb 06 ff 6b 1b 0b dc e5 f4 a7 38 a6 cf 96 86 0c 53 35 10 bd 12 49 a6 3d 7e 14 e4 88 31 e0 59 5c 4c a1 8e e3 07 79 ab 54 ff c1 46 16 c6 c0 14 77 85 c8 a6 69 03 93 b4 8e d1 cb ee 01 5b 39 05 16 Data Ascii: `nzN'?;?XA_aLR]g4tT!O6`l.g,^ZVGJSX2mo.cN\|Kf3m]]#\|;G8bFu\\|*qgl\\mMmhak8S5I=~1Y\LyTFwi[9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	49853	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	667	OUT	GET /im.qq.com_new/f2ff7664/img/guild-5-1.cae9b87a.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "d99f5228d03d33bf82ea3829df19433f" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 24909 Accept-Ranges: bytes X-NWS-LOG-UUID: 8903147045415222955 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 67 00 00 01 5a 08 06 00 00 00 5b be fa ff 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRgZ[pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
2024-07-20 07:21:50 UTC	8525	IN	Data Raw: a0 ff 19 39 79 d5 9c 1f 16 a5 27 34 8b f8 ad e5 d8 0a 91 64 24 ce 84 10 dd 06 4b 0f 85 f6 36 43 94 51 19 58 4d eb 86 8e 58 76 d9 65 5d 48 2e a4 db 3d 4b 4d 91 b4 5f cb e6 af 38 66 7b ec b1 87 6d b8 e1 86 2e bf 2d 94 4b 2f bd d4 09 b4 ae 6c 50 0b 2c 74 7f fe f9 e7 bb dc b7 6a a0 e7 1d fb 8d 40 9b 39 73 a6 09 d1 6c 48 9c 09 d1 c4 74 67 27 7e fa 5a 51 08 40 be 59 08 cb 2d b7 9c 2d be f8 e2 c1 a1 be 72 b0 0e a8 df 6e 54 c8 e7 a2 ca b3 d6 f9 51 f3 cd 37 9f 5b 6c 1c 27 2a f4 98 11 bd e7 9d 77 9e cb 8f 2b 14 39 21 e7 bd 5a 77 92 d0 33 6b 68 12 36 ae 06 9c bf 73 ce 39 c7 5d 23 72 d0 44 b3 21 71 26 44 93 12 2a cc e2 4e 2e 67 01 ec fb ee bb 2f 28 2f 8a 90 e6 c4 89 13 5d 85 66 dc d5 7c 54 08 86 e6 77 d1 ef 8c b0 2c 30 9e a1 63 14 f5 1c 4c 9a 34 c9 d6 5f 7f 7d 1b 32 Data Ascii: 9y'4d$K6CQXMXve]H.=KM_8f{m.-K/lP,tj@9slHtg'~ZQ@Y--rnTQ7[l'w+9!Zw3kh6s9]#rD!q&DN.g/(/]f\|Tw,0cL4_}2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	49852	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460108375&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:50 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:50 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:50 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	49856	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	392	OUT	GET /im.qq.com_new/f2ff7664/img/guild-logo-4.2763deef.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	479	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "3d023d568da1bc239ae899b20fc628a8" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 11928 Accept-Ranges: bytes X-NWS-LOG-UUID: 79269539774266526 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	11928	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 03 00 50 4c 54 45 00 00 00 31 39 5f 23 27 3b 5a 5c 8c cd d1 d5 32 38 64 db df e5 4e 52 b9 25 2d 50 22 26 47 23 2c 53 68 9b d8 33 3e 64 26 2d 4d 1e 21 3c 3d 49 78 1a 1e 33 4b 51 ab 3c 43 7f 48 5b aa 3a 44 71 c5 cb d1 f6 f9 fb 3b 45 9b ff fd ff 2a 2b 3b 17 1b 2a 1d 22 31 2c 2d 3e fc fd fe 25 27 38 29 26 34 16 18 25 23 25 33 3b 35 43 13 15 21 2f 30 42 1c 1e 2c 2d 2a 37 41 38 46 31 2d 3c 2c 33 4c 20 25 45 25 2c 44 1f 24 3c 37 31 3f 1f 24 35 23 29 3f 31 38 51 1b 20 38 3e 42 5f 29 36 56 48 53 7c 37 4a 76 3d 4e 7d 30 3f 6a 36 2e 38 49 52 73 37 3e 5a 33 41 62 2a 2f 47 33 33 46 2d 3a 64 50 58 93 3d 4a 6c 41 47 65 4d 59 7c 34 44 6d 40 56 88 32 3a 57 25 30 4e 4a Data Ascii: PNGIHDRyy$~{PLTE19_#';Z\28dNR%-P"&G#,Sh3>d&-M!<=Ix3KQ<CH[:Dq;E+;"1,->%'8)&4%#%3;5C!/0B,-7A8F1-<,3L %E%,D$<71?$5#)?18Q 8>B_)6VHS\|7Jv=N}0?j6.8IRs7>Z3Ab*/G33F-:dPX=JlAGeMY\|4Dm@V2:W%0NJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	49855	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/guild-6.1dc4108f.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "2ab8f5c5a6c57ce00974e904430044b7" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 47110 Accept-Ranges: bytes X-NWS-LOG-UUID: 12363073552879766045 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 fa 50 4c 54 45 4d 3d 2e 5c 52 5e 34 2c 35 70 72 81 16 42 95 0f 3c 90 fe fe fe f1 ea 39 f2 e8 29 2e 50 9c ab 86 c8 24 4a 9a b0 8f cb e8 f7 ff 39 56 9e 40 5b a8 ef db 27 a5 7f c8 ce 91 72 55 3d 29 9d 78 c7 f2 ea 45 fe e2 5a 34 55 a7 cb 8b 68 b8 9b cd bf 8f 7a 5e 48 2f d3 9b 7e 56 64 e9 da b1 b6 19 48 9d dd ac 8a d9 b8 bf 70 4e f1 fe f1 81 fa f8 ee ca b5 d5 47 35 25 25 15 0d d9 a3 81 6c 53 34 bc 76 59 8b 69 be 4a 61 aa dd b4 98 b1 88 a2 8a 7a 5f b2 97 8d c3 82 5e 8c 87 73 d5 9a 74 51 43 3f d9 c1 cb f1 f1 fa e3 ca c3 7d 7f 91 ba 9f 97 26 4f a5 56 48 64 5e 55 6c 7e 67 ba 75 5a 41 78 65 4c 60 5b 57 95 70 c4 46 3c 35 7a 55 f4 96 6b 51 c0 a7 d2 af a7 84 bf Data Ascii: PNGIHDRF?PLTEM=.\R^4,5prB<9).P$J9V@['rU=)xEZ4Uhz^H/~VdHpNG5%%lS4vYiJaz_^stQC?}&OVHd^Ul~guZAxeL`[WpF<5zUkQ
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 1d bb f6 83 db aa 2b d7 6e 78 74 1f f4 e8 66 a8 9c 7a c5 75 a5 ab ab f3 8a 26 27 53 27 1f ad ba cd c4 3d 54 96 6a 37 93 1e dd b0 a4 ec 0e ab 1e cc 08 da 78 5a 18 1d 80 30 44 3f 77 c1 20 6c 04 0f be 65 8c 55 e2 bc 7c 82 94 8b 7a 07 20 4d aa a0 8e 44 3e f5 28 96 15 a8 91 b6 23 88 68 18 11 2e 2c d1 28 ce 43 0c 61 25 ae 6e 04 b6 c1 7f c1 56 21 02 e1 d4 bc 3b 31 1f ea 0f 48 f2 0f 02 5b 7d 7d 1a 7d 1f 33 e3 17 68 b4 db 79 de e5 ad a3 6d 98 62 dd 76 d2 dd 53 5e 0b 95 6f d4 77 98 3a a0 a6 8c b2 32 cb 5f fe bf b6 a7 d0 32 d6 ae 16 4f 57 7b cf f7 94 55 c2 6c 04 6d 11 36 44 49 5b 66 e6 3a da 05 60 43 6e 52 78 2b 63 e3 c5 3f e6 be 34 a4 ff 30 1b b8 35 de b4 83 62 e4 03 00 c6 d8 76 e0 15 63 93 a0 86 07 4a 6e 00 b8 0d 28 fb 8a 8a 4a 5a 01 ae b6 fc 8e 67 53 61 b6 95 6b Data Ascii: +nxtfzu&'S'=Tj7xZ0D?w leU\|z MD>(#h.,(Ca%nV!;1H[}}}3hymbvS^ow:2_2OW{Ulm6DI[f:`CnRx+c?405bvcJn(JZgSak
2024-07-20 07:21:50 UTC	14342	IN	Data Raw: b7 c9 09 67 48 8e c5 87 9c 82 3b ae a5 b1 0d b9 0b e6 26 dc 43 74 a3 8d 8e f6 71 ee c0 d3 68 8c 13 92 56 2f 82 66 63 7b 31 4c a6 cc 1d bb 1d a7 9c 4d 7e 1d bf c9 16 45 36 b6 60 68 ea 02 2f a3 9f 75 7b 39 ba d8 39 bf c0 cd e7 b0 ad f7 45 b7 79 96 7f 96 b6 c1 5f 3e 9b 15 bc f5 a5 4f 3e f9 64 d5 aa 2f ad fa c7 1f 97 0e af 10 6c 97 9e bf 73 1e 46 48 ef 4a f0 8a f7 fb a6 6e 43 1f 29 35 c5 76 7f 2e 3d ff 9a 6c 0c 92 1f cb ab 43 e7 c0 b6 41 b6 f9 ff 2d 87 0e 6d 91 8c 12 70 56 8c cc be b0 67 89 70 5b b9 b0 dd f6 23 b0 d9 eb a3 8e ae a5 89 96 99 11 da aa 6e 2b 23 95 3c eb 1d 28 0a 7b bc 66 24 cd 6e 42 bb b8 8c 42 3f 53 6e d9 e3 1d 45 8b dd 06 35 e2 e0 8b 66 73 aa 37 35 1b 55 1b c9 ff 15 52 82 5a 9d fe 59 c4 c0 f1 d5 53 a9 61 d1 da ab ef ac 6d 64 4a 8f 51 63 63 10 Data Ascii: gH;&CtqhV/fc{1LM~E6`h/u{99Ey_>O>d/lsFHJnC)5v.=lCA-mpVgp[#n+#<({f$nBB?SnE5fs75URZYSamdJQcc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	49858	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/img/guild-4.cf504f86.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "2ba7372c1cc901630fceca0f23915ffc" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 53552 Accept-Ranges: bytes X-NWS-LOG-UUID: 17541822873375170247 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 f7 50 4c 54 45 29 2c 4a 97 a4 ca 1c 1e 35 2d 27 38 37 52 91 30 30 46 7f a2 dd 4c 67 ab ab d3 fa 45 5b 91 5f 73 b7 3a 47 73 7a 8e dd 14 1f 3d 76 85 ca 2f 3c 74 66 76 b7 2c 40 6a 91 aa e5 9e c9 ee 4f 68 a6 20 20 32 08 0d 20 32 2b 3b 22 1f 2e 07 09 18 19 19 29 22 23 37 37 2e 3e 1c 1c 2f 28 22 32 2d 26 36 1f 1a 29 02 03 0e 0d 15 31 0a 10 2a 0f 19 39 28 25 38 18 14 23 23 26 3d 3b 32 43 2c 29 3d 30 2d 43 14 19 32 0f 11 22 1a 1f 38 11 15 2a 18 24 46 12 1e 40 26 2a 44 11 0d 1a 2e 30 4b 41 36 48 23 34 60 1e 2e 58 2d 3b 63 24 2d 4d 18 27 50 43 3b 4e 2b 35 56 4b 6c b7 e0 d3 d5 d8 b9 c1 da cf d2 36 35 4e 8d e9 f8 64 8f e3 50 71 bf 4a 40 53 46 63 b1 e1 c9 cf 57 Data Ascii: PNGIHDRF?PLTE),J5-'87R00FLgE[_s:Gsz=v/<tfv,@jOh 2 2+;".)"#77.>/("2-&6)19(%8##&=;2C,)=0-C2"8$F@&*D.0KA6H#4`.X-;c$-M'PC;N+5VKl65NdPqJ@SFcW
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: f7 ba af eb be af fb ba 55 d2 65 7a f3 71 a1 0c 6e 41 60 82 45 33 c8 24 8f aa e2 9b 2e a5 61 82 f3 fe d0 60 f2 fe d0 94 13 68 53 c0 9d 8e 1b 67 a9 d8 ca 9b 0c cf b2 84 53 4d 05 2d b0 b0 fb f5 92 45 ec 9e 46 6d 48 ce 0e 79 50 34 59 9a ad fe ae 22 97 3a f4 95 77 c9 d2 56 6c d6 59 61 e7 db 2b db da 90 db f6 3d f2 91 db ae 3e 19 0c 6e 3b 09 2b 50 5b ed 1f 76 34 ef 60 af d4 46 b8 a1 37 1c e5 aa 8c 7d e4 6b c6 2d b2 0d 65 d7 af 5e e9 dc 5a 5c 4b cd cf 37 72 26 6a 76 5f b9 4a c9 de 93 cd 35 3d cd 54 4d 26 93 03 10 f3 16 c2 ad 1c b9 15 5f b9 da d3 c3 0a 6a b2 5c fb 92 34 62 49 e4 36 67 fa 9c 07 31 c6 28 2f 37 6f 70 c3 34 ee 4c 53 ed ff 3c 78 19 37 a5 72 f8 4b 96 c1 5c c1 1e 72 0b c7 b5 58 70 70 5d ff a0 34 e4 fc a4 09 ce 91 13 37 47 2a c8 f6 cc 78 ea 6f d8 7c f1 Data Ascii: UezqnA`E3$.a`hSgSM-EFmHyP4Y":wVlYa+=>n;+P[v4`F7}k-e^Z\K7r&jv_J5=TM&_j\4bI6g1(/7op4LS<x7rK\rXpp]47G*xo\|
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 8d e7 6f c1 c6 0d 1a 51 8b 41 8b 51 c3 0c 1c c8 74 f4 0b 33 6a fe f2 2f e8 62 4e d2 8b 4d 37 f6 46 a1 b6 51 a2 66 36 fc 0b 4b 91 5b 0d 31 09 d8 a6 4e 3d f9 38 d8 88 4a ac 49 f9 3c 06 b8 ed 84 db 4f 3a c9 b3 9e cf 7f fa d8 b1 ad 6e 7d 8b b0 11 4f 1a b7 cd ac 66 da eb 06 1b bc 66 4b 6c dc 0f 9e 8d dd 20 dd 36 bb 01 36 06 03 73 18 1c 6c 92 1b 0b 97 78 09 19 8f b0 91 c1 39 6c c8 4d 31 89 19 53 d6 5f 6a 19 b8 9a ac 77 d8 6a 2f 5e 3c 61 dc ba 2f f5 f7 75 1d 0e b0 d1 67 fe f0 c6 03 50 4b b7 ad 80 d6 8a fd 70 73 7a cb e6 a9 84 4a f9 93 4f 16 ad 15 26 0f c8 3c 65 a9 ad 6b b2 38 b7 07 62 3b 39 40 23 98 d4 ed 1b 77 76 eb 1d b1 c1 ed 93 ac 6d 90 bb d5 3c 36 07 cd 1e a0 45 d8 8c 17 06 38 b5 4b 16 b5 68 6d 73 29 00 31 49 4a 88 6d e2 c8 7b ce 2e 01 db 1e b0 4d dd 92 89 Data Ascii: oQAQt3j/bNM7FQf6K[1N=8JI<O:n}OffKl 66slx9lM1S_jwj/^<a/ugPKpszJO&<ek8b;9@#wvm<6E8Khms)1IJm{.M
2024-07-20 07:21:50 UTC	4400	IN	Data Raw: 72 c0 65 6b 97 4c bd 1b 52 99 08 30 c0 81 ad bf 94 5f 4a 97 cd 5c d1 7c fd 9d d7 db 79 73 f5 ca 77 4a af 2d 04 1b 1b de e2 e6 07 37 b0 85 7e 03 9a 74 f6 3b 21 34 3b 66 7e c2 23 be f5 94 92 11 3b 23 09 32 1e d3 e2 c5 1f 7e f8 20 77 3b f6 7c 46 db dc e3 03 0d e7 c7 5c cb 61 18 3f 1c 1b 66 23 40 6a c6 16 fc 9e 03 93 52 46 11 25 95 d7 7b 62 18 cd 5e 76 6f 74 54 22 67 91 e3 66 93 6c 54 b3 4f 3c 27 29 55 05 ba ae 09 04 c8 94 20 48 aa 73 98 ac 76 34 5f 01 63 5a c7 4b d8 08 8f 58 4d ec 24 b8 45 d8 4c 75 4d 75 93 2f ca 59 2b 9b f1 e2 ed 5f 19 9b 3e 6f 68 20 a1 94 e7 b2 a6 cf ab a9 a1 69 c3 4d 77 01 0e 68 4c d7 78 0b dc 6c 37 7d 13 35 7e ab 30 eb 83 cd 2a e1 90 4b 32 49 67 c0 5b e1 56 bf f0 6e dd cd a1 62 af 0a d1 4b 5a 29 53 b1 20 b8 85 2b 25 60 33 bf 51 58 d9 f4 Data Ascii: rekLR0_J\\|yswJ-7~t;!4;f~#;#2~ w;\|F\a?f#@jRF%{b^votT"gflTO<')U Hsv4_cZKXM$ELuMu/Y+_>oh iMwhLxl7}5~0*K2Ig[VnbKZ)S +%`3QX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	49860	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/img/guild-5.fe6684a7.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "2c24916fcb318129cc24af2a9aca8d3d" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 62227 Accept-Ranges: bytes X-NWS-LOG-UUID: 15893019380972059161 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 0c 0f 10 65 70 77 0e 10 13 1d 23 25 ff ff ff ed f5 f9 28 2e 31 4d 56 5b 41 49 4d 32 39 3d 18 1c 1e 20 24 26 0e 12 14 0d 10 12 10 14 16 12 16 18 0b 0e 10 03 04 04 05 06 06 14 18 19 14 19 1c 09 0c 0d 17 1a 1c 13 18 1b 11 13 14 fe ff ff 28 2e 30 07 09 0a 1f 25 28 23 2a 2c 1a 21 24 26 2b 2d 17 1c 20 18 1e 22 21 27 29 1e 22 24 2a 2f 33 2b 31 35 18 1d 1e 15 1b 1f 1a 1f 20 27 2c 2f 1c 21 22 39 40 44 2d 34 38 32 39 3d 2f 36 3b 24 29 2a 1c 23 27 3b 43 46 36 3e 42 3c 45 49 0b 0d 0d 3f 47 4c 20 28 2c 21 25 24 34 3c 40 24 2c 30 14 16 16 50 5b 60 44 4d 52 42 4b 51 49 53 59 4b 55 5b 27 2f 33 47 51 57 30 37 38 4d 57 5d 41 49 4e 52 5d 63 45 4f 55 55 Data Ascii: PNGIHDRF?PLTEepw#%(.1MV[AIM29= $&(.0%(#,!$&+- "!')"$/3+15 ',/!"9@D-4829=/6;$)*#';CF6>B<EI?GL (,!%$4<@$,0P[`DMRBKQISYKU['/3GQW078MW]AINR]cEOUU
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: c4 c4 68 63 b4 d1 d1 b5 45 d0 da ad c9 5f d6 62 a3 4b 5a 7a 67 07 9d e8 6f d2 72 bc 38 5a 73 a5 6f b4 a3 67 66 49 38 c9 44 11 dc 32 d8 e0 23 41 ce 8c 56 6d 36 2e 5d 39 63 76 ee 7a 7f 47 b6 4b 84 ff 09 7f 2f 07 ff 88 e4 c1 96 3a 83 ad da d2 df c5 59 ed e6 a1 f2 f4 45 56 c2 b1 8d da 91 b8 8f 86 f0 56 e0 c3 a0 c5 e3 e5 70 93 b9 33 0f 47 ef 57 e7 4e 55 47 c4 1c 74 8e 70 f0 77 7e c9 c2 90 76 dc b0 e2 a6 f6 7f 50 95 54 1e 94 e9 46 39 49 00 67 fe 6c 5c 6a 53 df 5e 89 4c 52 9c 4f 81 e4 9f 8e db 85 8b c4 05 20 36 c0 06 5e fe ae 76 ae ae a0 e5 ec 2a 93 c9 1c 60 32 08 90 c1 71 3e 49 a0 6d f9 44 13 eb 8a 3b 8f 47 0c b5 75 86 d5 09 9d 4a 37 d8 32 34 d4 f2 59 64 a4 ff de 03 16 36 ea 04 5d 77 9e 3e 37 b7 a9 ab ba 39 35 c8 33 c0 b4 49 0a 62 73 a3 b3 b9 43 61 c2 49 ce 9f Data Ascii: hcE_bKZzgor8ZsogfI8D2#AVm6.]9cvzGK/:YEVVp3GWNUGtpw~vPTF9Igl\jS^LRO 6^v*`2q>ImD;GuJ724Yd6]w>7953IbsCaI
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 92 85 02 a9 40 0e 5b 99 57 2f 68 75 57 c7 1e 56 f6 71 2d dd 7a 7d de b3 f9 c0 b2 65 57 ef b8 9c 7d a0 fa 2e 4a cc b4 73 d6 ad eb be a4 a9 30 90 41 75 6a 38 2f 2b 89 f8 21 f9 25 eb 34 c6 3c 9b bf e4 f0 bd 79 34 6a 5b 81 b8 21 84 c0 b3 e1 d3 cc ad d5 c0 cc b8 19 36 47 4b d1 69 24 10 51 53 ce d6 a4 ad 32 e2 56 12 b8 7a 36 65 f0 d6 60 8c 28 56 d3 ec 21 fe d0 29 0e 8a 9c 4d a4 80 91 ad 09 8e f7 92 da 45 43 58 d0 74 b2 bd 31 cd dc c5 5c ef 8e a9 65 22 26 c1 c9 1d 1c 95 c6 1d 60 bf 70 ef 2c 53 25 aa 61 20 62 d7 94 5e 13 8f 91 b4 c1 cd f2 b6 c9 c5 8f ce 3f 4a e4 5f 19 b7 fb 1e 6b 66 11 89 8b 24 e1 b6 b0 b0 d5 a0 55 b8 c5 d5 71 ad 95 bb c3 88 2e c7 8e 52 e8 3f 21 63 68 ca c5 17 e8 17 ce ee 84 44 73 76 82 06 35 22 12 12 ee c7 6e 7f f6 d9 a3 47 01 87 c8 5c 62 2a db Data Ascii: @[W/huWVq-z}eW}.Js0Auj8/+!%4<y4j[!6GKi$QS2Vz6e`(V!)MECXt1\e"&`p,S%a b^?J_kf$Uq.R?!chDsv5"nG\b*
2024-07-20 07:21:50 UTC	13075	IN	Data Raw: ba 8a 80 29 38 f4 4c e1 ba 88 22 39 0e eb 11 1e 57 af e4 a9 6a 81 99 ce 70 93 86 ff d5 b9 88 bb 29 31 70 97 92 9b e6 36 68 af ac 3f d8 3c 71 20 19 11 b4 e4 40 b4 b3 5c 45 9a 35 82 87 46 71 d8 12 23 7d 93 83 93 fd 0b 7e da cf 19 b7 35 19 c8 3d ba a8 2a ce 01 4d e8 5f e9 29 2a bd a1 0f 18 4c 20 d9 3b 6b 46 52 9a 93 2e de d4 73 b9 e0 75 8f ce ec 34 36 3f 2b 6c de ca ca c6 f3 1e b2 db 9d 45 03 6f f5 fa 60 f3 73 b9 62 aa b0 c5 27 38 be 57 52 0e 0b 59 1b 7b be c8 71 0a 9b 3d 3d a1 23 9f 2f 32 7f b6 03 23 59 c8 f9 c2 16 ea 52 65 4d e4 dc 74 3d dd 22 13 6c 48 1e 47 d9 28 75 5a cb db a9 6f de 42 4f a8 4e db e2 a1 17 10 74 2f ba 1f 21 4b fe 9f 4c af 3f dd ef 19 b0 93 19 37 90 0b 3c c9 ba e0 06 36 d0 41 4e d0 44 4e a3 14 9c e2 1d 3b 27 ca 6c e3 94 5a 0c 20 b1 30 cd Data Ascii: )8L"9Wjp)1p6h?<q @\E5Fq#}~5=M_)L ;kFR.su46?+lEo`sb'8WRY{q==#/2#YReMt="lHG(uZoBONt/!KL?7<6ANDN;'lZ 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	49857	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/guild-7.12c86460.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "ca542fdc551d6a47773c942aba49e1ef" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 59873 Accept-Ranges: bytes X-NWS-LOG-UUID: 14705123119425738395 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 f7 50 4c 54 45 0d 15 2d 29 06 1d c8 cc df 1c 2a 48 8c 04 41 30 52 75 12 04 0d 8d b4 cb 2f 52 74 d5 da ea fb fb fb e9 f0 f5 be f3 fd 74 89 9b fc fd fe 0a 05 0e 14 0f 0c 0e 0b 08 1f 30 4f 33 0b 28 22 06 1c 2d 41 66 2b 3c 5d 27 36 53 1b 2a 4a 32 4d 75 17 25 44 20 28 3e 07 0b 18 36 49 6b 1c 22 37 2c 06 1d 16 02 10 0e 15 32 f4 f6 fa 11 1b 39 3a 53 7b 13 1f 3f 0a 0f 22 5b 54 5a 25 2e 45 30 53 81 52 4a 4d 22 33 5c 2b 43 71 16 1c 31 5e 5c 70 4a 44 47 3a 5a 89 63 5e 68 65 63 6f 53 4f 57 12 17 29 69 68 77 4b 63 8c 60 5a 60 0a 10 2b 5b 59 67 40 13 34 ef ed f2 1d 14 11 66 61 76 d0 c8 d5 cc c2 d0 38 43 5d 3c 61 97 ac a1 a8 20 3e 5f 33 3c 53 d8 c9 d9 c9 bd c9 6c Data Ascii: PNGIHDRF?PLTE-)HA0Ru/Rtt0O3("-Af+<]'6SJ2Mu%D (>6Ik"7,29:S{?"[TZ%.E0SRJM"3\+Cq1^\pJDG:Zc^hecoSOW)ihwKc`Z`+[Yg@4fav8C]<a >_3<Sl
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: c1 09 6e 8a cd 50 03 db fe de 1d 18 ff f0 ad c5 06 7a 62 a4 85 86 95 ba 07 aa 0d 8e c3 d5 2c d3 72 54 b0 fd 33 46 42 8a c2 60 2b 2f b7 d8 78 fb 55 72 09 9a 0a 8e cb c0 70 1b 89 8f a8 dd 06 a5 1f 52 0e c1 b6 ee 8e 0c d2 37 02 ba a0 7f 96 9f 20 80 c2 8a 4e 13 b4 7b b1 ed d1 c1 11 4e 97 9b a9 97 75 f5 f4 51 41 8d f5 ad e2 a3 cc 40 8e d6 05 e3 c3 c3 32 30 c3 e9 5f 58 bc f6 cd 46 3a b6 b6 96 de 4a df ce e7 c5 6a 6b f9 ad bc 07 5a 45 45 a7 c4 66 b5 1d ad da 5d ac 92 9c c4 bb a4 dc d0 2b 73 c9 64 32 16 cb a8 62 68 4e a0 3d 69 b0 29 35 93 45 92 df 1a bb c9 c7 2d 2f 87 1b 35 ba 9a ce 74 93 f0 b1 29 45 f7 d9 56 b7 65 47 1f 92 7d 81 58 c8 6c c2 62 c3 6e 1a 26 7f d3 30 69 b8 49 b7 32 af 2c 37 c5 46 4a 42 e8 dc db 13 b3 19 6a 48 b1 6d fa 0c 35 60 dc 77 ce 9b 92 47 12 Data Ascii: nPzb,rT3FB`+/xUrpR7 N{NuQA@20_XF:JjkZEEf]+sd2bhN=i)5E-/5t)EVeG}Xlbn&0iI2,7FJBjHm5`wG
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 4e 5f e7 25 0a 34 8d 1b 0b 52 35 99 ea da e2 7e 51 73 18 dc e4 e9 df 09 ef c8 03 6c 47 b0 d0 51 1c 13 47 d1 68 28 14 8a a1 d0 22 8a 46 17 e7 62 32 12 bc 3c 6d 79 41 06 84 ad de f9 08 03 5e c4 51 e6 0a d4 cf 6f 35 4e 6d 8d 91 be d5 d2 57 f1 f2 d5 3f 95 57 f9 07 7b fb 43 fd f3 ae b7 79 6b a7 06 b1 35 7f a1 8d 0a 7e 5f eb 85 2b 9f b9 39 d8 d9 dc ed 23 0f b6 d7 eb 83 b5 af 8d c7 bc cf 8f 9a fd cd cd b5 4a cd 2b 6b 47 f2 45 c3 fe 35 8d e0 30 1a 02 9d 06 8e c7 bf c7 06 35 84 17 51 d2 d2 4b d2 f9 54 cc 96 a3 1c 68 e1 16 89 60 6d 25 54 4e 28 53 5b ec 71 3c 5c 48 bb 4f 2f 89 9d 2f ff 52 c0 dd 81 1d dc 86 59 38 09 c0 05 73 13 53 93 c7 57 ff f2 9b 3f c0 ed c7 62 6d 6f d1 b0 89 9d c9 4e 8d ba 8b b1 4d 3d 16 41 8d 9f b4 8b cb 54 92 69 e2 f2 d2 d0 e2 d4 c4 cc 52 0f 6f Data Ascii: N_%4R5~QslGQGh("Fb2<myA^Qo5NmW?W{Cyk5~_+9#J+kGE505QKTh`m%TN(S[q<\HO//RY8sSW?bmoNM=ATiRo
2024-07-20 07:21:50 UTC	10721	IN	Data Raw: 38 c8 49 26 33 8d 62 28 c3 f6 e2 aa be c2 91 f4 02 3a 2c 36 61 af 69 37 1d 7e c8 1e 3f 72 e4 bb a1 33 54 43 fd 28 7d 4a b6 4a 34 01 22 8c ca c9 5a 85 f8 2a 9a 07 38 dd 68 0a 23 e0 18 d0 10 b9 5a 86 c8 d2 20 ef 04 db 0e b7 60 a1 b0 5a 3e 27 36 f2 8b 4b b4 00 e2 38 9b 64 ad 9d 90 bf da ad a9 73 b6 94 ba 81 2c b6 6b ae 92 cc 89 be b5 95 1a d4 8a 9d 8f ce 2f ae 2d fc 67 85 cb ad 97 b6 4a 87 d6 47 90 d7 51 b5 c7 5b 19 35 99 7d ca 25 d7 d9 86 fa ef 60 53 41 04 09 2e b3 83 d9 ab 0f 00 27 51 49 fc 11 24 5a 2d df f8 76 29 99 39 3a d7 68 e3 60 46 69 9b 09 f0 8e 26 6f 83 0f 73 ef e0 1b 75 e5 6c a2 61 bc 17 a7 a0 c0 2d 1f 4b fb 53 80 4a 27 b5 fe 74 c4 12 ca 36 fa 1b fd 29 53 96 9d bf 2b cc 66 9f 0c ab 95 83 59 8c a3 50 43 ac e4 fb df 85 6b 75 e3 65 46 ec bd 8a 3f 2c Data Ascii: 8I&3b(:,6ai7~?r3TC(}JJ4"Z*8h#Z `Z>'6K8ds,k/-gJGQ[5}%`SA.'QI$Z-v)9:h`Fi&osula-KSJ't6)S+fYPCkueF?,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	49859	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/guild-8.2357f6e0.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:50 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "517898a28fdc274a85b7d9cac871418c" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 78041 Accept-Ranges: bytes X-NWS-LOG-UUID: 12437454174929654800 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 fd 50 4c 54 45 52 60 6c df e9 f1 c6 cd d7 d2 e1 e9 89 94 a1 e5 ee f5 d8 e3 eb 62 75 83 ce de e6 db e7 ed d2 de e5 90 a5 b4 be c7 ce ea ee f5 b4 c5 cf f7 f8 fa f7 fd ff e3 ee f4 e1 eb f2 e3 ec f2 dd e7 ed e7 ef f5 cf de e6 de e9 f1 2a 33 37 d6 e3 eb 30 3f 46 da e4 eb d9 e5 ee e1 e9 ef 2e 3b 42 d6 e0 e7 d1 e0 e8 d3 e1 ea db e7 f0 d9 e2 e8 d3 de e5 2b 37 3d 3f 4e 58 35 41 45 cc db e3 36 45 4c 32 42 4a 5c 73 82 3d 4b 54 e9 f2 f8 33 3e 42 42 56 63 42 52 5c 47 55 5e 31 3a 3d cb d8 e0 3a 48 51 dd e4 ea 64 75 81 3c 52 5f 77 82 8d ce d4 da cf da e1 d3 dc e2 56 6f 7f 82 8c 95 2f 35 38 ee f4 f9 c8 d3 dc ce c1 bc 5e 76 88 53 73 88 4b 59 62 54 60 69 3b 45 46 a0 Data Ascii: PNGIHDRF?PLTER`lbu*370?F.;B+7=?NX5AE6EL2BJ\s=KT3>BBVcBR\GU^1:=:HQdu<R_wVo/58^vSsKYbT`i;EF
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: c1 90 50 69 a3 51 26 6b c1 74 88 b4 8d 46 8c f0 03 46 25 64 04 8d 12 fa aa 09 c4 70 b0 60 9c 3f 27 99 ec a6 cf 97 cb 0d 5a 35 b6 8d 17 8b be 6c 76 68 21 e5 23 3c 06 00 cc 27 0f a9 e3 4c 01 93 82 8f ef 1d 9b a1 c5 18 75 b4 ab 66 38 06 db a4 d9 a7 d4 52 ec 31 dd fa 91 a0 b6 00 5e 9d 4e 67 24 ee 89 f4 7a 47 47 47 bd 7c d8 3a 37 b7 dc 04 5e 03 1c da a2 02 5d 6b 6b 0b c0 9d 3b 37 dc 77 61 f8 5c 75 5d 03 ea f2 95 fe fe 57 be fd b2 b5 bf bf fa 89 87 cf 76 cd e8 e3 ce 36 ef e8 d4 d2 d2 d4 52 22 ea 30 9c 39 65 c7 8c 82 3c 68 e9 24 13 ce ac 7f ca fd aa f9 ed ed c3 f9 89 a5 9d c5 b5 fd c3 eb bf d1 a3 c8 5d e5 aa 56 47 7a f5 f8 56 26 03 c4 d8 5a 36 e4 76 54 4d 62 a7 d8 82 69 4f 3c 96 0a b6 e3 a2 32 da aa d8 f0 dc 8d c7 87 63 93 97 da 12 6e 45 dc 73 71 0c 4d be 2f 7e Data Ascii: PiQ&ktFF%dp`?'Z5lvh!#<'Luf8R1^Ng$zGGG\|:7^]kk;7wa\u]Wv6R"09e<h$]VGzV&Z6vTMbiO<2cnEsqM/~
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 1b c0 a5 e2 85 51 2e c6 db f8 54 28 93 48 22 89 71 c1 5e c1 ae 2a d7 50 55 36 7d 6d 7f a9 16 c2 d1 96 07 3c 52 c9 9c 27 39 fe 09 39 c1 51 86 28 ef 2c b8 e9 f5 e4 8f 22 ea 08 5f 7b 2d f8 b6 f3 a6 d5 9e 0b b7 cf 7b fa 39 fa 15 14 20 d3 3a ef ec 49 88 7c 7a e0 5b d4 f8 00 db 4c c1 fc fc 93 73 14 45 b6 6e 70 f0 bc 7d ef c9 9d e3 79 fc 9b d9 a9 0d 0e 1e 38 3d b2 b0 ab f8 bd f5 c4 c9 1d dc ce 88 85 1e 60 c3 e1 62 b8 04 cc de 5f c2 ee f3 bf 4e 1a 70 25 94 b7 a0 d2 c9 b9 26 b8 11 41 4b 22 62 4a 3c 26 29 32 13 25 51 4c 86 e5 47 c3 bc 44 af a6 9c 19 65 8a 50 b3 6a 06 31 ab 30 fb 57 e6 bb 67 67 ff 21 95 4c c0 d6 1e db 41 b0 ae 8a 44 f5 1b c9 02 e2 c8 4a 94 53 65 62 49 c8 a9 cf 28 ff fb 22 02 e7 bd 17 0c 6c 62 ca 3d f3 70 f5 c5 3f bf 2a c6 f1 77 7e 7d e0 c3 9d 9f f1 Data Ascii: Q.T(H"q^PU6}m<R'99Q(,"_{-{9 :I\|z[LsEnp}y8=`b_Np%&AK"bJ<&)2%QLGDePj10Wgg!LADJSebI("lb=p?w~}
2024-07-20 07:21:50 UTC	16384	IN	Data Raw: 12 1a ac 7b 9a 99 60 93 5e 37 38 70 22 e6 b5 57 23 1b 28 12 9f 36 ca 23 12 78 b0 82 fe 76 5e 78 ac 7f eb 62 ce d6 24 d2 ed 07 d9 e3 e8 1c 9e 3c 3e 30 3e 7e 66 60 e2 48 e4 47 91 cf 3f 17 5d b4 23 b1 28 51 af e7 0a cd 9e 32 06 52 56 8a 63 b8 23 4b e2 f6 fc 27 6e f9 f0 c9 cc f9 e7 6e b9 fd c5 db be 29 9f 9a ec 76 36 74 d9 0b b2 5b 4a 0b e5 f2 ca ad 5b 0c a1 ea b8 37 e2 c4 ba 92 06 c4 4c 04 fe d8 47 81 1a 02 6a 48 5d 7e 52 a5 41 9d 00 f9 0f 49 5d 5b bf 52 1d bf 09 dc 60 cc 62 3e 92 07 00 fd 0d 1b 15 64 c9 42 f2 86 96 c0 c5 73 80 e0 2e e6 a3 43 14 2f 32 a5 d2 b0 5b 5e 96 40 1b c9 03 34 36 a6 02 6e dc 28 2a d2 97 7e 71 9f b7 7b 09 f1 18 51 d4 13 d6 b5 73 bf 5c 70 67 7f 7f a5 81 20 79 7a 6c 24 bd 31 3b 1b d4 4e a7 42 fc 2a 40 93 60 33 f8 f9 f8 24 25 c0 6b 82 a2 Data Ascii: {`^78p"W#(6#xv^xb$<>0>~f`HG?]#(Q2RVc#K'nn)v6t[J[7LGjH]~RAI][R`b>dBs.C/2[^@46n(~q{Qs\pg yzl$1;NB@`3$%k
2024-07-20 07:21:50 UTC	12505	IN	Data Raw: 09 db 03 30 5e c9 c4 42 c0 13 d4 88 31 d6 00 0a 6f 0a 60 2a 41 8d 98 9f 82 5b 84 f7 71 92 1c 05 39 0c 53 cc 0d 90 a7 29 d1 4c 13 44 e6 a6 47 9e 7e fa 80 ac a8 fa 45 ce 48 43 51 8a b1 5e cb ec 20 3b 66 98 91 da 5f 57 4f 7d ee 81 a7 66 77 8d a6 fc f7 cd 8f fa 8d ec 51 1c e8 3c ec 90 db 09 fe 57 4e bf e8 ac 33 de 5a 5f 99 e8 4a ec 38 75 eb 0d 3b 33 e8 e8 18 b0 ea 29 d8 ec ee 70 d4 27 05 06 b7 cb e2 78 7e ff 9a cb 41 f7 40 d8 14 0f 87 bb 9b 86 e3 90 23 fa 3e 92 f1 b0 6f 52 6d 35 12 7f 70 53 f5 ee ef 9d 73 90 9f c3 79 98 c2 7b ba 87 d3 4d 99 6c 9e 78 3f da 92 6d 5a a0 9f 6a 31 fd 70 66 e0 8e 81 74 47 af 6f 96 b9 7e f5 c6 18 49 9b 35 60 b2 af 96 57 93 ab 83 83 ae 5c 11 16 d9 e2 98 c9 f4 84 b9 19 c9 0a 51 15 69 ce 79 54 c6 5e 57 8a 38 fa cb 2b a1 3e c5 72 a1 e8 Data Ascii: 0^B1o`*A[q9S)LDG~EHCQ^ ;f_WO}fwQ<WN3Z_J8u;3)p'x~A@#>oRm5pSsy{Mlx?mZj1pftGo~I5`W\QiyT^W8+>r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	49861	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	666	OUT	GET /im.qq.com_new/f2ff7664/img/guild-11.dabd0e54.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:51 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "b3f8bac78a4fbf8ca55ea0759b0d7add" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 64092 Accept-Ranges: bytes X-NWS-LOG-UUID: 11038715969358729540 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 2e 3b 29 34 2f 15 39 1a 07 54 53 3a 57 5d 41 6c 74 60 57 61 47 23 1f 07 59 56 3e e3 e3 ce 86 8e 7e 3a 48 3e 32 50 4a 42 50 36 3d 44 2a cf d3 be 32 34 1c 21 1a 05 22 1d 06 1e 1c 05 23 18 04 1f 18 05 20 1f 06 22 22 08 91 9e f5 8d 9f f5 8d 9b f4 92 a2 f6 26 20 07 25 26 0a 98 a4 f7 25 23 0e 95 a1 f6 21 2c 17 8d a2 f6 23 1f 0b 8a 9c f4 8a 98 f2 9a a8 f7 25 30 1c 9f ac f7 88 97 f6 25 25 15 28 2b 18 8f a6 f7 28 2a 10 21 28 10 1e 1c 0c 2b 24 0d 1f 2a 1d 9c ac f7 9f af f7 2c 3a 26 66 38 95 2b 33 21 1e 27 16 20 22 0f 2e 28 12 4e 58 44 4f 58 3b 24 3e 2e 68 73 5f 28 36 2a 59 6e 56 83 91 f4 2b 3c 32 63 6d 58 2f 38 2c 53 5d 3d 2e 2f 14 84 95 f2 94 Data Ascii: PNGIHDRF?PLTE.;)4/9TS:W]Alt`WaG#YV>~:H>2PJBP6=D24!"# ""& %&%#!,#%0%%(+(!(+$,:&f8+3!' ".(NXDOX;$>.hs_(6YnV+<2cmX/8,S]=./
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 41 6c 11 bf e8 05 85 61 f1 41 c8 d5 38 8d 93 2b 7e 26 6b 38 d3 4f 33 3a 7b 14 01 99 0e 94 05 f1 3d 01 09 40 34 65 88 f3 a6 0a 37 ac 94 c4 46 82 27 c1 48 66 7a 77 60 d3 12 be e7 aa d3 ed 59 25 6e b7 54 22 8e 77 c5 3c 9f 4b 8a 26 f1 ff 26 86 94 51 50 cb 98 12 38 b3 e8 4a 65 91 25 a1 1b b9 47 bf ea 68 f3 6c dd 77 a9 64 67 24 f1 6c ac 25 ff 12 6d e3 df 8b 82 ed e6 cb 0f 3c 0e b6 af e8 91 6b 81 c4 7f c5 0a e7 56 46 b7 9b db 10 7b a9 bd ba 9a 3a 89 d4 9c 4d a7 31 d8 ea 0e db 0a 4d 82 ca 34 3a 76 cf 7b cb 6b a2 ae 2d 44 4c 53 ba c8 03 9f e6 6e 9a f8 f1 ae 74 d1 2b d3 be 9f ae 56 13 0c 9c 2c 57 45 1d 9a 3e b0 95 ff 52 2d 76 5a 1d 35 84 5d fd 46 49 52 a2 13 9e 20 ff bf 28 c2 a1 a2 41 cd 26 79 7f 89 d9 de 5e 66 3e e1 29 b6 d3 b4 b0 68 c8 3c 2a fe df c3 5c 32 55 54 Data Ascii: AlaA8+~&k8O3:{=@4e7F'Hfzw`Y%nT"w<K&&QP8Je%Ghlwdg$l%m<kVF{:M1M4:v{k-DLSnt+V,WE>R-vZ5]FIR (A&y^f>)h<*\2UT
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 49 9c a9 2b df 64 15 56 52 8d 83 a2 f4 5a 32 6d b9 80 d4 22 61 c3 7e c2 c6 67 f7 21 fc 09 ec 63 38 18 90 20 0e 7b fb fb ac 69 43 c8 47 0f 04 e0 91 a6 03 04 1e a8 dd f7 08 b7 80 0c 7e 49 2c 67 cf 7b 88 a7 9c c9 28 1c ec 2f c4 b1 01 2e f2 6a 36 0b 46 a3 e1 f0 f8 38 08 d4 b7 35 bb 95 4f 0c b6 d3 29 6f bb fb f8 f0 f0 e9 07 8f 9e 1e dd 46 f3 f2 24 ba ec 52 ca 22 90 e9 56 08 22 a7 93 f2 a4 2d 1b 32 29 43 b9 7a b9 59 6d 02 5b b3 22 9d 24 9f 84 7a 95 16 b0 61 6a 0c 36 f5 c2 70 0b 8d 93 f1 58 99 af d5 6c 56 52 d4 5a 6a 8b b2 60 6d 34 99 b2 59 30 1b 20 bb 4a 81 b5 dd cc bc f9 f5 24 a5 8d d9 84 54 36 ef c6 dd 2c 75 2c 4f 8a 96 cc 66 f3 89 64 2a 9b f2 13 b9 8d 8f f6 1e b9 29 67 3d 9e de f0 d7 8a 9b 1b c9 f5 04 ec a3 55 5b 73 b3 59 f4 55 0d 00 b5 4d 7e e4 a5 6f 5f 79 Data Ascii: I+dVRZ2m"a~g!c8 {iCG~I,g{(/.j6F85O)oF$R"V"-2)CzYm["$zaj6pXlVRZj`m4Y0 J$T6,u,Ofd*)g=U[sYUM~o_y
2024-07-20 07:21:51 UTC	14940	IN	Data Raw: a4 31 55 43 22 58 16 a1 a5 19 aa be b8 d6 c8 5e 96 dc fc 4f 24 4d 05 3c 26 38 61 64 79 bf 7e b6 be 01 69 0c a0 44 15 af 7f 7b 7f ff 7c 77 9d b6 2b f5 d8 7e fa 14 5b 06 8d c2 3e ce 7f 5b 7f fb d0 9a b2 6e a7 a7 52 92 ac 15 cb 28 79 48 7d 4a e8 18 f5 84 b0 d4 88 bc 51 8d c8 4c 55 26 5f 7f 81 79 fb fa bf fe 75 1d d6 87 51 75 94 c4 29 fd 58 9a a2 63 b3 d4 d0 4d 19 d3 0d a5 a1 2c 9a 2a f4 51 fb fa 95 86 40 ba 59 8f 48 f7 2d e8 a0 97 e8 c2 9b be 33 5d b2 78 27 de a4 64 09 59 46 93 47 63 c4 a6 de 53 42 8d 3d e4 00 4b a8 2e 43 c6 6c 0c 55 62 f8 cc 1b 52 7f 21 1a e5 5a 0c 88 38 ae 39 28 0d 6e 69 42 15 5d 0f dc 97 d8 2e e2 01 49 4f 10 95 16 33 db 05 2f c9 95 34 31 22 c6 51 05 ea da 2c a6 30 52 68 69 58 71 25 cf 41 a1 84 66 b2 e9 0f 89 2b b9 73 8d 0c 0d f8 91 a3 01 Data Ascii: 1UC"X^O$M<&8ady~iD{\|w+~[>[nR(yH}JQLU&_yuQu)XcM,*Q@YH-3]x'dYFGcSB=K.ClUbR!Z89(niB].IO3/41"Q,0RhiXq%Af+s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	49862	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:50 UTC	392	OUT	GET /im.qq.com_new/f2ff7664/img/guild-logo-5.87d757fd.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:51 UTC	480	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "ccdbdfb8d84b291edb24946be9957719" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 9080 Accept-Ranges: bytes X-NWS-LOG-UUID: 2513812832399502553 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:50 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:51 UTC	9080	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 02 f4 50 4c 54 45 00 00 00 0c 12 16 c9 d7 e0 f1 fe ff fe 54 44 9f ae b7 b0 bc c3 ff 8b 5a dd cc c5 fe c0 7b db e8 ef d6 e3 eb ee fa ff c8 d7 df ce d9 e0 fe 83 53 0e 1a 20 f8 ff ff dc e7 f3 ef fb ff cd da e2 e7 f4 fc fe 6c 4b 20 2b 31 ff 80 53 db e7 f1 15 20 26 c4 d3 db c9 d9 e0 fe d4 85 fd 72 4d eb c0 7a d4 e1 e9 ff 6c 4a 31 3e 46 13 1c 24 d3 e0 e9 ee f9 ff ef fa ff d2 dd e6 10 1a 21 ff 7e 53 cb d7 df 19 25 2b f1 fc ff d7 e3 ec 19 23 2a 5f 6b 72 b4 bf cb f3 9f 62 d0 dd e4 ff 7f 53 eb f7 fe 13 1d 23 f2 fb fe ff d2 7e 98 a6 b1 0c 17 1d c0 cf d7 c2 cf d8 2d 38 40 ff b9 74 ff 6f 4b f1 fc ff 7c 8d 96 55 64 6d 11 1b 21 db e9 f0 ff 9b 62 ff 85 58 ff 5a 48 c2 Data Ascii: PNGIHDRyy$~{PLTETDZ{S lK +1S &rMzlJ1>F$!~S%+#_krbS#~-8@toK\|Udm!bXZH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	49864	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:51 UTC	389	OUT	GET /im.qq.com_new/f2ff7664/img/guild-5-1.cae9b87a.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:51 UTC	480	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "d99f5228d03d33bf82ea3829df19433f" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 24909 Accept-Ranges: bytes X-NWS-LOG-UUID: 883977490706150081 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:51 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 67 00 00 01 5a 08 06 00 00 00 5b be fa ff 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRgZ[pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
2024-07-20 07:21:51 UTC	8525	IN	Data Raw: a0 ff 19 39 79 d5 9c 1f 16 a5 27 34 8b f8 ad e5 d8 0a 91 64 24 ce 84 10 dd 06 4b 0f 85 f6 36 43 94 51 19 58 4d eb 86 8e 58 76 d9 65 5d 48 2e a4 db 3d 4b 4d 91 b4 5f cb e6 af 38 66 7b ec b1 87 6d b8 e1 86 2e bf 2d 94 4b 2f bd d4 09 b4 ae 6c 50 0b 2c 74 7f fe f9 e7 bb dc b7 6a a0 e7 1d fb 8d 40 9b 39 73 a6 09 d1 6c 48 9c 09 d1 c4 74 67 27 7e fa 5a 51 08 40 be 59 08 cb 2d b7 9c 2d be f8 e2 c1 a1 be 72 b0 0e a8 df 6e 54 c8 e7 a2 ca b3 d6 f9 51 f3 cd 37 9f 5b 6c 1c 27 2a f4 98 11 bd e7 9d 77 9e cb 8f 2b 14 39 21 e7 bd 5a 77 92 d0 33 6b 68 12 36 ae 06 9c bf 73 ce 39 c7 5d 23 72 d0 44 b3 21 71 26 44 93 12 2a cc e2 4e 2e 67 01 ec fb ee bb 2f 28 2f 8a 90 e6 c4 89 13 5d 85 66 dc d5 7c 54 08 86 e6 77 d1 ef 8c b0 2c 30 9e a1 63 14 f5 1c 4c 9a 34 c9 d6 5f 7f 7d 1b 32 Data Ascii: 9y'4d$K6CQXMXve]H.=KM_8f{m.-K/lP,tj@9slHtg'~ZQ@Y--rnTQ7[l'w+9!Zw3kh6s9]#rD!q&DN.g/(/]f\|Tw,0cL4_}2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	49863	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:51 UTC	671	OUT	GET /im.qq.com_new/f2ff7664/img/guild-logo-11.b87d994b.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:51 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "7941843909c59494f533b7d9a78e36f7" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 8572 Accept-Ranges: bytes X-NWS-LOG-UUID: 12340807875132192221 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:51 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:51 UTC	8572	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 02 f1 50 4c 54 45 00 00 00 ab b4 b5 61 6c 6f 77 81 86 96 a3 a5 88 93 97 60 6f 70 48 53 59 47 51 56 40 49 4f 4b 55 57 48 52 56 16 17 1b 4d 58 5d 44 4f 54 46 4f 55 92 9d a1 86 92 93 9b a5 a7 9e aa ab 47 51 56 85 91 91 90 9b 9e 93 9e a0 9e ab ab 93 9e a1 90 9b 9f 95 a2 a5 a2 b0 af 71 7a 78 48 52 58 87 95 96 99 a4 a6 85 91 90 79 84 80 93 9f a0 a2 b0 af 81 8f 8b 15 14 19 13 12 17 0d 0c 11 17 16 1c 19 18 1d a2 b0 af aa b6 b6 5a 65 67 4c 57 5d 53 5d 5f 9c a8 a8 aa b4 b6 11 0f 15 58 63 65 03 04 08 9f ac ac ab b7 b8 54 5f 62 46 51 53 02 01 05 0f 0e 13 5d 68 6a 4f 5a 5d 9a a4 a6 95 a1 a2 56 61 63 50 5b 60 92 9d 9f 69 74 76 49 54 56 98 a3 a4 a6 b4 b3 1b 1a 1f 91 Data Ascii: PNGIHDRyy*$~{PLTEalow`opHSYGQV@IOKUWHRVMX]DOTFOUGQVqzxHRXyZegLW]S]_XceT_bFQS]hjOZ]VacP[`itvITV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	49867	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:51 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/img/guild-6.1dc4108f.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:51 UTC	480	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "2ab8f5c5a6c57ce00974e904430044b7" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 47110 Accept-Ranges: bytes X-NWS-LOG-UUID: 265476965290701966 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:51 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 fa 50 4c 54 45 4d 3d 2e 5c 52 5e 34 2c 35 70 72 81 16 42 95 0f 3c 90 fe fe fe f1 ea 39 f2 e8 29 2e 50 9c ab 86 c8 24 4a 9a b0 8f cb e8 f7 ff 39 56 9e 40 5b a8 ef db 27 a5 7f c8 ce 91 72 55 3d 29 9d 78 c7 f2 ea 45 fe e2 5a 34 55 a7 cb 8b 68 b8 9b cd bf 8f 7a 5e 48 2f d3 9b 7e 56 64 e9 da b1 b6 19 48 9d dd ac 8a d9 b8 bf 70 4e f1 fe f1 81 fa f8 ee ca b5 d5 47 35 25 25 15 0d d9 a3 81 6c 53 34 bc 76 59 8b 69 be 4a 61 aa dd b4 98 b1 88 a2 8a 7a 5f b2 97 8d c3 82 5e 8c 87 73 d5 9a 74 51 43 3f d9 c1 cb f1 f1 fa e3 ca c3 7d 7f 91 ba 9f 97 26 4f a5 56 48 64 5e 55 6c 7e 67 ba 75 5a 41 78 65 4c 60 5b 57 95 70 c4 46 3c 35 7a 55 f4 96 6b 51 c0 a7 d2 af a7 84 bf Data Ascii: PNGIHDRF?PLTEM=.\R^4,5prB<9).P$J9V@['rU=)xEZ4Uhz^H/~VdHpNG5%%lS4vYiJaz_^stQC?}&OVHd^Ul~guZAxeL`[WpF<5zUkQ
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 1d bb f6 83 db aa 2b d7 6e 78 74 1f f4 e8 66 a8 9c 7a c5 75 a5 ab ab f3 8a 26 27 53 27 1f ad ba cd c4 3d 54 96 6a 37 93 1e dd b0 a4 ec 0e ab 1e cc 08 da 78 5a 18 1d 80 30 44 3f 77 c1 20 6c 04 0f be 65 8c 55 e2 bc 7c 82 94 8b 7a 07 20 4d aa a0 8e 44 3e f5 28 96 15 a8 91 b6 23 88 68 18 11 2e 2c d1 28 ce 43 0c 61 25 ae 6e 04 b6 c1 7f c1 56 21 02 e1 d4 bc 3b 31 1f ea 0f 48 f2 0f 02 5b 7d 7d 1a 7d 1f 33 e3 17 68 b4 db 79 de e5 ad a3 6d 98 62 dd 76 d2 dd 53 5e 0b 95 6f d4 77 98 3a a0 a6 8c b2 32 cb 5f fe bf b6 a7 d0 32 d6 ae 16 4f 57 7b cf f7 94 55 c2 6c 04 6d 11 36 44 49 5b 66 e6 3a da 05 60 43 6e 52 78 2b 63 e3 c5 3f e6 be 34 a4 ff 30 1b b8 35 de b4 83 62 e4 03 00 c6 d8 76 e0 15 63 93 a0 86 07 4a 6e 00 b8 0d 28 fb 8a 8a 4a 5a 01 ae b6 fc 8e 67 53 61 b6 95 6b Data Ascii: +nxtfzu&'S'=Tj7xZ0D?w leU\|z MD>(#h.,(Ca%nV!;1H[}}}3hymbvS^ow:2_2OW{Ulm6DI[f:`CnRx+c?405bvcJn(JZgSak
2024-07-20 07:21:51 UTC	14342	IN	Data Raw: b7 c9 09 67 48 8e c5 87 9c 82 3b ae a5 b1 0d b9 0b e6 26 dc 43 74 a3 8d 8e f6 71 ee c0 d3 68 8c 13 92 56 2f 82 66 63 7b 31 4c a6 cc 1d bb 1d a7 9c 4d 7e 1d bf c9 16 45 36 b6 60 68 ea 02 2f a3 9f 75 7b 39 ba d8 39 bf c0 cd e7 b0 ad f7 45 b7 79 96 7f 96 b6 c1 5f 3e 9b 15 bc f5 a5 4f 3e f9 64 d5 aa 2f ad fa c7 1f 97 0e af 10 6c 97 9e bf 73 1e 46 48 ef 4a f0 8a f7 fb a6 6e 43 1f 29 35 c5 76 7f 2e 3d ff 9a 6c 0c 92 1f cb ab 43 e7 c0 b6 41 b6 f9 ff 2d 87 0e 6d 91 8c 12 70 56 8c cc be b0 67 89 70 5b b9 b0 dd f6 23 b0 d9 eb a3 8e ae a5 89 96 99 11 da aa 6e 2b 23 95 3c eb 1d 28 0a 7b bc 66 24 cd 6e 42 bb b8 8c 42 3f 53 6e d9 e3 1d 45 8b dd 06 35 e2 e0 8b 66 73 aa 37 35 1b 55 1b c9 ff 15 52 82 5a 9d fe 59 c4 c0 f1 d5 53 a9 61 d1 da ab ef ac 6d 64 4a 8f 51 63 63 10 Data Ascii: gH;&CtqhV/fc{1LM~E6`h/u{99Ey_>O>d/lsFHJnC)5v.=lCA-mpVgp[#n+#<({f$nBB?SnE5fs75URZYSamdJQcc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	49866	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:51 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-1.b1b04c2f.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:51 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "8e76f959c9aeca3a6e98925f144534c7" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 20188 Accept-Ranges: bytes X-NWS-LOG-UUID: 8951818408648166360 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:51 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fd 50 4c 54 45 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa dc 08 6e d1 40 ff ff ff fd fe fd fb fd fc ef f5 f3 f3 f8 f5 f1 f7 f5 72 d3 3e f4 f8 f7 f1 f5 f3 f9 fb fa 82 da 40 7f d8 3f ef f4 f1 f5 fa f8 78 d5 3f f7 fa f9 7a d6 3d 76 d4 3d 7b d7 40 ec f5 f1 89 de 43 86 dc 40 92 e4 46 8c e0 43 8f Data Ascii: PNGIHDR #]^PLTEn@r>@?x?z=v={@C@FC
2024-07-20 07:21:51 UTC	3804	IN	Data Raw: e7 24 98 8f 6f 3d 6e a6 93 04 1a 73 9d c2 d9 ce b6 ce 26 96 52 6e 79 46 e9 24 e1 e8 83 97 8e 7f aa 99 12 b2 90 1b 90 20 0c 42 1e dc f1 58 cc 5a 00 a1 fd 6c a9 ff b9 8b 10 74 28 53 ec 71 b9 43 09 12 7d 62 74 7d d1 db df 8d f6 93 fd fe 11 8d a1 44 d4 85 0c 21 8e 4c bf 3c 3b 03 2c 69 78 1f b5 79 39 83 30 cb 08 fa f8 2b ee ee c9 2d e9 41 03 ca aa 8f 22 c2 16 3c d1 11 8c 67 de 4b e9 01 f3 a1 ee 55 d2 d4 50 5b a6 cb 19 fa 8a bd 8c a1 75 67 c8 e5 d8 62 60 35 c5 11 eb f4 8c 89 13 2f 62 65 94 cd 88 58 a2 87 20 84 4f 3d 79 67 6e f5 33 a6 af 0c fa c3 bb 90 20 e1 3f ed b0 79 c3 91 55 42 4f 20 48 b3 7b dd f5 35 06 5d 3e d0 a3 0d ad 5b 12 6e 69 b0 b7 84 67 66 58 34 c2 a5 6b 2e c5 91 b2 5e 25 95 d0 53 98 31 7f 5b cc 5e 3f 03 a4 f8 2c ed 1f d2 20 fd ac b8 e6 9a 73 d8 3c Data Ascii: $o=ns&RnyF$ BXZlt(SqC}bt}D!L<;,ixy90+-A"<gKUP[ugb`5/beX O=ygn3 ?yUBO H{5]>[nigfX4k.^%S1[^?, s<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	49868	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:51 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-2.3e3799e7.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:51 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "5bf2f25d9dd6ffa0abe78303a7376a3c" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 18401 Accept-Ranges: bytes X-NWS-LOG-UUID: 14231521306722785161 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:51 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fa 50 4c 54 45 00 00 00 fd fe ff fe f9 f1 ff ff ff ff ff fe f7 c7 62 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 25 18 0c e5 a4 4c ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f3 b1 4f ff ff ff ff ff ff ff ff ff ee a0 44 f9 c6 5d e9 aa 50 e8 97 41 f2 b1 50 ff ff ff ff ff ff f0 ae 4f de c6 b6 f2 b0 4d db 8b 3d b9 74 32 95 6a 46 ff ff ff d9 c3 d3 cd c7 b9 f2 ec e0 ca bd b2 d3 d3 d3 ff ff ff ff b1 ee ff ab ed ff b5 ef ff d9 51 ff da 57 ff dd 64 ff a0 ea ff db 5d ff a2 eb ff d8 4b ff df 6f ff de 6a 25 dd 5d ff b8 f0 ff a7 ec ff e0 75 4a 79 f0 ff Data Ascii: PNGIHDR #]^PLTEb%LOD]PAPOM=t2jFQWd]Koj%]uJy
2024-07-20 07:21:51 UTC	2017	IN	Data Raw: 4f 99 0f f2 61 99 59 46 b2 a3 98 9b 15 f2 f3 01 e8 d3 d1 63 e4 b3 12 42 60 74 e2 80 2a 4d c1 86 1a 2a 9e 8f a7 45 81 85 c2 1d f5 2f 1d 11 d6 5f 3d a0 d0 40 6c 40 0e 10 f4 d1 21 8a 24 5b 64 2e 33 9b 1e f8 a4 3a b9 7b dd ca b4 43 08 1d 33 e3 1e 95 60 54 34 21 9e 32 22 4d d6 a9 ba 6e ea 00 bd b6 8e 0a 5d 16 f2 a1 c8 87 88 be 90 8f d3 e0 93 e8 fb f1 ad 2b c3 43 44 47 8e 1a 40 5f 5c ac 65 fc 11 8f 9f 74 84 c8 28 2c b4 4a 18 04 10 70 a9 57 00 a7 40 84 34 0a 21 39 20 fa 32 f4 f9 44 47 05 cf b7 6f fa 21 b3 ab 65 74 ec bb 21 54 d0 59 5e bd fb f6 82 3c 62 d1 11 aa 32 51 a5 4d ea 79 d5 e3 69 31 1e f9 58 15 9f 71 f1 71 e9 03 fa 02 3a 2f d7 f3 83 21 56 aa 0d db 36 af 7f f9 ed db b7 ef 1f 97 cb e5 95 ab 77 af de 85 de 22 81 c0 43 4e d5 80 5a d5 ae 79 fb ba 1e 5f 8b 72 Data Ascii: OaYFcB`tME/_=@l@!$[d.3:{C3`T4!2"Mn]+CDG@_\et(,JpW@4!9 2DGo!et!TY^<b2QMyi1Xqq:/!V6w"CNZy_r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	49869	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:51 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/img/guild-7.12c86460.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:51 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "ca542fdc551d6a47773c942aba49e1ef" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 59873 Accept-Ranges: bytes X-NWS-LOG-UUID: 4565450185918136975 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:51 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:51 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 f7 50 4c 54 45 0d 15 2d 29 06 1d c8 cc df 1c 2a 48 8c 04 41 30 52 75 12 04 0d 8d b4 cb 2f 52 74 d5 da ea fb fb fb e9 f0 f5 be f3 fd 74 89 9b fc fd fe 0a 05 0e 14 0f 0c 0e 0b 08 1f 30 4f 33 0b 28 22 06 1c 2d 41 66 2b 3c 5d 27 36 53 1b 2a 4a 32 4d 75 17 25 44 20 28 3e 07 0b 18 36 49 6b 1c 22 37 2c 06 1d 16 02 10 0e 15 32 f4 f6 fa 11 1b 39 3a 53 7b 13 1f 3f 0a 0f 22 5b 54 5a 25 2e 45 30 53 81 52 4a 4d 22 33 5c 2b 43 71 16 1c 31 5e 5c 70 4a 44 47 3a 5a 89 63 5e 68 65 63 6f 53 4f 57 12 17 29 69 68 77 4b 63 8c 60 5a 60 0a 10 2b 5b 59 67 40 13 34 ef ed f2 1d 14 11 66 61 76 d0 c8 d5 cc c2 d0 38 43 5d 3c 61 97 ac a1 a8 20 3e 5f 33 3c 53 d8 c9 d9 c9 bd c9 6c Data Ascii: PNGIHDRF?PLTE-)HA0Ru/Rtt0O3("-Af+<]'6SJ2Mu%D (>6Ik"7,29:S{?"[TZ%.E0SRJM"3\+Cq1^\pJDG:Zc^hecoSOW)ihwKc`Z`+[Yg@4fav8C]<a >_3<Sl
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: c1 09 6e 8a cd 50 03 db fe de 1d 18 ff f0 ad c5 06 7a 62 a4 85 86 95 ba 07 aa 0d 8e c3 d5 2c d3 72 54 b0 fd 33 46 42 8a c2 60 2b 2f b7 d8 78 fb 55 72 09 9a 0a 8e cb c0 70 1b 89 8f a8 dd 06 a5 1f 52 0e c1 b6 ee 8e 0c d2 37 02 ba a0 7f 96 9f 20 80 c2 8a 4e 13 b4 7b b1 ed d1 c1 11 4e 97 9b a9 97 75 f5 f4 51 41 8d f5 ad e2 a3 cc 40 8e d6 05 e3 c3 c3 32 30 c3 e9 5f 58 bc f6 cd 46 3a b6 b6 96 de 4a df ce e7 c5 6a 6b f9 ad bc 07 5a 45 45 a7 c4 66 b5 1d ad da 5d ac 92 9c c4 bb a4 dc d0 2b 73 c9 64 32 16 cb a8 62 68 4e a0 3d 69 b0 29 35 93 45 92 df 1a bb c9 c7 2d 2f 87 1b 35 ba 9a ce 74 93 f0 b1 29 45 f7 d9 56 b7 65 47 1f 92 7d 81 58 c8 6c c2 62 c3 6e 1a 26 7f d3 30 69 b8 49 b7 32 af 2c 37 c5 46 4a 42 e8 dc db 13 b3 19 6a 48 b1 6d fa 0c 35 60 dc 77 ce 9b 92 47 12 Data Ascii: nPzb,rT3FB`+/xUrpR7 N{NuQA@20_XF:JjkZEEf]+sd2bhN=i)5E-/5t)EVeG}Xlbn&0iI2,7FJBjHm5`wG
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 4e 5f e7 25 0a 34 8d 1b 0b 52 35 99 ea da e2 7e 51 73 18 dc e4 e9 df 09 ef c8 03 6c 47 b0 d0 51 1c 13 47 d1 68 28 14 8a a1 d0 22 8a 46 17 e7 62 32 12 bc 3c 6d 79 41 06 84 ad de f9 08 03 5e c4 51 e6 0a d4 cf 6f 35 4e 6d 8d 91 be d5 d2 57 f1 f2 d5 3f 95 57 f9 07 7b fb 43 fd f3 ae b7 79 6b a7 06 b1 35 7f a1 8d 0a 7e 5f eb 85 2b 9f b9 39 d8 d9 dc ed 23 0f b6 d7 eb 83 b5 af 8d c7 bc cf 8f 9a fd cd cd b5 4a cd 2b 6b 47 f2 45 c3 fe 35 8d e0 30 1a 02 9d 06 8e c7 bf c7 06 35 84 17 51 d2 d2 4b d2 f9 54 cc 96 a3 1c 68 e1 16 89 60 6d 25 54 4e 28 53 5b ec 71 3c 5c 48 bb 4f 2f 89 9d 2f ff 52 c0 dd 81 1d dc 86 59 38 09 c0 05 73 13 53 93 c7 57 ff f2 9b 3f c0 ed c7 62 6d 6f d1 b0 89 9d c9 4e 8d ba 8b b1 4d 3d 16 41 8d 9f b4 8b cb 54 92 69 e2 f2 d2 d0 e2 d4 c4 cc 52 0f 6f Data Ascii: N_%4R5~QslGQGh("Fb2<myA^Qo5NmW?W{Cyk5~_+9#J+kGE505QKTh`m%TN(S[q<\HO//RY8sSW?bmoNM=ATiRo
2024-07-20 07:21:52 UTC	10721	IN	Data Raw: 38 c8 49 26 33 8d 62 28 c3 f6 e2 aa be c2 91 f4 02 3a 2c 36 61 af 69 37 1d 7e c8 1e 3f 72 e4 bb a1 33 54 43 fd 28 7d 4a b6 4a 34 01 22 8c ca c9 5a 85 f8 2a 9a 07 38 dd 68 0a 23 e0 18 d0 10 b9 5a 86 c8 d2 20 ef 04 db 0e b7 60 a1 b0 5a 3e 27 36 f2 8b 4b b4 00 e2 38 9b 64 ad 9d 90 bf da ad a9 73 b6 94 ba 81 2c b6 6b ae 92 cc 89 be b5 95 1a d4 8a 9d 8f ce 2f ae 2d fc 67 85 cb ad 97 b6 4a 87 d6 47 90 d7 51 b5 c7 5b 19 35 99 7d ca 25 d7 d9 86 fa ef 60 53 41 04 09 2e b3 83 d9 ab 0f 00 27 51 49 fc 11 24 5a 2d df f8 76 29 99 39 3a d7 68 e3 60 46 69 9b 09 f0 8e 26 6f 83 0f 73 ef e0 1b 75 e5 6c a2 61 bc 17 a7 a0 c0 2d 1f 4b fb 53 80 4a 27 b5 fe 74 c4 12 ca 36 fa 1b fd 29 53 96 9d bf 2b cc 66 9f 0c ab 95 83 59 8c a3 50 43 ac e4 fb df 85 6b 75 e3 65 46 ec bd 8a 3f 2c Data Ascii: 8I&3b(:,6ai7~?r3TC(}JJ4"Z*8h#Z `Z>'6K8ds,k/-gJGQ[5}%`SA.'QI$Z-v)9:h`Fi&osula-KSJ't6)S+fYPCkueF?,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	49871	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:51 UTC	387	OUT	GET /im.qq.com_new/f2ff7664/img/guild-8.2357f6e0.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "517898a28fdc274a85b7d9cac871418c" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 78041 Accept-Ranges: bytes X-NWS-LOG-UUID: 8405640205488991970 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:51 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 fd 50 4c 54 45 52 60 6c df e9 f1 c6 cd d7 d2 e1 e9 89 94 a1 e5 ee f5 d8 e3 eb 62 75 83 ce de e6 db e7 ed d2 de e5 90 a5 b4 be c7 ce ea ee f5 b4 c5 cf f7 f8 fa f7 fd ff e3 ee f4 e1 eb f2 e3 ec f2 dd e7 ed e7 ef f5 cf de e6 de e9 f1 2a 33 37 d6 e3 eb 30 3f 46 da e4 eb d9 e5 ee e1 e9 ef 2e 3b 42 d6 e0 e7 d1 e0 e8 d3 e1 ea db e7 f0 d9 e2 e8 d3 de e5 2b 37 3d 3f 4e 58 35 41 45 cc db e3 36 45 4c 32 42 4a 5c 73 82 3d 4b 54 e9 f2 f8 33 3e 42 42 56 63 42 52 5c 47 55 5e 31 3a 3d cb d8 e0 3a 48 51 dd e4 ea 64 75 81 3c 52 5f 77 82 8d ce d4 da cf da e1 d3 dc e2 56 6f 7f 82 8c 95 2f 35 38 ee f4 f9 c8 d3 dc ce c1 bc 5e 76 88 53 73 88 4b 59 62 54 60 69 3b 45 46 a0 Data Ascii: PNGIHDRF?PLTER`lbu*370?F.;B+7=?NX5AE6EL2BJ\s=KT3>BBVcBR\GU^1:=:HQdu<R_wVo/58^vSsKYbT`i;EF
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: c1 90 50 69 a3 51 26 6b c1 74 88 b4 8d 46 8c f0 03 46 25 64 04 8d 12 fa aa 09 c4 70 b0 60 9c 3f 27 99 ec a6 cf 97 cb 0d 5a 35 b6 8d 17 8b be 6c 76 68 21 e5 23 3c 06 00 cc 27 0f a9 e3 4c 01 93 82 8f ef 1d 9b a1 c5 18 75 b4 ab 66 38 06 db a4 d9 a7 d4 52 ec 31 dd fa 91 a0 b6 00 5e 9d 4e 67 24 ee 89 f4 7a 47 47 47 bd 7c d8 3a 37 b7 dc 04 5e 03 1c da a2 02 5d 6b 6b 0b c0 9d 3b 37 dc 77 61 f8 5c 75 5d 03 ea f2 95 fe fe 57 be fd b2 b5 bf bf fa 89 87 cf 76 cd e8 e3 ce 36 ef e8 d4 d2 d2 d4 52 22 ea 30 9c 39 65 c7 8c 82 3c 68 e9 24 13 ce ac 7f ca fd aa f9 ed ed c3 f9 89 a5 9d c5 b5 fd c3 eb bf d1 a3 c8 5d e5 aa 56 47 7a f5 f8 56 26 03 c4 d8 5a 36 e4 76 54 4d 62 a7 d8 82 69 4f 3c 96 0a b6 e3 a2 32 da aa d8 f0 dc 8d c7 87 63 93 97 da 12 6e 45 dc 73 71 0c 4d be 2f 7e Data Ascii: PiQ&ktFF%dp`?'Z5lvh!#<'Luf8R1^Ng$zGGG\|:7^]kk;7wa\u]Wv6R"09e<h$]VGzV&Z6vTMbiO<2cnEsqM/~
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 1b c0 a5 e2 85 51 2e c6 db f8 54 28 93 48 22 89 71 c1 5e c1 ae 2a d7 50 55 36 7d 6d 7f a9 16 c2 d1 96 07 3c 52 c9 9c 27 39 fe 09 39 c1 51 86 28 ef 2c b8 e9 f5 e4 8f 22 ea 08 5f 7b 2d f8 b6 f3 a6 d5 9e 0b b7 cf 7b fa 39 fa 15 14 20 d3 3a ef ec 49 88 7c 7a e0 5b d4 f8 00 db 4c c1 fc fc 93 73 14 45 b6 6e 70 f0 bc 7d ef c9 9d e3 79 fc 9b d9 a9 0d 0e 1e 38 3d b2 b0 ab f8 bd f5 c4 c9 1d dc ce 88 85 1e 60 c3 e1 62 b8 04 cc de 5f c2 ee f3 bf 4e 1a 70 25 94 b7 a0 d2 c9 b9 26 b8 11 41 4b 22 62 4a 3c 26 29 32 13 25 51 4c 86 e5 47 c3 bc 44 af a6 9c 19 65 8a 50 b3 6a 06 31 ab 30 fb 57 e6 bb 67 67 ff 21 95 4c c0 d6 1e db 41 b0 ae 8a 44 f5 1b c9 02 e2 c8 4a 94 53 65 62 49 c8 a9 cf 28 ff fb 22 02 e7 bd 17 0c 6c 62 ca 3d f3 70 f5 c5 3f bf 2a c6 f1 77 7e 7d e0 c3 9d 9f f1 Data Ascii: Q.T(H"q^PU6}m<R'99Q(,"_{-{9 :I\|z[LsEnp}y8=`b_Np%&AK"bJ<&)2%QLGDePj10Wgg!LADJSebI("lb=p?w~}
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 12 1a ac 7b 9a 99 60 93 5e 37 38 70 22 e6 b5 57 23 1b 28 12 9f 36 ca 23 12 78 b0 82 fe 76 5e 78 ac 7f eb 62 ce d6 24 d2 ed 07 d9 e3 e8 1c 9e 3c 3e 30 3e 7e 66 60 e2 48 e4 47 91 cf 3f 17 5d b4 23 b1 28 51 af e7 0a cd 9e 32 06 52 56 8a 63 b8 23 4b e2 f6 fc 27 6e f9 f0 c9 cc f9 e7 6e b9 fd c5 db be 29 9f 9a ec 76 36 74 d9 0b b2 5b 4a 0b e5 f2 ca ad 5b 0c a1 ea b8 37 e2 c4 ba 92 06 c4 4c 04 fe d8 47 81 1a 02 6a 48 5d 7e 52 a5 41 9d 00 f9 0f 49 5d 5b bf 52 1d bf 09 dc 60 cc 62 3e 92 07 00 fd 0d 1b 15 64 c9 42 f2 86 96 c0 c5 73 80 e0 2e e6 a3 43 14 2f 32 a5 d2 b0 5b 5e 96 40 1b c9 03 34 36 a6 02 6e dc 28 2a d2 97 7e 71 9f b7 7b 09 f1 18 51 d4 13 d6 b5 73 bf 5c 70 67 7f 7f a5 81 20 79 7a 6c 24 bd 31 3b 1b d4 4e a7 42 fc 2a 40 93 60 33 f8 f9 f8 24 25 c0 6b 82 a2 Data Ascii: {`^78p"W#(6#xv^xb$<>0>~f`HG?]#(Q2RVc#K'nn)v6t[J[7LGjH]~RAI][R`b>dBs.C/2[^@46n(~q{Qs\pg yzl$1;NB@`3$%k
2024-07-20 07:21:52 UTC	12505	IN	Data Raw: 09 db 03 30 5e c9 c4 42 c0 13 d4 88 31 d6 00 0a 6f 0a 60 2a 41 8d 98 9f 82 5b 84 f7 71 92 1c 05 39 0c 53 cc 0d 90 a7 29 d1 4c 13 44 e6 a6 47 9e 7e fa 80 ac a8 fa 45 ce 48 43 51 8a b1 5e cb ec 20 3b 66 98 91 da 5f 57 4f 7d ee 81 a7 66 77 8d a6 fc f7 cd 8f fa 8d ec 51 1c e8 3c ec 90 db 09 fe 57 4e bf e8 ac 33 de 5a 5f 99 e8 4a ec 38 75 eb 0d 3b 33 e8 e8 18 b0 ea 29 d8 ec ee 70 d4 27 05 06 b7 cb e2 78 7e ff 9a cb 41 f7 40 d8 14 0f 87 bb 9b 86 e3 90 23 fa 3e 92 f1 b0 6f 52 6d 35 12 7f 70 53 f5 ee ef 9d 73 90 9f c3 79 98 c2 7b ba 87 d3 4d 99 6c 9e 78 3f da 92 6d 5a a0 9f 6a 31 fd 70 66 e0 8e 81 74 47 af 6f 96 b9 7e f5 c6 18 49 9b 35 60 b2 af 96 57 93 ab 83 83 ae 5c 11 16 d9 e2 98 c9 f4 84 b9 19 c9 0a 51 15 69 ce 79 54 c6 5e 57 8a 38 fa cb 2b a1 3e c5 72 a1 e8 Data Ascii: 0^B1o`*A[q9S)LDG~EHCQ^ ;f_WO}fwQ<WN3Z_J8u;3)p'x~A@#>oRm5pSsy{Mlx?mZj1pftGo~I5`W\QiyT^W8+>r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	49870	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:51 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-3.2b846208.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "85632bdf7020df4019a08f5de56b7be4" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10792 Accept-Ranges: bytes X-NWS-LOG-UUID: 9624390836561206319 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:51 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	10792	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fd 50 4c 54 45 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: PNGIHDR #]^PLTE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.5	49872	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-4.8c005656.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "1b8b3cd8af61b7f074e1c8373a382ed3" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10030 Accept-Ranges: bytes X-NWS-LOG-UUID: 3177855875669187814 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	10030	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a2 00 00 00 a2 08 06 00 00 00 c2 f2 16 1b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	49873	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	388	OUT	GET /im.qq.com_new/f2ff7664/img/guild-11.dabd0e54.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "b3f8bac78a4fbf8ca55ea0759b0d7add" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 64092 Accept-Ranges: bytes X-NWS-LOG-UUID: 8235901346112900508 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 2e 3b 29 34 2f 15 39 1a 07 54 53 3a 57 5d 41 6c 74 60 57 61 47 23 1f 07 59 56 3e e3 e3 ce 86 8e 7e 3a 48 3e 32 50 4a 42 50 36 3d 44 2a cf d3 be 32 34 1c 21 1a 05 22 1d 06 1e 1c 05 23 18 04 1f 18 05 20 1f 06 22 22 08 91 9e f5 8d 9f f5 8d 9b f4 92 a2 f6 26 20 07 25 26 0a 98 a4 f7 25 23 0e 95 a1 f6 21 2c 17 8d a2 f6 23 1f 0b 8a 9c f4 8a 98 f2 9a a8 f7 25 30 1c 9f ac f7 88 97 f6 25 25 15 28 2b 18 8f a6 f7 28 2a 10 21 28 10 1e 1c 0c 2b 24 0d 1f 2a 1d 9c ac f7 9f af f7 2c 3a 26 66 38 95 2b 33 21 1e 27 16 20 22 0f 2e 28 12 4e 58 44 4f 58 3b 24 3e 2e 68 73 5f 28 36 2a 59 6e 56 83 91 f4 2b 3c 32 63 6d 58 2f 38 2c 53 5d 3d 2e 2f 14 84 95 f2 94 Data Ascii: PNGIHDRF?PLTE.;)4/9TS:W]Alt`WaG#YV>~:H>2PJBP6=D24!"# ""& %&%#!,#%0%%(+(!(+$,:&f8+3!' ".(NXDOX;$>.hs_(6YnV+<2cmX/8,S]=./
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 41 6c 11 bf e8 05 85 61 f1 41 c8 d5 38 8d 93 2b 7e 26 6b 38 d3 4f 33 3a 7b 14 01 99 0e 94 05 f1 3d 01 09 40 34 65 88 f3 a6 0a 37 ac 94 c4 46 82 27 c1 48 66 7a 77 60 d3 12 be e7 aa d3 ed 59 25 6e b7 54 22 8e 77 c5 3c 9f 4b 8a 26 f1 ff 26 86 94 51 50 cb 98 12 38 b3 e8 4a 65 91 25 a1 1b b9 47 bf ea 68 f3 6c dd 77 a9 64 67 24 f1 6c ac 25 ff 12 6d e3 df 8b 82 ed e6 cb 0f 3c 0e b6 af e8 91 6b 81 c4 7f c5 0a e7 56 46 b7 9b db 10 7b a9 bd ba 9a 3a 89 d4 9c 4d a7 31 d8 ea 0e db 0a 4d 82 ca 34 3a 76 cf 7b cb 6b a2 ae 2d 44 4c 53 ba c8 03 9f e6 6e 9a f8 f1 ae 74 d1 2b d3 be 9f ae 56 13 0c 9c 2c 57 45 1d 9a 3e b0 95 ff 52 2d 76 5a 1d 35 84 5d fd 46 49 52 a2 13 9e 20 ff bf 28 c2 a1 a2 41 cd 26 79 7f 89 d9 de 5e 66 3e e1 29 b6 d3 b4 b0 68 c8 3c 2a fe df c3 5c 32 55 54 Data Ascii: AlaA8+~&k8O3:{=@4e7F'Hfzw`Y%nT"w<K&&QP8Je%Ghlwdg$l%m<kVF{:M1M4:v{k-DLSnt+V,WE>R-vZ5]FIR (A&y^f>)h<*\2UT
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 49 9c a9 2b df 64 15 56 52 8d 83 a2 f4 5a 32 6d b9 80 d4 22 61 c3 7e c2 c6 67 f7 21 fc 09 ec 63 38 18 90 20 0e 7b fb fb ac 69 43 c8 47 0f 04 e0 91 a6 03 04 1e a8 dd f7 08 b7 80 0c 7e 49 2c 67 cf 7b 88 a7 9c c9 28 1c ec 2f c4 b1 01 2e f2 6a 36 0b 46 a3 e1 f0 f8 38 08 d4 b7 35 bb 95 4f 0c b6 d3 29 6f bb fb f8 f0 f0 e9 07 8f 9e 1e dd 46 f3 f2 24 ba ec 52 ca 22 90 e9 56 08 22 a7 93 f2 a4 2d 1b 32 29 43 b9 7a b9 59 6d 02 5b b3 22 9d 24 9f 84 7a 95 16 b0 61 6a 0c 36 f5 c2 70 0b 8d 93 f1 58 99 af d5 6c 56 52 d4 5a 6a 8b b2 60 6d 34 99 b2 59 30 1b 20 bb 4a 81 b5 dd cc bc f9 f5 24 a5 8d d9 84 54 36 ef c6 dd 2c 75 2c 4f 8a 96 cc 66 f3 89 64 2a 9b f2 13 b9 8d 8f f6 1e b9 29 67 3d 9e de f0 d7 8a 9b 1b c9 f5 04 ec a3 55 5b 73 b3 59 f4 55 0d 00 b5 4d 7e e4 a5 6f 5f 79 Data Ascii: I+dVRZ2m"a~g!c8 {iCG~I,g{(/.j6F85O)oF$R"V"-2)CzYm["$zaj6pXlVRZj`m4Y0 J$T6,u,Ofd*)g=U[sYUM~o_y
2024-07-20 07:21:52 UTC	14940	IN	Data Raw: a4 31 55 43 22 58 16 a1 a5 19 aa be b8 d6 c8 5e 96 dc fc 4f 24 4d 05 3c 26 38 61 64 79 bf 7e b6 be 01 69 0c a0 44 15 af 7f 7b 7f ff 7c 77 9d b6 2b f5 d8 7e fa 14 5b 06 8d c2 3e ce 7f 5b 7f fb d0 9a b2 6e a7 a7 52 92 ac 15 cb 28 79 48 7d 4a e8 18 f5 84 b0 d4 88 bc 51 8d c8 4c 55 26 5f 7f 81 79 fb fa bf fe 75 1d d6 87 51 75 94 c4 29 fd 58 9a a2 63 b3 d4 d0 4d 19 d3 0d a5 a1 2c 9a 2a f4 51 fb fa 95 86 40 ba 59 8f 48 f7 2d e8 a0 97 e8 c2 9b be 33 5d b2 78 27 de a4 64 09 59 46 93 47 63 c4 a6 de 53 42 8d 3d e4 00 4b a8 2e 43 c6 6c 0c 55 62 f8 cc 1b 52 7f 21 1a e5 5a 0c 88 38 ae 39 28 0d 6e 69 42 15 5d 0f dc 97 d8 2e e2 01 49 4f 10 95 16 33 db 05 2f c9 95 34 31 22 c6 51 05 ea da 2c a6 30 52 68 69 58 71 25 cf 41 a1 84 66 b2 e9 0f 89 2b b9 73 8d 0c 0d f8 91 a3 01 Data Ascii: 1UC"X^O$M<&8ady~iD{\|w+~[>[nR(yH}JQLU&_yuQu)XcM,*Q@YH-3]x'dYFGcSB=K.ClUbR!Z89(niB].IO3/41"Q,0RhiXq%Af+s

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.5	49875	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-5.8836fb89.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "405efa58aadc182793ee0efec2d849c7" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 15596 Accept-Ranges: bytes X-NWS-LOG-UUID: 10852798323794163147 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	15596	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 71 00 00 00 6f 08 06 00 00 00 db a2 2f 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRqo/;pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.5	49876	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	393	OUT	GET /im.qq.com_new/f2ff7664/img/guild-logo-11.b87d994b.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "7941843909c59494f533b7d9a78e36f7" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 8572 Accept-Ranges: bytes X-NWS-LOG-UUID: 11190580548030837756 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	8572	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 02 f1 50 4c 54 45 00 00 00 ab b4 b5 61 6c 6f 77 81 86 96 a3 a5 88 93 97 60 6f 70 48 53 59 47 51 56 40 49 4f 4b 55 57 48 52 56 16 17 1b 4d 58 5d 44 4f 54 46 4f 55 92 9d a1 86 92 93 9b a5 a7 9e aa ab 47 51 56 85 91 91 90 9b 9e 93 9e a0 9e ab ab 93 9e a1 90 9b 9f 95 a2 a5 a2 b0 af 71 7a 78 48 52 58 87 95 96 99 a4 a6 85 91 90 79 84 80 93 9f a0 a2 b0 af 81 8f 8b 15 14 19 13 12 17 0d 0c 11 17 16 1c 19 18 1d a2 b0 af aa b6 b6 5a 65 67 4c 57 5d 53 5d 5f 9c a8 a8 aa b4 b6 11 0f 15 58 63 65 03 04 08 9f ac ac ab b7 b8 54 5f 62 46 51 53 02 01 05 0f 0e 13 5d 68 6a 4f 5a 5d 9a a4 a6 95 a1 a2 56 61 63 50 5b 60 92 9d 9f 69 74 76 49 54 56 98 a3 a4 a6 b4 b3 1b 1a 1f 91 Data Ascii: PNGIHDRyy*$~{PLTEalow`opHSYGQV@IOKUWHRVMX]DOTFOUGQVqzxHRXyZegLW]S]_XceT_bFQS]hjOZ]VacP[`itvITV

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.5	49874	23.1.237.91	443

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	2148	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-Agent-DeviceId: 01000A410900D492 X-BM-CBT: 1696428841 X-BM-DateFormat: dd/MM/yyyy X-BM-DeviceDimensions: 784x984 X-BM-DeviceDimensionsLogical: 784x984 X-BM-DeviceScale: 100 X-BM-DTZ: 120 X-BM-Market: CH X-BM-Theme: 000000;0078d7 X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E X-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22 X-Device-isOptin: false X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A} X-Device-OSSKU: 48 X-Device-Touch: false X-DeviceID: 01000A410900D492 X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticsh X-MSEdge-ExternalExpType: JointCoord X-PositionerType: Desktop X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-UserAgeClass: Unknown Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 2484 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1721460049897&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF
2024-07-20 07:21:52 UTC	1	OUT	Data Raw: 3c Data Ascii: <
2024-07-20 07:21:52 UTC	2483	OUT	Data Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 33 36 34 34 46 44 37 34 44 46 31 36 36 31 38 46 30 38 46 37 45 43 30 33 44 45 35 35 36 30 30 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 32 32 38 31 35 36 37 30 33 41 34 30 44 35 42 39 37 45 35 41 36 38 33 36 46 32 41 31 43 45 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49 Data Ascii: ClientInstRequest><CID>3644FD74DF16618F08F7EC03DE556001</CID><Events><E><T>Event.ClientInst</T><IG>75228156703A40D5B97E5A6836F2A1CE</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-07-20 07:21:52 UTC	480	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: A34821B309724D05A5D472B2CB02C4A7 Ref B: LAX311000113035 Ref C: 2024-07-20T07:21:52Z Date: Sat, 20 Jul 2024 07:21:52 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.57ed0117.1721460112.34988d3b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	49878	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	390	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-1.b1b04c2f.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "8e76f959c9aeca3a6e98925f144534c7" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 20188 Accept-Ranges: bytes X-NWS-LOG-UUID: 2408250806379581842 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fd 50 4c 54 45 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa dc 08 6e d1 40 ff ff ff fd fe fd fb fd fc ef f5 f3 f3 f8 f5 f1 f7 f5 72 d3 3e f4 f8 f7 f1 f5 f3 f9 fb fa 82 da 40 7f d8 3f ef f4 f1 f5 fa f8 78 d5 3f f7 fa f9 7a d6 3d 76 d4 3d 7b d7 40 ec f5 f1 89 de 43 86 dc 40 92 e4 46 8c e0 43 8f Data Ascii: PNGIHDR #]^PLTEn@r>@?x?z=v={@C@FC
2024-07-20 07:21:52 UTC	3804	IN	Data Raw: e7 24 98 8f 6f 3d 6e a6 93 04 1a 73 9d c2 d9 ce b6 ce 26 96 52 6e 79 46 e9 24 e1 e8 83 97 8e 7f aa 99 12 b2 90 1b 90 20 0c 42 1e dc f1 58 cc 5a 00 a1 fd 6c a9 ff b9 8b 10 74 28 53 ec 71 b9 43 09 12 7d 62 74 7d d1 db df 8d f6 93 fd fe 11 8d a1 44 d4 85 0c 21 8e 4c bf 3c 3b 03 2c 69 78 1f b5 79 39 83 30 cb 08 fa f8 2b ee ee c9 2d e9 41 03 ca aa 8f 22 c2 16 3c d1 11 8c 67 de 4b e9 01 f3 a1 ee 55 d2 d4 50 5b a6 cb 19 fa 8a bd 8c a1 75 67 c8 e5 d8 62 60 35 c5 11 eb f4 8c 89 13 2f 62 65 94 cd 88 58 a2 87 20 84 4f 3d 79 67 6e f5 33 a6 af 0c fa c3 bb 90 20 e1 3f ed b0 79 c3 91 55 42 4f 20 48 b3 7b dd f5 35 06 5d 3e d0 a3 0d ad 5b 12 6e 69 b0 b7 84 67 66 58 34 c2 a5 6b 2e c5 91 b2 5e 25 95 d0 53 98 31 7f 5b cc 5e 3f 03 a4 f8 2c ed 1f d2 20 fd ac b8 e6 9a 73 d8 3c Data Ascii: $o=ns&RnyF$ BXZlt(SqC}bt}D!L<;,ixy90+-A"<gKUP[ugb`5/beX O=ygn3 ?yUBO H{5]>[nigfX4k.^%S1[^?, s<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.5	49877	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-6.1922815c.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "b8b3ac9b2ed87863b567118cc18bbd15" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 19176 Accept-Ranges: bytes X-NWS-LOG-UUID: 9625559107332448613 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 98 08 06 00 00 00 18 c2 20 21 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDR !pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
2024-07-20 07:21:52 UTC	2792	IN	Data Raw: ce 7c 3d 26 66 1a 3a 2b 97 75 f4 49 82 65 5c f8 de 45 c3 c1 31 21 ea db bb 01 15 30 55 ef 20 f4 5f f4 a9 f2 be 03 58 c6 1f 08 91 d0 87 3e 01 07 9e d9 4e 03 2b 7e 02 b1 77 7e 10 db 01 44 bb 1e 84 b1 8d 37 06 b3 b3 0b 4e 5f d4 e7 34 4b 88 9e cc eb 0b 1f 82 82 be 8b 59 22 98 3b 4a e5 86 c2 8a 39 f8 c8 20 d7 54 ef 85 0e f0 50 53 28 e5 fd e5 4b c4 5c f2 e6 73 df 5f 86 0e f5 be b4 bc 7f de 99 b8 60 e2 07 be 33 77 1f f2 3b 82 74 2c 0c 56 06 46 75 39 36 62 04 d7 8e 60 82 de ff 7e 16 eb c1 73 34 13 a8 00 ea fa 81 0c 2e 90 e5 e5 dc 5b 27 f7 ed 80 de 76 1d f5 56 49 db 7c 60 59 b6 3d 1b 0a d4 b7 7b 97 20 6c bb 1d e0 47 5e 57 94 b7 fd d4 43 d8 e2 c8 41 02 d3 d4 c0 b3 b1 6f df 13 70 a8 94 c2 5e fd 4b a8 bf bd 1b e9 89 af e0 53 41 a3 b5 db 4c e5 f1 b7 97 e6 f5 57 30 18 Data Ascii: \|=&f:+uIe\E1!0U _X>N+~w~D7N_4KY";J9 TPS(K\s_`3w;t,VFu96b`~s4.['vVI\|`Y={ lG^WCAop^KSALW0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.5	49879	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-7.c9b84e44.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "0ce957ff769d91bf85ea8fa3bd1588ba" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10613 Accept-Ranges: bytes X-NWS-LOG-UUID: 14144095618065332030 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	10613	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 91 00 00 00 91 08 06 00 00 00 c3 d8 5a 23 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRZ#pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.5	49880	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	390	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-2.3e3799e7.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:52 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "5bf2f25d9dd6ffa0abe78303a7376a3c" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 18401 Accept-Ranges: bytes X-NWS-LOG-UUID: 6028536122889849090 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:52 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fa 50 4c 54 45 00 00 00 fd fe ff fe f9 f1 ff ff ff ff ff fe f7 c7 62 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 25 18 0c e5 a4 4c ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f3 b1 4f ff ff ff ff ff ff ff ff ff ee a0 44 f9 c6 5d e9 aa 50 e8 97 41 f2 b1 50 ff ff ff ff ff ff f0 ae 4f de c6 b6 f2 b0 4d db 8b 3d b9 74 32 95 6a 46 ff ff ff d9 c3 d3 cd c7 b9 f2 ec e0 ca bd b2 d3 d3 d3 ff ff ff ff b1 ee ff ab ed ff b5 ef ff d9 51 ff da 57 ff dd 64 ff a0 ea ff db 5d ff a2 eb ff d8 4b ff df 6f ff de 6a 25 dd 5d ff b8 f0 ff a7 ec ff e0 75 4a 79 f0 ff Data Ascii: PNGIHDR #]^PLTEb%LOD]PAPOM=t2jFQWd]Koj%]uJy
2024-07-20 07:21:52 UTC	2017	IN	Data Raw: 4f 99 0f f2 61 99 59 46 b2 a3 98 9b 15 f2 f3 01 e8 d3 d1 63 e4 b3 12 42 60 74 e2 80 2a 4d c1 86 1a 2a 9e 8f a7 45 81 85 c2 1d f5 2f 1d 11 d6 5f 3d a0 d0 40 6c 40 0e 10 f4 d1 21 8a 24 5b 64 2e 33 9b 1e f8 a4 3a b9 7b dd ca b4 43 08 1d 33 e3 1e 95 60 54 34 21 9e 32 22 4d d6 a9 ba 6e ea 00 bd b6 8e 0a 5d 16 f2 a1 c8 87 88 be 90 8f d3 e0 93 e8 fb f1 ad 2b c3 43 44 47 8e 1a 40 5f 5c ac 65 fc 11 8f 9f 74 84 c8 28 2c b4 4a 18 04 10 70 a9 57 00 a7 40 84 34 0a 21 39 20 fa 32 f4 f9 44 47 05 cf b7 6f fa 21 b3 ab 65 74 ec bb 21 54 d0 59 5e bd fb f6 82 3c 62 d1 11 aa 32 51 a5 4d ea 79 d5 e3 69 31 1e f9 58 15 9f 71 f1 71 e9 03 fa 02 3a 2f d7 f3 83 21 56 aa 0d db 36 af 7f f9 ed db b7 ef 1f 97 cb e5 95 ab 77 af de 85 de 22 81 c0 43 4e d5 80 5a d5 ae 79 fb ba 1e 5f 8b 72 Data Ascii: OaYFcB`tME/_=@l@!$[d.3:{C3`T4!2"Mn]+CDG@_\et(,JpW@4!9 2DGo!et!TY^<b2QMyi1Xqq:/!V6w"CNZy_r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	49881	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-8.492bed09.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:53 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "f69698e47d99d8cebc84d7cd529904f1" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 9918 Accept-Ranges: bytes X-NWS-LOG-UUID: 13858262103045588035 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:52 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:53 UTC	9918	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c9 00 00 00 c8 08 06 00 00 00 42 9a c5 a0 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRBpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.5	49882	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	390	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-3.2b846208.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:53 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "85632bdf7020df4019a08f5de56b7be4" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10792 Accept-Ranges: bytes X-NWS-LOG-UUID: 15875046531174609516 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:53 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:53 UTC	10792	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fd 50 4c 54 45 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: PNGIHDR #]^PLTE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	49884	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:52 UTC	668	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-9.32e87ba4.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:53 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "479db0f10762671239daed3178e75a46" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 14148 Accept-Ranges: bytes X-NWS-LOG-UUID: 13768014462329679684 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:53 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:53 UTC	14148	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 92 00 00 00 92 08 06 00 00 00 ae 7b 93 8e 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDR{pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.5	49883	129.226.107.134	443	3752	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:53 UTC	1284	OUT	GET /ptqrlogin?u1=http%3A%2F%2Fid.qq.com%2Findex.html%23info&ptqrtoken=1663988625&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1721460111386&js_ver=24071714&js_type=1&login_sig=G70b-bqRk0-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm&pt_uistyle=40&aid=1006102&daid=1&&o1vId=&pt_js_version=v1.55.0 HTTP/1.1 Accept: /* Referer: https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=1006102&daid=1&style=23&hide_border=1&proxy_url=http%3A%2F%2Fid.qq.com%2Flogin%2Fproxy.html&s_url=http://id.qq.com/index.html%23info Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: ssl.ptlogin2.qq.com Connection: Keep-Alive Cookie: pt_login_sig=G70b-bqRk0*-WH5jpnkdHl2tlrYBDbLAq7ZTF2aFrQOEDUIOKMR23gm3axw0mCEm; pt_clientip=e1c0082e7b21c752; pt_serverip=a8f07f000001702f; pt_local_token=794037794; uikey=2bc06ed0cbcfb0915ab52242c57a1323c09d28b3b413811cdaf5a35525244e11; pt_guid_sig=bf6ee68d221da4b628559f7eb9230775a97274fee8d44cd1753b29fd76142b10; qrsig=2b20ee3383d03a136341af4c5b4c379d58e67eb0f8967f9779b26ac9960b920f65c34218d18d658f8aa6d6d2114a2cc1be53e4f30e582d52; _qpsvr_localtk=0.0852621786682694
2024-07-20 07:21:53 UTC	297	IN	HTTP/1.1 200 OK Date: Sat, 20 Jul 2024 07:21:53 GMT Content-Type: application/javascript Content-Length: 51 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: -1 Pragma: no-cache Server: Tencent Login Server/2.0.0 Strict-Transport-Security: max-age=31536000
2024-07-20 07:21:53 UTC	51	IN	Data Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29 Data Ascii: ptuiCB('66','0','','0','', '')

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.5	49885	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:53 UTC	390	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-4.8c005656.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:53 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "1b8b3cd8af61b7f074e1c8373a382ed3" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10030 Accept-Ranges: bytes X-NWS-LOG-UUID: 18230189087313305716 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:53 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:53 UTC	10030	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a2 00 00 00 a2 08 06 00 00 00 c2 f2 16 1b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.5	49886	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:53 UTC	669	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-10.fdbd43f2.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:53 UTC	481	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "70e6ca8e5d7d983aed25c7a3aa5fe556" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10650 Accept-Ranges: bytes X-NWS-LOG-UUID: 5564925023711449569 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:53 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:53 UTC	10650	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6d 00 00 00 6d 08 06 00 00 00 ab f8 ef 56 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRmmVpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.5	49887	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:53 UTC	390	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-5.8836fb89.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:53 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "405efa58aadc182793ee0efec2d849c7" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 15596 Accept-Ranges: bytes X-NWS-LOG-UUID: 12372176393599851665 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:53 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:53 UTC	15596	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 71 00 00 00 6f 08 06 00 00 00 db a2 2f 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRqo/;pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.5	49889	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:53 UTC	390	OUT	GET /im.qq.com_new/f2ff7664/img/ornament-7.c9b84e44.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:53 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:08 GMT Etag: "0ce957ff769d91bf85ea8fa3bd1588ba" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 10613 Accept-Ranges: bytes X-NWS-LOG-UUID: 12267326781361286716 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:53 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:53 UTC	10613	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 91 00 00 00 91 08 06 00 00 00 c3 d8 5a 23 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e Data Ascii: PNGIHDRZ#pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m\|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.5	49888	43.152.137.29	443	368	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-20 07:21:53 UTC	665	OUT	GET /im.qq.com_new/f2ff7664/img/role-me.8d49096f.png HTTP/1.1 Host: qq-web.cdn-go.cn Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://qq-web.cdn-go.cn/im.qq.com_new/f2ff7664/css/pc.b703e4a7.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-20 07:21:53 UTC	482	IN	HTTP/1.1 200 OK Last-Modified: Wed, 10 Jul 2024 07:24:09 GMT Etag: "dc7eae4cb33cfd503a7392eaa24337ca" Content-Type: image/png Access-Control-Allow-Origin: * Content-Length: 40507 Accept-Ranges: bytes X-NWS-LOG-UUID: 13053002035487701542 Connection: close Server: Lego Server Date: Sat, 20 Jul 2024 07:21:53 GMT X-Cache-Lookup: Cache Hit X-ServerIp: 43.152.137.29 Client-Ip: 8.46.123.33 Vary: Origin Cache-Control: max-age=2592000 Is-Immutable-In-The-Future: true
2024-07-20 07:21:53 UTC	16384	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 cd c4 bc 52 55 49 2c 2a 9f 5a 5d 6c d6 cb c9 ad ae d8 fe f0 9c 22 44 c4 4e 53 68 39 3a ad e2 d8 dd 8f 99 de 70 78 c9 7d 82 c4 62 69 bb 7e 89 d5 6a 75 d2 34 38 a3 40 45 dd ec e0 e1 42 65 c8 ae c4 f9 4b 4d be ec dd d9 e8 db de 56 65 de e5 d3 7e fe e2 39 b2 ac da ef e2 e1 8c 87 6c 6c 77 dd 3a 3f 52 f6 ed ea 51 49 79 ed e1 e1 ef e3 e0 7a 76 5c 41 49 be 8b 85 6c af ab e2 ce c2 a1 9d a0 e0 a1 99 80 4e 52 49 f8 ea 9a e9 b8 60 fe f4 9e 71 7b ec fc ef 9e c5 ba a1 c3 b9 9f 9d 96 80 ce ba dc fe e4 44 f4 da 42 b7 a2 cc fc df 3d e2 db da e7 e0 dd de d3 d1 e6 dd db dc d1 cf ea e3 e0 e0 d6 d4 e3 d9 d6 ab 9f 80 a8 9c 7b a4 98 77 96 8c 6b ae Data Ascii: PNGIHDRxxiCPLTERUI,*Z]l"DNSh9:px}bi~ju48@EBeKMVe~9llw:?RQIyzv\AIlNRI`q{DB={wk
2024-07-20 07:21:54 UTC	16384	IN	Data Raw: ee df d0 6c c2 03 ab 3a 7e 8d 94 71 3b 1f 8d b4 4d 9d 36 73 b6 d5 c0 c1 62 77 04 d5 99 d0 b1 0b d5 04 c6 7b 78 31 99 0d bf ba fb c1 1b 9d 7a 9a 42 41 e2 84 2f a7 87 fb fd 5e 59 31 0d 43 f6 21 e1 0f 4c 71 e1 56 9c 81 0c af 7a 69 aa fe a2 a4 71 64 32 d6 5a 07 1e ee fc 17 a2 05 fc c1 7c f2 de bd 67 d1 f9 94 f3 56 a3 f1 cb fd 0b ea 8c a5 63 40 65 7e 28 d2 0e 74 5b 9d 03 f0 41 86 e7 10 8d e5 c2 59 6d d3 17 b6 1f 3b d7 68 82 dd b2 d2 14 e5 0b f9 4e 0c 47 56 3b 93 d4 75 12 3c aa 4d df e6 ee e3 05 5d 8f 9d 29 d0 b9 15 ee 80 c7 da 66 af 2a 1b 86 41 09 7f 20 15 18 32 c0 75 31 70 48 2a 95 52 d5 c9 e8 6c 6e 63 6b 11 2d 3d 97 90 55 68 e4 05 fc 82 05 74 e1 ca f0 db 08 1e cb 3b da f3 f7 9e 25 c2 a8 2a 08 dd 82 7e b3 8e 68 58 33 da 66 cd 9e 3d db ce 75 7e cd e8 b4 b5 72 Data Ascii: l:~q;M6sbw{x1zBA/^Y1C!LqVziqd2Z\|gVc@e~(t[AYm;hNGV;u<M])fA 2u1pHRlnck-=Uht;%*~hX3f=u~r
2024-07-20 07:21:54 UTC	7739	IN	Data Raw: cd d9 9c 26 f9 b7 a8 d6 a0 ca 33 78 d0 ab b5 66 02 f3 c5 73 fb 2e b0 8c 9f 44 c6 a3 a7 c9 25 30 9b a5 15 1a 33 e4 19 fc db 5f e9 53 2b d6 10 45 7d 1a 41 63 28 cc d8 d8 1a bb 03 b2 49 07 57 49 c8 7a 6a 24 d9 95 35 9e 8a 06 f9 16 0f 82 d7 0a bb b9 d8 70 6e db 8c 0d bf 13 41 11 77 51 89 a7 59 3c 4e 8d 8d 9e 41 9f 1e f0 7c eb a7 06 8f c9 60 6b 0c f0 ce 4e 87 c3 e9 c1 a5 ae a5 a9 05 7d cd d1 e3 3f 65 96 ae 2c 67 47 97 7e ca fd 8e eb 2b 4b f9 a5 71 06 3f 46 f0 14 2f ab f2 fd 0c 7e ec 9d 7d 1b 99 8c 52 e3 31 51 93 07 a3 58 e1 c9 dd 82 a2 b1 68 96 7c d1 78 21 14 0a 34 04 3c 04 6f 63 29 6f b3 75 35 24 5c 26 b0 4a 24 8a 50 dd 8d 94 f0 74 a7 bd 8e 77 34 22 3c c2 c2 7f 90 be c0 f0 75 3b 52 7e 27 dd 6c 26 26 3c 87 27 6c b4 33 11 1f 72 89 b3 f3 ae c6 c5 e1 bd f5 21 06 Data Ascii: &3xfs.D%03_S+E}Ac(IWIzj$5pnAwQY<NA\|`kN}?e,gG~+Kq?F/~}R1QXh\|x!4<oc)ou5$\&J$Ptw4"<u;R~'l&&<'l3r!

Target ID:	0
Start time:	03:21:00
Start date:	20/07/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.6250.26408.exe"
Imagebase:	0x400000
File size:	690'176 bytes
MD5 hash:	3402ACE96C294551F3D207B10740A36A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	03:21:22
Start date:	20/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://txz.qq.com/p?k=dAOj1EuktVZG9Ub9ESmlCwSSjoM56wZ3&f=1006102
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	03:21:22
Start date:	20/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2044,i,11612594567742170903,17690001802971080553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	03:21:58
Start date:	20/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4676 --field-trial-handle=2044,i,11612594567742170903,17690001802971080553,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	2.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	20.9%
Total number of Nodes:	541
Total number of Limit Nodes:	25

Executed Functions

Function 00441000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370
commemorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 00441029
OleInitialize.OLE32(00000000), ref: 00441065
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00441083
SetCurrentDirectoryA.KERNEL32(008752E8,?), ref: 004410DD
LoadCursorA.USER32(00000000,00007F00), ref: 00441138
GetStockObject.GDI32(00000005), ref: 00441159
GetCurrentThreadId.KERNEL32 ref: 00441181

Strings

`Jm, xrefs: 00441238
_EL_HideOwner, xrefs: 00441163

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Current$CursorDirectoryFileHeapInitializeLoadModuleNameObjectProcessStockThread
String ID: _EL_HideOwner$`Jm
API String ID: 3783217854-2473886124
Opcode ID: da5751fca274b61143fd79b7ec0dc7b1c0011533542a63e2c4bf1e9fb26bfd53
Instruction ID: 5219da6810f35201c8e505be1a0ea9b6a9df0c58bc72c243746745c413febcdc
Opcode Fuzzy Hash: da5751fca274b61143fd79b7ec0dc7b1c0011533542a63e2c4bf1e9fb26bfd53
Instruction Fuzzy Hash: A5E10F70A012059BDB14DF95CC91FEE77B6FF44304F14016EE905AB292DB786E85CBA8

Function 0041E520 Relevance: 12.9, APIs: 8, Instructions: 859COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 401155bb5648338f912781207b7d939fe0789fd0cb038637373a2ca265f2bfda
Instruction ID: 7c8bf1112957917cad5fdb6f39ace2b9bb8956550d5750ab00ea78bdb755d829
Opcode Fuzzy Hash: 401155bb5648338f912781207b7d939fe0789fd0cb038637373a2ca265f2bfda
Instruction Fuzzy Hash: D962D7756043419BD724DF25C880BAB77E5AF88314F14453EF98A97381DB38EC8AC79A

Function 006C4B24 Relevance: 3.0, APIs: 2, Instructions: 27nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.NTDLL(?,?,?,?,?,?,004109B0,00000085,00000001,00000000), ref: 006C4B4B
CallWindowProcA.USER32(?,?,?,?,?), ref: 006C4B60

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$CallNtdllProcProc_
String ID:
API String ID: 1646280189-0
Opcode ID: 55a1116c1296755578d621a207070a55c02d9d6dab158179b6fc97af8e68a30e
Instruction ID: a7bded104df0bc2a9e6736871587c3d69fd6fb0fee03d75b87aab459fc1e5842
Opcode Fuzzy Hash: 55a1116c1296755578d621a207070a55c02d9d6dab158179b6fc97af8e68a30e
Instruction Fuzzy Hash: 43F0AC36500209EFCF219F95EC04EEA7BBAFF19350B048419FA55D6220DB32DD20EB50

Function 00422E90 Relevance: 19.7, APIs: 13, Instructions: 187
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetParent.USER32(?), ref: 00422EDA

Part of subcall function 006C6CEC: IsWindowEnabled.USER32(?), ref: 006C6CF6

IsWindow.USER32(?), ref: 00422F7B
GetParent.USER32(?), ref: 00422F96
IsWindowVisible.USER32(?), ref: 00422FAA
SetActiveWindow.USER32(?), ref: 00422FCB
IsWindow.USER32(?), ref: 00422FE8
KiUserCallbackDispatcher.NTDLL(?), ref: 00422FF6
IsWindow.USER32(?), ref: 00422FFD
IsWindow.USER32(?), ref: 00423058
IsWindow.USER32(?), ref: 004230B2
GetFocus.USER32 ref: 004230C6
IsWindow.USER32(00000000), ref: 004230D3
IsChild.USER32(?,00000000), ref: 004230E2

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Parent$ActiveCallbackChildDispatcherEnabledFocusUserVisible
String ID:
API String ID: 416498738-0
Opcode ID: c8f7dd9a504f2098a5bbcaef679d826f3130f874a944e24721597f2fa1ca9221
Instruction ID: 6df54fee52d5fe5c76a555dd57a15330da2e569b0bed04610037be9198c30f44
Opcode Fuzzy Hash: c8f7dd9a504f2098a5bbcaef679d826f3130f874a944e24721597f2fa1ca9221
Instruction Fuzzy Hash: 2051A071A00325ABC7249F61E940A6BBBF9FB44341F54862FF94593210CF79E884CBA9

Function 006C618F Relevance: 19.7, APIs: 13, Instructions: 174
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006C6B2E: GetWindowLongA.USER32(?,000000F0), ref: 006C6B3A

GetParent.USER32(?), ref: 006C61BA
SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 006C61DD
GetWindowRect.USER32(?,?), ref: 006C61F6
GetWindowLongA.USER32(00000000,000000F0), ref: 006C6209
CopyRect.USER32(?,?), ref: 006C6256
CopyRect.USER32(?,?), ref: 006C6260
GetWindowRect.USER32(00000000,?), ref: 006C6269

Part of subcall function 006A9F6B: MonitorFromWindow.USER32(00000002,00000000), ref: 006A9F80

Part of subcall function 006A9FD6: GetMonitorInfoA.USER32(00000002,00000000), ref: 006A9FED

CopyRect.USER32(?,?), ref: 006C6285

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow$Copy$LongMonitor$FromInfoMessageParentSend
String ID:
API String ID: 1450647913-0
Opcode ID: 0969f940fe8ead213f8dfedf321593c360886d377a6819928220de380bc8cc1e
Instruction ID: cf963b917a45cfd3be45d9226ed14c8a93bc07c7f195b38b7cac236ddb4eeb1f
Opcode Fuzzy Hash: 0969f940fe8ead213f8dfedf321593c360886d377a6819928220de380bc8cc1e
Instruction Fuzzy Hash: 69514E72904219ABCB10DBA8DD89FFEBBBAEF44310F194119F901F3291DA34ED458B64

Function 006CC253 Relevance: 15.1, APIs: 10, Instructions: 99
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlEnterCriticalSection.NTDLL(0077C4A8), ref: 006CC262
GlobalAlloc.KERNEL32(00002002,00000000,?,?,0077C48C,0077C48C,006CC5EE,?,00000100,006CC041,006CB93B,006C819B,00000100,006C8134,?,?), ref: 006CC2B7
GlobalHandle.KERNEL32(008E3E58), ref: 006CC2C0
GlobalUnWire.KERNEL32(00000000), ref: 006CC2C9
GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 006CC2DB
GlobalHandle.KERNEL32(008E3E58), ref: 006CC2F2
GlobalFix.KERNEL32(00000000), ref: 006CC2F9
RtlLeaveCriticalSection.NTDLL(?), ref: 006CC2FF
GlobalFix.KERNEL32(?), ref: 006CC30E
RtlLeaveCriticalSection.NTDLL(?), ref: 006CC357

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$CriticalSection$AllocHandleLeave$EnterWire
String ID:
API String ID: 1877740037-0
Opcode ID: 8c194a0d406b6b09a85ab99ccb52885623a6a5242123ccc5112bba680b85b8c5
Instruction ID: a9d8434bf65b954bf1bb06e917a8f5258e92422ec24b4812d8c7a95b46eaf75b
Opcode Fuzzy Hash: 8c194a0d406b6b09a85ab99ccb52885623a6a5242123ccc5112bba680b85b8c5
Instruction Fuzzy Hash: A331A4716043059FD720DF68EC89E7AB7EAFB44311B004A2EF896D3661EB71ED448B10

Function 0041FC80 Relevance: 13.8, APIs: 9, Instructions: 289
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94a132098321f2c9593f5e38763a6f58e116d4b2c1e1fe00e38d8a87065cede4
Instruction ID: fb8805377e3b06eb86cb47c64666813f7d7f65e3516c61b73227d6ca32464da8
Opcode Fuzzy Hash: 94a132098321f2c9593f5e38763a6f58e116d4b2c1e1fe00e38d8a87065cede4
Instruction Fuzzy Hash: 96B1A0706047009FD724CF25D884B6BB7E6FB84744F50892EF596873A0D778E88ACB5A

Function 0041FB60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32(?,00000080,00000001,?), ref: 0041FC08
SendMessageA.USER32(?,00000080,00000000,?), ref: 0041FC1A
DestroyCursor.USER32(?), ref: 0041FC2D
DestroyCursor.USER32(?), ref: 0041FC3A

Strings

(nv, xrefs: 0041FBDE

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDestroyMessageSend
String ID: (nv
API String ID: 3501257726-2332515434
Opcode ID: 124c72fea535324a8ca0bad99ee003da1170351ab1d61a45922cd21bcc7f94a4
Instruction ID: f92c6c963c1e1d13de96b10f5550b2e005c6f124ec0c274adf4146a4936460dc
Opcode Fuzzy Hash: 124c72fea535324a8ca0bad99ee003da1170351ab1d61a45922cd21bcc7f94a4
Instruction Fuzzy Hash: 22313A71704701AFD720DF69D880BABB3ECEF84710F50882EF99597240D678F84A8B66

Function 00414670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStockObject.GDI32(00000005), ref: 00414750
LoadCursorA.USER32(00000000,00007F00), ref: 0041475E

Strings

_EL_Timer, xrefs: 00414767

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorLoadObjectStock
String ID: _EL_Timer
API String ID: 3794545487-970978732
Opcode ID: a191514504cb0d3fc474de00a3f6f28cc4db4a8dd81e444f9d9900a556e1f92e
Instruction ID: ff7b39d1cdb6d13e8de5b17c9bb1cd1502693e03411daeb8fb187c7cb0ef18cb
Opcode Fuzzy Hash: a191514504cb0d3fc474de00a3f6f28cc4db4a8dd81e444f9d9900a556e1f92e
Instruction Fuzzy Hash: 26319AB1654B10AFD314DB54CC01F6BB7E4EB89B04F108A1EFA4A873C0D779A800CB96

Function 006C47E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(?,?,~GA,?,?,?,?,?,?,?,?,?), ref: 006C4886

Strings

~GA, xrefs: 006C47F5
~GA, xrefs: 006C487D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID: ~GA$~GA
API String ID: 716092398-2569661138
Opcode ID: 3a84cf292b9ea25ea8f82e8ea26adb9fb538331c9ae3f432170ea8da1de21fa7
Instruction ID: 5438e87b5f15c6b2a1c5ec4667570979076e60e146f725ad04e902baddc2e111
Opcode Fuzzy Hash: 3a84cf292b9ea25ea8f82e8ea26adb9fb538331c9ae3f432170ea8da1de21fa7
Instruction Fuzzy Hash: 53318A79A00219AFCF41DFA8C844AEEBBF2BF4C310B15446AF919E7210D7359A519FA4

Function 006C475A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006CC5BA: TlsGetValue.KERNEL32(0077C48C,?,00000100,006CC041,006CB93B,006C819B,00000100,006C8134,?,?,00000100,?,?), ref: 006CC5F9

GetCurrentThreadId.KERNEL32 ref: 006C477C
SetWindowsHookExA.USER32(00000005,006C4564,00000000,00000000), ref: 006C478C

Strings

bHl, xrefs: 006C476D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentHookThreadValueWindows
String ID: bHl
API String ID: 933525246-3367382562
Opcode ID: 277b1769069b4f4dabcaf98ff9200548bf44feb22053436fcdef04f9cffd2515
Instruction ID: 81b74ce0708b34ce685297322f16083595746881690bbfe71a43f3fd725874fb
Opcode Fuzzy Hash: 277b1769069b4f4dabcaf98ff9200548bf44feb22053436fcdef04f9cffd2515
Instruction Fuzzy Hash: A1E06D71600700AFD330DB61A815F7B7BA6DB96B21F01552EF28A82280DB309841CB75

Function 0041BE10 Relevance: 4.6, APIs: 3, Instructions: 110
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0041BE39
IsWindow.USER32 ref: 0041BE67
PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0041BF36

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessagePeek$Window
String ID:
API String ID: 1210580970-0
Opcode ID: 1089d2c34605014add181f68ffa85106dd15ee11b0510d8520d02611f32c45e2
Instruction ID: b5d17e07637296acf1bdfd392608bf196b48d5b76889f11ccec02f339899ee71
Opcode Fuzzy Hash: 1089d2c34605014add181f68ffa85106dd15ee11b0510d8520d02611f32c45e2
Instruction Fuzzy Hash: C8315A70600306AFD724EF24DD84AEBB3A8FF40348F00052EEA1597240DB78ED99CAE5

Function 006C3ECB Relevance: 4.5, APIs: 3, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowLongA.USER32(?,0041FF22), ref: 006C3ED4
SetWindowLongA.USER32(?,0041FF22,?), ref: 006C3EF3
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,006C3F31,?,000000F0,00000000,00000000,00000000,006C6B7D,?), ref: 006C3F0D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Long
String ID:
API String ID: 847901565-0
Opcode ID: 2a57f9aa2629f1effa9300a734b4c03ae3787a1ecce529d007fb31f568b5aae4
Instruction ID: f84f7544d5411c3eb9ff2383ffeab3af8f5041781e6dd5c45cf7b75d73bb9c69
Opcode Fuzzy Hash: 2a57f9aa2629f1effa9300a734b4c03ae3787a1ecce529d007fb31f568b5aae4
Instruction Fuzzy Hash: 98F01C75510209BFDF189F50EC55EFE3BA6EB08351B00942AF916C5260DB71EDA1AAA0

Function 0040CAB0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,006F6240), ref: 0040CB87

Strings

@bo, xrefs: 0040CB69

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message
String ID: @bo
API String ID: 2030045667-85795134
Opcode ID: f99c1d805741b6255486b9a589cd9b175a50a37d5fc0c61c86744b0f79961547
Instruction ID: 011014468e8df64c4274531a744f332baaff7b762e7e940adfa6b4c223375e9d
Opcode Fuzzy Hash: f99c1d805741b6255486b9a589cd9b175a50a37d5fc0c61c86744b0f79961547
Instruction Fuzzy Hash: 31418CB56407009BDB24CB14D8C2A6B73F5EB94324F54492EE846A7390E27DFC85CB9A

Function 0040F4A0 Relevance: 3.1, APIs: 2, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a645bf866ba1bd46918ffb0ac4d5f366e2780f8cd77bf5ce41cfe08a27dc39f6
Instruction ID: 79d7a9396211dcd697046b29c829a99a50a8055b785f20f4addb60b7444e0cb4
Opcode Fuzzy Hash: a645bf866ba1bd46918ffb0ac4d5f366e2780f8cd77bf5ce41cfe08a27dc39f6
Instruction Fuzzy Hash: B4214CB27007019FD720CF69E884A53B7E8EBA0315B10C93FE165D7651E775E809CB58

Function 0041D3E0 Relevance: 3.1, APIs: 2, Instructions: 64
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32(?,00008002,00000000,00000000), ref: 0041D44E
GetParent.USER32(00000000), ref: 0041D46A

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageParentSend
String ID:
API String ID: 928151917-0
Opcode ID: 8e0f37e27a2e46eb0550ffd38edca408832ba5527a4410fb1b129101411d2479
Instruction ID: 68ba24bef45554d54f55f0bfbce74f8575ed0d6fd01ab837b70f0b0766861a1f
Opcode Fuzzy Hash: 8e0f37e27a2e46eb0550ffd38edca408832ba5527a4410fb1b129101411d2479
Instruction Fuzzy Hash: 081182B2B012155BD7209E65A884BABB398EF80750F04813BF904DB301DB38FC858AA9

Function 006C3F71 Relevance: 3.0, APIs: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006C6B2E: GetWindowLongA.USER32(?,000000F0), ref: 006C6B3A

GetWindowRect.USER32(?,006C4169), ref: 006C3F96
GetWindow.USER32(?,00000004), ref: 006C3FB3

Part of subcall function 006C6CEC: IsWindowEnabled.USER32(?), ref: 006C6CF6

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnabledLongRect
String ID:
API String ID: 3170195891-0
Opcode ID: e94ade25560276b0b20efd54570299ba1b634a1ad60326da077b5e05a4d8b505
Instruction ID: c9016434ffe7f38b59621ab158be94d47a858e6b3289084c2a7af4a387adf4c4
Opcode Fuzzy Hash: e94ade25560276b0b20efd54570299ba1b634a1ad60326da077b5e05a4d8b505
Instruction Fuzzy Hash: 72017C30A003249BDF22AF64C919FBE77BAEF00300F04881CF85597391DB31EE018694

Function 0041BF50 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0041BF67
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 0041BF8D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 3e53a09e9c4b5786be7477fde7777738ec1cc7a29aa303c365065597d00f3189
Instruction ID: 80733f5d476c03d19c02b33eb4e4061652faef1e1426983b11f13b92eda08320
Opcode Fuzzy Hash: 3e53a09e9c4b5786be7477fde7777738ec1cc7a29aa303c365065597d00f3189
Instruction Fuzzy Hash: 64F06531A443016BEB20E6A48C46FAA3698EF44B40F54445AF600DB1D1E7B4E4428AEA

Function 004262B0 Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

LoadImageA.USER32(?,?,00000001,00000020,00000020,00000000), ref: 004262CB
LoadImageA.USER32(?,?,00000001,00000010,00000010,00000000), ref: 004262DD

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ImageLoad
String ID:
API String ID: 306446377-0
Opcode ID: ae9901c457aeaca1626ceef3c31a4618facaa6a2e800c49f228d878b1c4bd15b
Instruction ID: 2ce86ba0b5d3ef4bd9497475c90a36e24c2392ef9f12c659c04e53a59dcda235
Opcode Fuzzy Hash: ae9901c457aeaca1626ceef3c31a4618facaa6a2e800c49f228d878b1c4bd15b
Instruction Fuzzy Hash: 46E0ED3234131177D620CE5A8C85F9BF7A9EB8EB10F100819B344AB1D1C6F1A4458665

Function 006B2D15 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?), ref: 006B2DFC

Part of subcall function 006B8CB4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 006B8CF1
Part of subcall function 006B8CB4: RtlEnterCriticalSection.NTDLL(00000001), ref: 006B8D0C

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: 306445690c15c6c28a40aa22079229fc6c981821cebaf57ba9ba98d0f875f0be
Instruction ID: 3d4096ac94ff6602973355f879e3521d25fbe42a0c6eee79a577aa857310aa10
Opcode Fuzzy Hash: 306445690c15c6c28a40aa22079229fc6c981821cebaf57ba9ba98d0f875f0be
Instruction Fuzzy Hash: 1821C7B2A40606ABDB50EF69DC42BDEB7F5EF00720F144119F410EB2C1D77499C28B94

Function 006C40C1 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C40C6

Part of subcall function 006CC5BA: TlsGetValue.KERNEL32(0077C48C,?,00000100,006CC041,006CB93B,006C819B,00000100,006C8134,?,?,00000100,?,?), ref: 006CC5F9

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologValue
String ID:
API String ID: 3700342317-0
Opcode ID: 12e9f9000b10204f3073f622e40d371f2f8e0942b20825331a2bb6eda71882c1
Instruction ID: 1a0f4c6dfcc5e62ae41028e6dd2dcb5b3a20179c217dd14dd566d9b2e959ea30
Opcode Fuzzy Hash: 12e9f9000b10204f3073f622e40d371f2f8e0942b20825331a2bb6eda71882c1
Instruction Fuzzy Hash: 22214872900219AFCF01DF54C581BFE7BBAEB59314F00406AF919AB641D770AA848BA0

Function 006C83DB Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C83E0

Part of subcall function 006C81EE: __EH_prolog.LIBCMT ref: 006C81F3

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: 8424042d82f68b76e1f2bfc00f6a39cbd994b3b4314611d8a681f8a3d3e024bd
Instruction ID: fe4ab89a4860912763e7b1b4b0aaa5d7c587125f4e14b4e74560ab9cabbda37f
Opcode Fuzzy Hash: 8424042d82f68b76e1f2bfc00f6a39cbd994b3b4314611d8a681f8a3d3e024bd
Instruction Fuzzy Hash: E011DF70A007119FC7389F68C892FBAB7F6FF50714B00852DE84697601EB30EA01CB54

Function 00414990 Relevance: 1.5, APIs: 1, Instructions: 24timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,000003E8,?,00000000), ref: 004149BD

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: eed14d209869893272459e4be0581bd7960e32fd2387fd121dea822ff4c475aa
Instruction ID: 2cdd70ecef6706137204c11f137da0b5a086cb29594f6c1d09c0499322ff8f23
Opcode Fuzzy Hash: eed14d209869893272459e4be0581bd7960e32fd2387fd121dea822ff4c475aa
Instruction Fuzzy Hash: 9CE04FF16117104BE770DA789C44FA763E8AB64321F008F2FF646C26C4CAB9E8818714

Function 006C81EE Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C81F3

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog
String ID:
API String ID: 3519838083-0
Opcode ID: c1156fb677881e8eedb8b480d062db724a28a5fd3d1ffe066ae8563a28e4cb90
Instruction ID: 57a6acad4a5cfa1ff38c3d1f99deee988bee0054b099aa91b1b8f72ae468c00c
Opcode Fuzzy Hash: c1156fb677881e8eedb8b480d062db724a28a5fd3d1ffe066ae8563a28e4cb90
Instruction Fuzzy Hash: 12E075B5D012199FCB40EFA895456BEBBB5EB49314B20846EE405E2601E7358B028BA1

Function 006C8195 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

LoadStringA.USER32(?,?,?,?), ref: 006C81AC

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LoadString
String ID:
API String ID: 2948472770-0
Opcode ID: 8f257b5326fd0c1df04dae80300cbcf7a8276280f8f25d753f7b0e3a810346e8
Instruction ID: 1eef6269ce755987976db772fc5c6fb4c0e78bedfa3b0e828182afc7e3d814d1
Opcode Fuzzy Hash: 8f257b5326fd0c1df04dae80300cbcf7a8276280f8f25d753f7b0e3a810346e8
Instruction Fuzzy Hash: 9AD0A7725093A29FC721DF509804E9FBBE5FF55360B084C0DF48043212C730C804C761

Function 006C6CC5 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,?,004111FE,?), ref: 006C6CD3

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: fbdf2f99399ebc31fcaf080f625bfce9e041f2685340459b7d4e14412f23054f
Instruction ID: bca96fa8f925ed5f01500fc9dd5be4f521beb3be2e0ce4bebdd48e0490c4c015
Opcode Fuzzy Hash: fbdf2f99399ebc31fcaf080f625bfce9e041f2685340459b7d4e14412f23054f
Instruction Fuzzy Hash: 9ED09230604200EFCB058FA0DA49E2ABBB2FF95705B20996DF0868A121D732DC12EB45

Function 006C6D07 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?), ref: 006C6D15

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 4f852de3839f854bb849e7a3a8114644dd663342ceff9f60715f115e8b4eecec
Instruction ID: dc389e61208c25bf7492a5ce3d484ddd14c05a18c9713454db0908a5ae304aac
Opcode Fuzzy Hash: 4f852de3839f854bb849e7a3a8114644dd663342ceff9f60715f115e8b4eecec
Instruction Fuzzy Hash: 0BD09230704201AFCF459F60DA48F2ABBA2EF94704B209568F14A8A126DB32EC52EB05

Function 0E9C9000 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47dee32b83b18637d5f40af3ad8e7d8fbe0af2ec1238bad5cd71e7b50e373bea
Instruction ID: e1d41cae26d38568a867a2905ae5b06d6de6ca20652bace1c1226f831e41542c
Opcode Fuzzy Hash: 47dee32b83b18637d5f40af3ad8e7d8fbe0af2ec1238bad5cd71e7b50e373bea
Instruction Fuzzy Hash: 45A1E235A14300EFEB20DF58C882B69B3E8EBC9710F45485DE95AA7391D7B4EC518F92

Function 0E9C1A00 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d74814b330a0d6c6140517aa2114f978df5e80ecf92c4d8b8d870f0f61e64ef2
Instruction ID: 47d087730cb70700ed946b71a9634768468258b2023d713d3cc426191340b9ab
Opcode Fuzzy Hash: d74814b330a0d6c6140517aa2114f978df5e80ecf92c4d8b8d870f0f61e64ef2
Instruction Fuzzy Hash: 1F51C074A013049FDB04DF95C8C09A9B3B9FF89304FA445ADE909AB30AD7B5AC42CF61

Function 0E9C8FE8 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d885846a0c9169675d4e369259eb1a6a4ee0c5202c076ef9066b5544bf4480
Instruction ID: c61de26ec726ec9ba6ae6a7465bba7d89cd06753004acce282a62e8f9151df53
Opcode Fuzzy Hash: 52d885846a0c9169675d4e369259eb1a6a4ee0c5202c076ef9066b5544bf4480
Instruction Fuzzy Hash: C8314436B50715ABEB249E9CC842BADB7D9DBC9311F41012DEE65E37C0C7B89D018B92

Function 0E9CF000 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 120a6efd17975ef3ff8caa207f51a3c4d2a86d231f8f0d7e3caa4c18744cd6f4
Instruction ID: 32caa11819bda8914a572e4eebb7476fce887ce48980d9319277c8776ee4d3c3
Opcode Fuzzy Hash: 120a6efd17975ef3ff8caa207f51a3c4d2a86d231f8f0d7e3caa4c18744cd6f4
Instruction Fuzzy Hash: 71412734740300ABFB24DA44CC92F76F3E9EB49710F45055CE95AAB7C1CBA4AC50CB92

Function 0E9C8FB2 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1cf07d49ab3472b5d0545a10def5dfc54d40f9fb60bb865309a946f21106260
Instruction ID: 155e3dfec20fb73aada60007357e5d176001d5904465f10c42cd3cb9311d3dd8
Opcode Fuzzy Hash: c1cf07d49ab3472b5d0545a10def5dfc54d40f9fb60bb865309a946f21106260
Instruction Fuzzy Hash: AA315831B102119BDF209FACC8417ADBBE9DBC4364F41052DED15A33C1C6B48D428F42

Function 0E9C8FCF Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9f473a315ae8cf4df5c6d78ce1ffdc06ad43e6600f45a8683bcd2ab6e09044f
Instruction ID: 81a7bad3eeccaf7443e000df5cbb012677108bbd08917814ae65777c146ebb27
Opcode Fuzzy Hash: a9f473a315ae8cf4df5c6d78ce1ffdc06ad43e6600f45a8683bcd2ab6e09044f
Instruction Fuzzy Hash: D0213836B507159BDB249E9CC881BADB7D9DBC4365F41052EED15E33C0C2B89D418F52

Function 0E9C1C00 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aef288a7a7f8fe7ea840a07bd358504353a769f444e3c953177958bd122a91e0
Instruction ID: f2e2429437f6b5e621f5540cf736d4b0a53f6f66d27c61debdfd4c6f748452c2
Opcode Fuzzy Hash: aef288a7a7f8fe7ea840a07bd358504353a769f444e3c953177958bd122a91e0
Instruction Fuzzy Hash: 6E2144302442099FEB14DF4AC882BA9B3A8EB85314F50444CF9998B386D7B5EC61CB93

Function 0E9C266F Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb4870c36ae7caaa3de66006c83af79c8c99989788886d031b817c085b668e29
Instruction ID: bdf86b64cb2fce33793025ad2d22708162caa417c556f478b4f11e5bb478683f
Opcode Fuzzy Hash: cb4870c36ae7caaa3de66006c83af79c8c99989788886d031b817c085b668e29
Instruction Fuzzy Hash: 52E01A31715604CFCB24DF5DE990A56F3E9EB98625B00466AE94AC3711D620ED044AE2

Function 0E9C8ED8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3372927840.000000000E9C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0E9C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e9c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70be40245bd2615dd7c925604529a3f03b5df7e01bcaee0a5fcd275c27cd6111
Instruction ID: ded9357bca035ee304b25dcb46ffd613aeb178728de8cd9fc4a999df1cf0a7ec
Opcode Fuzzy Hash: 70be40245bd2615dd7c925604529a3f03b5df7e01bcaee0a5fcd275c27cd6111
Instruction Fuzzy Hash: 69C04C336051048B8710DE8DFC81895F3D8FB84135B148697E91CC7111D711D9244691

Function 0938013F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938093F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938012F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380127 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938011F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380117 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938010F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938090F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380907 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938097F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938017F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380977 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380177 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380167 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938014F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380147 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093801AF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093809A7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938099F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938019F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380197 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938018F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380187 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093809FF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093801FF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093809DF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093801D7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093809CF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093801CF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093809C7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093801C7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938081F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380817 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938080F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380877 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938086F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938006F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380867 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938085F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380857 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938004F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380047 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093808BF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093808B7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938088F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380887 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093808FF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093800F7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093808F7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093800EF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093808EF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093800E7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093808E7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093800DF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380B27 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938030F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380B77 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938034F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803BF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803B7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803AF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803A7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803FF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803F7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803EF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803E7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803CF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093803C7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380A0F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380207 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380A7F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938024F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938051F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380D17 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380D77 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380D6F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381D6F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09380D67 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380D5F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938054F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380DBF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380DB7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093805AF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380DA7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093805A7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380DDF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380DD7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093805D7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938043F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380437 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381C2F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09380427 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381C1F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09381C17 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09380417 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938040F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938046F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938045F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381C57 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 093804BF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380CBF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093804B7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380CB7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093804AF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380C9F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380C97 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380487 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380CEF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380CE7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381CC7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09380F3F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380737 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938072F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380727 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380F27 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381F27 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 0938071F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380717 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380F17 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380F0F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380F07 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381F7F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09381F77 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09381F6F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09381F67 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09380F67 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380F5F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938075F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380F57 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380757 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938074F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380F4F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381FAF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 09381FE7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 093807E7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381FDF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Function 0938063F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380637 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380E77 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380677 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938066F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380667 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 093806B7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380EA7 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 0938068F Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09380EFF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction ID: 4683c001f0f7189eb3dfa21da2f624900ec86f57653af655503749d7fb42367a
Opcode Fuzzy Hash: 042a54250f25c21be269b76f75933f31a341c559031e70081525446c7c939efd
Instruction Fuzzy Hash:

Function 09381EDF Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3362099544.0000000009380000.00000010.00000800.00020000.00000000.sdmp, Offset: 09380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9380000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction ID: a0a792ad0c26c3750ee3436a4165f273731b09c8e73916352289df05a1ea2721
Opcode Fuzzy Hash: 43e9e456df4894401c15b478709a7668ca80bf393c9555a5f4939e34f563db62
Instruction Fuzzy Hash:

Non-executed Functions

Function 004338E0 Relevance: 89.0, APIs: 47, Strings: 3, Instructions: 1494windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C9493: __EH_prolog.LIBCMT ref: 006C9498
Part of subcall function 006C9493: BeginPaint.USER32(?,?,?,?,004113B9), ref: 006C94C1

Part of subcall function 006C9044: GetClipBox.GDI32(?,?), ref: 006C904B

DPtoLP.GDI32 ref: 004339FB
GetClientRect.USER32(?,?), ref: 00433A09
DPtoLP.GDI32(?,?,00000002), ref: 00433A21
IntersectRect.USER32(?,?,?), ref: 00433AC0
LPtoDP.GDI32(?,?,00000002), ref: 00433B01
IntersectRect.USER32(?,?,?), ref: 00433B5E
LPtoDP.GDI32(?,?,00000002), ref: 00433B9F
CreateRectRgnIndirect.GDI32(?), ref: 00433BCA
IntersectRect.USER32(?,?,?), ref: 00433BFE
LPtoDP.GDI32(?,?,00000002), ref: 00433C3F
CreateRectRgnIndirect.GDI32(?), ref: 00433C65
CreateRectRgnIndirect.GDI32(?), ref: 00433C94
GetCurrentObject.GDI32(?,00000006), ref: 00433CB0
GetCurrentObject.GDI32(?,00000001), ref: 00433CC9
GetCurrentObject.GDI32(?,00000002), ref: 00433CE2

Part of subcall function 006C8D03: SetBkMode.GDI32(?,?), ref: 006C8D1C
Part of subcall function 006C8D03: SetBkMode.GDI32(?,?), ref: 006C8D2A

Part of subcall function 006C5A18: GetScrollPos.USER32(00000000,?), ref: 006C5A36

Part of subcall function 00433510: CreateFontIndirectA.GDI32(00000000), ref: 00433562

FillRgn.GDI32(?,?,?), ref: 00433EC2
IntersectRect.USER32(?,?,?), ref: 00433FA7
IsRectEmpty.USER32(?), ref: 00433FB2
LPtoDP.GDI32(?,?,00000002), ref: 00433FCF
CreateRectRgnIndirect.GDI32(?), ref: 00433FDA
CombineRgn.GDI32(?,?,?,00000004), ref: 0043400B
DPtoLP.GDI32(?,?,00000002), ref: 00434029

Part of subcall function 006C8DEA: SetMapMode.GDI32(?,?), ref: 006C8E03
Part of subcall function 006C8DEA: SetMapMode.GDI32(?,?), ref: 006C8E11

PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00434068
IntersectRect.USER32(?,?,?), ref: 004340FB
IsRectEmpty.USER32(?), ref: 00434141
SelectObject.GDI32(?,?), ref: 0043417C
DPtoLP.GDI32(?,?,00000001), ref: 00434208
LPtoDP.GDI32(?,?,00000001), ref: 00434327
DPtoLP.GDI32(?,?,00000001), ref: 00434345

Part of subcall function 006C9118: MoveToEx.GDI32(?,?,?,?), ref: 006C913A
Part of subcall function 006C9118: MoveToEx.GDI32(?,?,?,?), ref: 006C914E

Part of subcall function 006C9164: MoveToEx.GDI32(?,?,?,00000000), ref: 006C917E
Part of subcall function 006C9164: LineTo.GDI32(?,?,?), ref: 006C918F

Part of subcall function 006C8C27: SelectObject.GDI32(?,00000000), ref: 006C8C49
Part of subcall function 006C8C27: SelectObject.GDI32(?,?), ref: 006C8C5F

Part of subcall function 00436B10: GetCurrentObject.GDI32(?), ref: 00436BDB
Part of subcall function 00436B10: LPtoDP.GDI32(?,00000000,00000001), ref: 00436C28

IntersectRect.USER32(?,00000000,?), ref: 00434492
IsRectEmpty.USER32(00000000), ref: 0043449D
PatBlt.GDI32(?,00000000,?,?,?,00F00021), ref: 004344E4
LPtoDP.GDI32(?,00000000,00000002), ref: 004344F9
CreateRectRgnIndirect.GDI32(00000000), ref: 00434504
CombineRgn.GDI32(?,?,?,00000004), ref: 00434535
LPtoDP.GDI32(?,?,00000001), ref: 00434564
DPtoLP.GDI32(?,?,00000001), ref: 00434582
wsprintfA.USER32 ref: 00434620
SelectObject.GDI32(?,?), ref: 00434648
IntersectRect.USER32(?,?,?), ref: 00434BB8
IsRectEmpty.USER32(?), ref: 00434BC3
LPtoDP.GDI32(?,?,00000002), ref: 00434BE0
CreateRectRgnIndirect.GDI32(?), ref: 00434BEB
CombineRgn.GDI32(?,?,?,00000004), ref: 00434C1C
GetSysColor.USER32(0000000F), ref: 00433DA6

Part of subcall function 006C9690: __EH_prolog.LIBCMT ref: 006C9695
Part of subcall function 006C9690: CreateSolidBrush.GDI32(?), ref: 006C96B2

Part of subcall function 006C9640: __EH_prolog.LIBCMT ref: 006C9645
Part of subcall function 006C9640: CreatePen.GDI32(?,?,?), ref: 006C9668

CreateRectRgnIndirect.GDI32(?), ref: 00433B26

Part of subcall function 00435020: CopyRect.USER32(?,00000000), ref: 00435097
Part of subcall function 00435020: IsRectEmpty.USER32(?), ref: 004350A2
Part of subcall function 00435020: GetClientRect.USER32(00000000,?), ref: 004350E1
Part of subcall function 00435020: DPtoLP.GDI32(?,?,00000002), ref: 004350F3
Part of subcall function 00435020: LPtoDP.GDI32(?,?,00000002), ref: 00435130

FillRect.USER32(?,?,?), ref: 00434F19

Strings

|eu, xrefs: 00433E57
Tyn, xrefs: 00434B32
Tyn, xrefs: 00434B55

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Create$IndirectObject$Intersect$Empty$CurrentModeSelect$CombineH_prologMove$ClientFill$BeginBrushClipColorCopyFontLinePaintScrollSolidwsprintf
String ID: Tyn$Tyn$|eu
API String ID: 2506852199-3620367375
Opcode ID: 28c101ea01f361764dd3d1008bbc0cd07eb3f5e72c9d8cc7fa241f4ba3bf8133
Instruction ID: b04f4bc0b424dd4436455f3f9726c078188513c32d61e7aef2064b82c704b05f
Opcode Fuzzy Hash: 28c101ea01f361764dd3d1008bbc0cd07eb3f5e72c9d8cc7fa241f4ba3bf8133
Instruction Fuzzy Hash: 38D235716083819FD324DF65C895FAFB7E9EBC8704F004A1EF58A83291DB74A905CB66

Function 0041AEA0 Relevance: 55.2, APIs: 29, Strings: 2, Instructions: 979windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0041AF12
IsIconic.USER32(?), ref: 0041AF4A
SetActiveWindow.USER32(?,?,?), ref: 0041AF73
IsWindow.USER32(?), ref: 0041AF9D
IsWindow.USER32(?), ref: 0041B26E
DestroyAcceleratorTable.USER32(?), ref: 0041B3BE
DestroyMenu.USER32(?), ref: 0041B3C9
DestroyAcceleratorTable.USER32(?), ref: 0041B3E3
DestroyMenu.USER32(?), ref: 0041B3F2
DestroyAcceleratorTable.USER32(?), ref: 0041B452
DestroyMenu.USER32(?,000003EA,00000000,00000000,?,?,00000000,000007D9,00000000,00000000), ref: 0041B461
SetParent.USER32(?,?), ref: 0041B4E3
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?), ref: 0041B5FB
IsWindow.USER32(?), ref: 0041B72C
SendMessageA.USER32(?,0000806F,00000000,00000000), ref: 0041B741
SendMessageA.USER32(?,00008004,00000000,00000000), ref: 0041B75E
DestroyAcceleratorTable.USER32(?), ref: 0041B7AC
IsWindow.USER32(?), ref: 0041B821
IsWindow.USER32(?), ref: 0041B871
IsWindow.USER32(?), ref: 0041B8C1
IsWindow.USER32(?), ref: 0041B8FE
IsWindow.USER32(?), ref: 0041B981
GetParent.USER32(?), ref: 0041B98F
GetFocus.USER32 ref: 0041B9D0

Part of subcall function 0041AD90: IsWindow.USER32(?), ref: 0041AE0B
Part of subcall function 0041AD90: GetFocus.USER32 ref: 0041AE15
Part of subcall function 0041AD90: IsChild.USER32(?,00000000), ref: 0041AE27

IsWindow.USER32(?), ref: 0041BA2F
SendMessageA.USER32(?,00008076,00000000,00000000), ref: 0041BA44
IsWindow.USER32(00000000), ref: 0041BA57
GetFocus.USER32 ref: 0041BA61
SetFocus.USER32(00000000), ref: 0041BA6C

Strings

(nv, xrefs: 0041B8F3
d, xrefs: 0041AEB3

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Destroy$AcceleratorFocusTable$MenuMessageSend$Parent$ActiveChildIconic
String ID: (nv$d
API String ID: 3681805233-119620589
Opcode ID: cf56ae700171652a20e23298e9cf3dc344053def4136041cb87e577272e8e945
Instruction ID: a5e1bc6d601c93b6e3d4fc5a701a52ad82ba9a0869c259dfc3fddc1d6d5959f7
Opcode Fuzzy Hash: cf56ae700171652a20e23298e9cf3dc344053def4136041cb87e577272e8e945
Instruction Fuzzy Hash: 2E727D716043419BD320DF65C881BAFB7E9EF88744F14492EF98597341DB38E8858BAA

Function 004231F0 Relevance: 51.7, APIs: 23, Strings: 6, Instructions: 986windowCOMMON

Download Yara Rule

APIs

IsWindowEnabled.USER32(?), ref: 00423229
TranslateAccelerator.USER32(?,?,?), ref: 00423283
IsChild.USER32(?,?), ref: 004232B4
GetFocus.USER32 ref: 0042340F
PostMessageA.USER32(?,000000A1,00000002,00000000), ref: 00423499
PostMessageA.USER32(?,000000A1,00000002,00000000), ref: 00423508
IsChild.USER32(?,00000000), ref: 004235B1
SendMessageA.USER32(?,00000010,00000000,00000000), ref: 00423582

Part of subcall function 00418D90: IsChild.USER32(?,?), ref: 00418E0D
Part of subcall function 00418D90: GetParent.USER32(?), ref: 00418E27

IsWindow.USER32(?), ref: 00423E89

Strings

9, xrefs: 0042377E
A, xrefs: 00423783
0, xrefs: 00423779
|eu, xrefs: 004237CE
Z, xrefs: 0042378C
hlp, xrefs: 00423B2D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChildMessage$PostWindow$AcceleratorEnabledFocusParentSendTranslate
String ID: 0$9$A$Z$hlp$|eu
API String ID: 3372979518-3954445844
Opcode ID: 72a18b8de59a39879ec49096fdf1dfb55a98713c4134dd553b62101923d891ee
Instruction ID: 722f0ddd41333825ab35e3b850f3b8b46034141bc298f78d10fefa3dc5b0a018
Opcode Fuzzy Hash: 72a18b8de59a39879ec49096fdf1dfb55a98713c4134dd553b62101923d891ee
Instruction Fuzzy Hash: 5472AF70704251ABEB24DE24E880B6BB3B9EF84705F50092EF94597381DB7CDE45CB6A

Function 006BE8A7 Relevance: 26.7, Strings: 21, Instructions: 417COMMON

Download Yara Rule

Strings

0, xrefs: 006BEB46
0, xrefs: 006BEA48
e, xrefs: 006BE99F
9, xrefs: 006BE9BC
-, xrefs: 006BEAA5
9, xrefs: 006BEAF4
C, xrefs: 006BE988
9, xrefs: 006BEB28
0, xrefs: 006BEB15
9, xrefs: 006BE968
-, xrefs: 006BE97E
E, xrefs: 006BE991
9, xrefs: 006BE916
c, xrefs: 006BE996
9, xrefs: 006BEB38
1, xrefs: 006BEB1F
+, xrefs: 006BEA9C
0, xrefs: 006BE9D1
1, xrefs: 006BEAEC
0, xrefs: 006BE983
+, xrefs: 006BE979

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: +$+$-$-$0$0$0$0$0$1$1$9$9$9$9$9$9$C$E$c$e
API String ID: 0-1157002505
Opcode ID: 21263df1708e4645b92a65a966fa906e4da0edeaf72b8d6bf3a733328e0b376d
Instruction ID: 2bf95965c8bc1dca51aadd0b865920382d657233b94d6b07097cd913d553d95c
Opcode Fuzzy Hash: 21263df1708e4645b92a65a966fa906e4da0edeaf72b8d6bf3a733328e0b376d
Instruction Fuzzy Hash: 73E102B0E54219CFEB64CFA4C9457FDBBB7BB04301F28402AD412A6292D7BB89C2D755

Function 004243E0 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 93libraryloaderwindowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 004243EC
IsZoomed.USER32(?), ref: 004243FA
LoadLibraryA.KERNEL32(User32.dll,00000003,00000009), ref: 00424424
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00424437
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00424445
FreeLibrary.KERNEL32(00000000), ref: 0042447B
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00424491
IsWindow.USER32(?), ref: 004244BE
ShowWindow.USER32(?,00000005,?,?,?,?,00000004), ref: 004244CB

Strings

GetMonitorInfoA, xrefs: 0042443D
H, xrefs: 00424468
User32.dll, xrefs: 00424419
MonitorFromWindow, xrefs: 00424431

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressLibraryProcWindow$FreeIconicInfoLoadParametersShowSystemZoomed
String ID: GetMonitorInfoA$H$MonitorFromWindow$User32.dll
API String ID: 447426925-661446951
Opcode ID: 8935b988ed4ad72397936330073a7ca88bc2b9b079528e29757d7abeae9ed0c0
Instruction ID: 91084ef5331f0e92711d3ef0e2ebeef4c80f9a8d760c2a9e3c6292d2a71d7e47
Opcode Fuzzy Hash: 8935b988ed4ad72397936330073a7ca88bc2b9b079528e29757d7abeae9ed0c0
Instruction Fuzzy Hash: 1B313C71700311AFD710AFA5EC49F3B77AAEF84B40F44841EBA41A7290DB78ED058A69

Function 0040E9C0 Relevance: 17.3, APIs: 11, Instructions: 840COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: afbd0a4df6bd71c4d3699269f2c6c099e7a0d63d7221d8b3c2062b925b84d650
Instruction ID: 3c6e19fa704a673f5e0ef097a8e052be547b0cac7eea770e0655cf741d8be4ce
Opcode Fuzzy Hash: afbd0a4df6bd71c4d3699269f2c6c099e7a0d63d7221d8b3c2062b925b84d650
Instruction Fuzzy Hash: 8E62C274A00206CFCB24CF59C880AAEB7B5FF48310F24857EE815AB791D7799D46CB99

Function 006C32DE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 72stringfileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C32E3
GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 006C3301
lstrcpyn.KERNEL32(?,?,00000104), ref: 006C3310
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 006C3344
CharUpperA.USER32(?), ref: 006C3355
FindFirstFileA.KERNEL32(?,?), ref: 006C336B
FindClose.KERNEL32(00000000), ref: 006C3377
lstrcpy.KERNEL32(?,?), ref: 006C3387

Strings

|eu, xrefs: 006C331D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
String ID: |eu
API String ID: 304730633-2588889719
Opcode ID: a89a673ec5cdc366249e5f9619031c571819b462cb84276f1ca0a2d6874bc87e
Instruction ID: 1d95f74dbaf2feb08dc014b3d7f9f734b7a7edbd199da3f3fefc5de74f68b700
Opcode Fuzzy Hash: a89a673ec5cdc366249e5f9619031c571819b462cb84276f1ca0a2d6874bc87e
Instruction Fuzzy Hash: 6321FF71901169ABCB119F95DC48EFF7FBEEF45760F10811AF519D62A0DB308A45CBA0

Function 00420140 Relevance: 15.4, APIs: 10, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c34da74837837edbd7d4c4de0be7e4e490d769fb2f64f583d7568780b80c819
Instruction ID: 0a6ecbdfeb8751e7fab35b23754d1a25a3ad88e342b41fc88432b005093b5aa6
Opcode Fuzzy Hash: 1c34da74837837edbd7d4c4de0be7e4e490d769fb2f64f583d7568780b80c819
Instruction Fuzzy Hash: 08C1C0767046148FE310EF29FC45B6BB3E5FB84314F90492FE846C7342DA36E9168A99

Function 00413670 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114filewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C25B1: InterlockedIncrement.KERNEL32(?), ref: 006C25C6

FindFirstFileA.KERNEL32(?,?,*.*), ref: 0041370A

Part of subcall function 006C0067: __EH_prolog.LIBCMT ref: 006C006C

Part of subcall function 006C283C: InterlockedDecrement.KERNEL32(-000000F4), ref: 006C2850

SendMessageA.USER32 ref: 004137B0
FindNextFileA.KERNEL32(?,00000010), ref: 004137BC
FindClose.KERNEL32(?), ref: 004137CF
SendMessageA.USER32(?,00001102,00000002,?), ref: 004137E1

Part of subcall function 006C2C18: lstrlen.KERNEL32(00766E28,0041C85C,00766E28,0041C935,006F9EA0,?,?,?,?,?,?,?,00000000,006D00A8,000000FF), ref: 006C2C29

Strings

*.*, xrefs: 004136F2

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$FileInterlockedMessageSend$CloseDecrementFirstH_prologIncrementNextlstrlen
String ID: *.*
API String ID: 2803911787-438819550
Opcode ID: f656129123ed309675117a3cda2933d9de1a8672dc8b588ca8eed0f3fa58ecbf
Instruction ID: c384b18dc6be083c3e56da6f0f5fa24a234a4e58b55768d9798d0e29379d0b1a
Opcode Fuzzy Hash: f656129123ed309675117a3cda2933d9de1a8672dc8b588ca8eed0f3fa58ecbf
Instruction Fuzzy Hash: D7418DB1504346ABD350DF64C892FEBB7E9AF84711F00891DFAA5832D0DB74D988CB66

Function 006C4ECC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 006C4F02
wsprintfA.USER32 ref: 006C4F1E
GetClassInfoA.USER32(?,-00000058,?), ref: 006C4F2D

Strings

Afx:%x:%x, xrefs: 006C4EFC
Afx:%x:%x:%x:%x:%x, xrefs: 006C4F18

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf$ClassInfo
String ID: Afx:%x:%x$Afx:%x:%x:%x:%x:%x
API String ID: 845911565-79760390
Opcode ID: aee3f77637e1bc1b2ed3a8c7c44b5eff7cc06c0a82d507c5de9dcd1c16375dd7
Instruction ID: d70fa4db5cba6d7f395231c8e5a78d430d006b6816879164d80525b70d46956a
Opcode Fuzzy Hash: aee3f77637e1bc1b2ed3a8c7c44b5eff7cc06c0a82d507c5de9dcd1c16375dd7
Instruction Fuzzy Hash: A7214F71D01249AF8F10DF95DC85EEE7BBAFF48754B00402EF914E2201EB309A51DBA5

Function 00420030 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(?,WTWindow,00000000), ref: 00420058
LoadCursorA.USER32(00000000,00007F00), ref: 00420069
GetStockObject.GDI32(00000005), ref: 00420073

Strings

WTWindow, xrefs: 0042004C, 00420056

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassCursorInfoLoadObjectStock
String ID: WTWindow
API String ID: 1762135420-3503404378
Opcode ID: e2409e1dcfe89b7fcca6d8c3cffe57da24f7d12f0fcd33c6432c5950c8ddda70
Instruction ID: 3e6d4df392c0ffd833ca38e506d3b3bcf6f59f37f632d517154e1e998a03d5c0
Opcode Fuzzy Hash: e2409e1dcfe89b7fcca6d8c3cffe57da24f7d12f0fcd33c6432c5950c8ddda70
Instruction Fuzzy Hash: FD11A571A0A3119FD350EF55AC84A2BFFE9FF88750F84182EF88893212DB3599458B56

Function 0041CA30 Relevance: 6.1, APIs: 4, Instructions: 94fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(?,?), ref: 0041CA82
FindClose.KERNEL32 ref: 0041CA91
FindFirstFileA.KERNEL32(?,?), ref: 0041CA9D
FindClose.KERNEL32(00000000), ref: 0041CAFB

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: a3b9f1ecb0f742fcbfa86556a0a052bebd973f8072eb0a21cd15399dc6933fd6
Instruction ID: 4221c7cc52dad5e4f43d2ba4a994b7207feff13e8daea8a5e8c1a9f42202edaa
Opcode Fuzzy Hash: a3b9f1ecb0f742fcbfa86556a0a052bebd973f8072eb0a21cd15399dc6933fd6
Instruction Fuzzy Hash: ED21E5329857194BD322CA24DCC47FB7394AF85B64F16061AE96587380EB79DCC5828A

Function 006A9F6B Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

MonitorFromWindow.USER32(00000002,00000000), ref: 006A9F80

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FromMonitorWindow
String ID:
API String ID: 721739931-0
Opcode ID: 4d97d47747d6fcbeaf006c6dec9aa147ccae224d73ff30487dc89800d3554af0
Instruction ID: fc3140719f1f44807e177ceb4c7983ad6be0abfcd3b299e62a06ad833d8a5115
Opcode Fuzzy Hash: 4d97d47747d6fcbeaf006c6dec9aa147ccae224d73ff30487dc89800d3554af0
Instruction Fuzzy Hash: B3F01931604108AFCF42BFA1DC08AEA7BBAAB02344F248015F81AD4161DB30DE65AFB0

Function 00427250 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 638COMMON

Download Yara Rule

Strings

|eu, xrefs: 004272DE
GnB, xrefs: 00427607, 00427A10

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: GnB$|eu
API String ID: 0-1179861638
Opcode ID: dcdcd3fe9b6066c4c441f4ca3e4a638a08e772efca52bfdd5697d2daebbab7a8
Instruction ID: 6e9697d3acef6a006c25d78cd4f3f6eebe18dfb5ba0b56dc9689d7feca45193b
Opcode Fuzzy Hash: dcdcd3fe9b6066c4c441f4ca3e4a638a08e772efca52bfdd5697d2daebbab7a8
Instruction Fuzzy Hash: A032E271F04215DFCB14DFA8D881BAEB7B1BF49314F64426AE806AB381D738AD41CB95

Function 006B44DC Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 006B44E9
GetSystemTime.KERNEL32(?), ref: 006B44F3
GetTimeZoneInformation.KERNEL32(?), ref: 006B4548

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Time$InformationLocalSystemZone
String ID:
API String ID: 2475273158-0
Opcode ID: b5ab2ca5e347a4757a2bf12d7d9dbdf7a5c8006f0fbe40892612ec704f2a9745
Instruction ID: e019ecfe17060941f733a5f9d99a9bef0541340478314894b936259bf56b3ebf
Opcode Fuzzy Hash: b5ab2ca5e347a4757a2bf12d7d9dbdf7a5c8006f0fbe40892612ec704f2a9745
Instruction Fuzzy Hash: 4E2171AA800516EBCF31EF98D805AFE77BABB08750F404155FC15E6295EB389DC2C729

Function 00424F00 Relevance: 4.5, APIs: 3, Instructions: 49keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000011), ref: 00424F31
GetKeyState.USER32(00000010), ref: 00424F46
GetKeyState.USER32(00000012), ref: 00424F5B

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: 1683dd61c41ee3cf02e4d598b9c761d7dcdf1ca394814d66bef2e394073bda56
Instruction ID: b9ea8beb71cd38c8b57b0966407d5b76137040cf80192e47e8e7700d5c5caf8f
Opcode Fuzzy Hash: 1683dd61c41ee3cf02e4d598b9c761d7dcdf1ca394814d66bef2e394073bda56
Instruction Fuzzy Hash: A801261AF0427542DF641264B7087F155418BC0B90FD74073D90D377C09A8C0C8623AE

Function 006C6348 Relevance: 4.5, APIs: 3, Instructions: 32COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(?,00428673,000000F0), ref: 006C6367
LoadResource.KERNEL32(?,00000000,?,?,?,006C3C08,?,?,00428673), ref: 006C6373
LockResource.KERNEL32(00000000,?,?,?,006C3C08,?,?,00428673), ref: 006C6382

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Resource$FindLoadLock
String ID:
API String ID: 2752051264-0
Opcode ID: 5df6ab6595eccb9ac278312db5d33ca81b095b6261fe58af257562bec8579463
Instruction ID: 79035a3ebaa437ed6dec5babcc4f8b4d43842f7a6f7fe2319d69c909d1dc7bdd
Opcode Fuzzy Hash: 5df6ab6595eccb9ac278312db5d33ca81b095b6261fe58af257562bec8579463
Instruction Fuzzy Hash: BAE0E532602301ABC3015B61DC08EBBA35FEFD83A1714582FF509D3121CF304C014A28

Function 00420810 Relevance: 3.2, APIs: 2, Instructions: 209windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00420940

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Iconic
String ID:
API String ID: 110040809-0
Opcode ID: 635abc3d44b72f5685073c1ce46f3764bd678d69f44784b2d5de048d8f1e2401
Instruction ID: 229b088c133937756d2d86e82816d3e8f49a31c4da8e76f52859d678aa9a0a57
Opcode Fuzzy Hash: 635abc3d44b72f5685073c1ce46f3764bd678d69f44784b2d5de048d8f1e2401
Instruction Fuzzy Hash: 6681AC76214711CBD354CF2CD490B8AB7E5FBA9310F10886EE49ACB350D776E886CBA1

Function 006CD244 Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(?,006CD2E7,?,006CC670,00000010,?,00000100,?,?,?,006CC057,006CC0BA,006CB93B,006C819B,00000100,006C8134), ref: 006CD257
RtlInitializeCriticalSection.NTDLL(0077C618), ref: 006CD27C

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalInitializeSectionVersion
String ID:
API String ID: 385228656-0
Opcode ID: 494f42cdab196eb096cee344cd9b291e8e74c2ca04e1e994590db146e959d4bc
Instruction ID: b04da1e4e7fc07a96dc1f50803de1301566f6ed9dc1be9efb1e5408b2ff75ed4
Opcode Fuzzy Hash: 494f42cdab196eb096cee344cd9b291e8e74c2ca04e1e994590db146e959d4bc
Instruction Fuzzy Hash: 09E04F72451312D7D77B4B09FC44BA5736AF718BA1F11A02EE50540160CB7C9AC18FC8

Function 00424D50 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 00424D60
FindClose.KERNEL32(00000000), ref: 00424D6C

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 342007f754bb4887abf6bc1af0f0a94dd1352313a108bdf9b0a39164359b66d6
Instruction ID: 6fb90ef91479e717d97cf169822aa5e3e44ca39c3e9457decbb92ef555b72a5b
Opcode Fuzzy Hash: 342007f754bb4887abf6bc1af0f0a94dd1352313a108bdf9b0a39164359b66d6
Instruction Fuzzy Hash: 5BD0A7749101005BD3119BB4EC086BA3399A785320FC41A29B92CC53E0FB3ECC988511

Function 0042DF30 Relevance: 2.8, Strings: 2, Instructions: 257COMMON

Download Yara Rule

Strings

MTrk, xrefs: 0042E0AC
d, xrefs: 0042E174

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: MTrk$d
API String ID: 0-4044675371
Opcode ID: aeb253544f344b4cdf5752322f30aa6817dc80b7b089e2b4eac0d659e19ba7bd
Instruction ID: c97c5fc9d38bbf23ac1a1b2d53b0d527ced0e4a369852e8fabe357527624dc81
Opcode Fuzzy Hash: aeb253544f344b4cdf5752322f30aa6817dc80b7b089e2b4eac0d659e19ba7bd
Instruction Fuzzy Hash: E791B271B002159FD718CF2AD88096AB7E2EFC8304B54893EE84ACB345DA79E906C759

Function 00425BF0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(?,?,?), ref: 00425C08

Part of subcall function 006C4E2B: __EH_prolog.LIBCMT ref: 006C4E30
Part of subcall function 006C4E2B: GetClassInfoA.USER32(?,?,?), ref: 006C4E4B
Part of subcall function 006C4E2B: RegisterClassA.USER32(?), ref: 006C4E56

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Class$Info$H_prologRegister
String ID:
API String ID: 1678024082-0
Opcode ID: b67024c3e325c39740da96b1abc438c32021016e1e5e5053f20d5d3322611806
Instruction ID: 11864eb16375bd2b48fb12df9a344a3b4688d6af42323d3edb35260c3de8dd7c
Opcode Fuzzy Hash: b67024c3e325c39740da96b1abc438c32021016e1e5e5053f20d5d3322611806
Instruction Fuzzy Hash: 9E01A274A09302AF8344DF1AD88095BBBF5FEC8751F40991EF88893320E73099468F96

Function 004415E0 Relevance: .9, Instructions: 903COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89971cc3909d2a2f95805c49edfac2567ce98444d3fa59ddf65f716702ec4635
Instruction ID: f6ce8877f220fa16eb087e2c40c287a5bdc18c559797b25d09144f2bb6db6945
Opcode Fuzzy Hash: 89971cc3909d2a2f95805c49edfac2567ce98444d3fa59ddf65f716702ec4635
Instruction Fuzzy Hash: 9F52CA767447094BD308CE9ACC915AEF3E7ABC8314F488A3CE955C3346EEB4ED0A8655

Function 004255C0 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceadd85e04f79e9ad4701b88e96f6118e0938cf801b7c5a7cd5363f705df8b46
Instruction ID: 74fece6885ae953d314199b0b0ddf3f6ddb5d8dcd69a49abdb66b397fbe10aaf
Opcode Fuzzy Hash: ceadd85e04f79e9ad4701b88e96f6118e0938cf801b7c5a7cd5363f705df8b46
Instruction Fuzzy Hash: BFC1CD31608BA08FD725DE09E0A43ABB7E2AFD1750FD8481FE4C647361D6389D59CB4A

Function 006BA7E6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction ID: 50f7302088db6c123e2944336a0ec072dd48b41c72778a12f9afc66d3575ca2a
Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction Fuzzy Hash: A2B15C7591020ADFDB25CF44C5D0AE8BBA2BF58314F24C1ADD85A5B782D731EE86CB90

Function 0041BFB0 Relevance: 33.3, APIs: 22, Instructions: 293windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 0041C03F
GetWindowRect.USER32(?,?), ref: 0041C096
GetParent.USER32(?), ref: 0041C0A6
GetParent.USER32(?), ref: 0041C0D9
GlobalSize.KERNEL32(00000000), ref: 0041C123
GlobalFix.KERNEL32(00000000), ref: 0041C12B
IsWindow.USER32(?), ref: 0041C144
GetTopWindow.USER32(?), ref: 0041C181
GetWindow.USER32(00000000,00000002), ref: 0041C19A
SetParent.USER32(?,?), ref: 0041C1C6
SendMessageA.USER32(?,0000806F,00000000,00000000), ref: 0041C211
SendMessageA.USER32(?,00008076,00000000,00000000), ref: 0041C220
GetParent.USER32(?), ref: 0041C233
SendMessageA.USER32(?,00008004,00000000,00000000), ref: 0041C24C
GetWindowLongA.USER32(?,000000F0), ref: 0041C254
SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 0041C284
SendMessageA.USER32(?,0000130C,00000000,00000000), ref: 0041C292
IsWindow.USER32(?), ref: 0041C2DE
GetFocus.USER32 ref: 0041C2E8
SetFocus.USER32(?,00000000), ref: 0041C300
GlobalUnWire.KERNEL32(00000000), ref: 0041C30B
GlobalFree.KERNEL32(00000000), ref: 0041C312

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend$GlobalParent$Focus$FreeLongRectSizeWire
String ID:
API String ID: 3944666249-0
Opcode ID: cbfaaf4705414faf4809b6fe849d8f14f6aad810ab5c00c2211bb3ef59cfa1fd
Instruction ID: a2609f74015c4371dd59fc1332305202b3f77e2180125a42a1d83d9ec5303a4f
Opcode Fuzzy Hash: cbfaaf4705414faf4809b6fe849d8f14f6aad810ab5c00c2211bb3ef59cfa1fd
Instruction Fuzzy Hash: A9A14A71644300AFD720DFA5CC85F6BB7EABB88700F108A1EF95597391CB78E8458B59

Function 00412570 Relevance: 31.9, APIs: 16, Strings: 2, Instructions: 384windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C9493: __EH_prolog.LIBCMT ref: 006C9498
Part of subcall function 006C9493: BeginPaint.USER32(?,?,?,?,004113B9), ref: 006C94C1

Part of subcall function 006C9044: GetClipBox.GDI32(?,?), ref: 006C904B

IsRectEmpty.USER32(?), ref: 004125B5
GetCurrentObject.GDI32(?,00000002), ref: 004125FA
GetCurrentObject.GDI32(?,00000001), ref: 0041260D
GetClientRect.USER32 ref: 00412692
CreatePen.GDI32(-00000003,00000000,?), ref: 004126AE
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00412772

Part of subcall function 006C9505: __EH_prolog.LIBCMT ref: 006C950A
Part of subcall function 006C9505: EndPaint.USER32(?,?,?,?,00411433), ref: 006C9527

Strings

gfff, xrefs: 004128E2
xkn, xrefs: 004129BF, 00412840, 00412844

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentH_prologObjectPaintRect$BeginClientClipCreateEmpty
String ID: gfff$xkn
API String ID: 3506841274-3322191372
Opcode ID: 94280b123b4a3ef0869ecbf50d435d11428a8c57120fb564991f060524bd852e
Instruction ID: 858fbe41497f522001d9250208543ecfda9dc46961b0363d2f60962c403e473b
Opcode Fuzzy Hash: 94280b123b4a3ef0869ecbf50d435d11428a8c57120fb564991f060524bd852e
Instruction Fuzzy Hash: A0E188B15083419BC714DF58C984EABB7EAFB88310F144A1EF595C7280DB74E949CBA6

Function 004215E0 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 245COMMON

Download Yara Rule

APIs

SetWindowRgn.USER32(?,00000000,00000001), ref: 00421611
GetWindowRect.USER32(?,?), ref: 0042163E
BeginPath.GDI32(?), ref: 004216C7
MulDiv.KERNEL32(7FFF0000,?,00007FFF), ref: 004216E0
MulDiv.KERNEL32(00000000,?,00007FFF), ref: 004216EF
MulDiv.KERNEL32(3FFF0000,?,00007FFF), ref: 00421717
MulDiv.KERNEL32(00000000,?,00007FFF), ref: 00421726
EndPath.GDI32(?), ref: 00421741
PathToRegion.GDI32(?), ref: 0042174C

Strings

gfff, xrefs: 0042181A
gfff, xrefs: 0042180A

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Path$Window$BeginRectRegion
String ID: gfff$gfff
API String ID: 3989698161-3084402119
Opcode ID: 9c9efbd17f651a0f5415dcf097977cb917ebe567045b947fb4607e0f23bef74c
Instruction ID: c8611a46f9133979f8af581c7d39bbfe651197f66858e64ef8c5448fe60d8ef8
Opcode Fuzzy Hash: 9c9efbd17f651a0f5415dcf097977cb917ebe567045b947fb4607e0f23bef74c
Instruction Fuzzy Hash: E881D4B1A043459BD314DF24DC89E7BBBEAEBD4700F44492EF58683390EA74AC05CB66

Function 004219C0 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 354COMMON

Download Yara Rule

APIs

CreateRectRgn.GDI32(?,?,?,?), ref: 00421A0E
GetClientRect.USER32(?,?), ref: 00421AA9
CreateRectRgn.GDI32 ref: 00421B1A
CombineRgn.GDI32(?,?,Tyn,00000004), ref: 00421B4B
SetRect.USER32(?,00000000,?,?,?), ref: 00421BA2
IntersectRect.USER32(?,?,?), ref: 00421BAF
IsRectEmpty.USER32(?), ref: 00421BDA
__ftol.LIBCMT ref: 00421CB8
__ftol.LIBCMT ref: 00421CC5
CreateRectRgn.GDI32(00000000,?,00000000,00000000), ref: 00421D1E
CombineRgn.GDI32(?,?,Tyn,00000004), ref: 00421D4F

Part of subcall function 0042BBE0: SetStretchBltMode.GDI32(?,00000000), ref: 0042BBF4
Part of subcall function 0042BBE0: GetObjectA.GDI32(?,00000018,?), ref: 0042BCD2

FillRgn.GDI32(?,?,00000000), ref: 00421DCC

Strings

Tyn, xrefs: 00421B2E, 00421D32, 00421B46, 00421D4A
Tyn, xrefs: 00421D86

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Create$Combine__ftol$ClientEmptyFillIntersectModeObjectStretch
String ID: Tyn$Tyn
API String ID: 2054119908-1355527962
Opcode ID: 01c04983b7606a2efcd525f1bab59e602265a4aa51afb575c4551b2b42a9e5b0
Instruction ID: da4df510cbd3d119e00c6319e85a3c588fc6eb10ae9e204787b1e9c6ade21076
Opcode Fuzzy Hash: 01c04983b7606a2efcd525f1bab59e602265a4aa51afb575c4551b2b42a9e5b0
Instruction Fuzzy Hash: 78D19B716083419FD314CF29D884A6BBBE9FFD8354F548A1DF895832A1DB70E805CB66

Function 006A9E3D Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(USER32,00000000,-00000024,75A84A40,006A9F76,?,?,?,?,?,?,?,006C6277,00000000,00000002,00000028), ref: 006A9E5F
GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 006A9E77
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 006A9E88
GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 006A9E99
GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 006A9EAA
GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 006A9EBB
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 006A9ECC

Strings

MonitorFromRect, xrefs: 006A9E93
GetSystemMetrics, xrefs: 006A9E71
GetMonitorInfoA, xrefs: 006A9EC6
USER32, xrefs: 006A9E5A
MonitorFromPoint, xrefs: 006A9EA4
EnumDisplayMonitors, xrefs: 006A9EB5
MonitorFromWindow, xrefs: 006A9E82

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
API String ID: 667068680-2376520503
Opcode ID: 87fe8fddad753837f7054077f48cbf3a164f18976e91db57b51c2f0003efd8f9
Instruction ID: 1d3072dbc70cd22520912935d1bcc5a4efb900ec23e8fc916e99929a3ff78793
Opcode Fuzzy Hash: 87fe8fddad753837f7054077f48cbf3a164f18976e91db57b51c2f0003efd8f9
Instruction Fuzzy Hash: A0116DB0A01380ABCB12EF266CD4479BFA6B70EB84364843EE508E2251D73C58C5CF78

Function 004294D0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 183memoryCOMMON

Download Yara Rule

APIs

GetStockObject.GDI32(0000000F), ref: 00429524
GetObjectA.GDI32(?,00000018,?), ref: 00429537
GlobalAlloc.KERNEL32(00000002,00000028), ref: 004295A6
GlobalFix.KERNEL32(00000000), ref: 004295C4
GetDIBits.GDI32(?,?,00000000,?,00000000,00000000,00000000), ref: 004295F3
GlobalUnWire.KERNEL32(00000000), ref: 00429649
GlobalReAlloc.KERNEL32(00000000,?,00000002), ref: 00429652
GlobalFix.KERNEL32(00000000), ref: 0042965F
GetDIBits.GDI32(?,?,00000000,?,00000000,00000000,00000000), ref: 00429682
GlobalUnWire.KERNEL32(00000000), ref: 0042969C
GlobalFree.KERNEL32(00000000), ref: 004296A3

Part of subcall function 006C939D: __EH_prolog.LIBCMT ref: 006C93A2

Strings

(, xrefs: 0042954A

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocBitsObjectWire$FreeH_prologStock
String ID: (
API String ID: 1902819324-3887548279
Opcode ID: 10ca9d12b3a764e32efa38f0110799140c2190136c7ba371c38418023f45576c
Instruction ID: 62c084b14caa3af962220292f967a227415bdfaccf66295771d7a844e5387012
Opcode Fuzzy Hash: 10ca9d12b3a764e32efa38f0110799140c2190136c7ba371c38418023f45576c
Instruction Fuzzy Hash: F7616972A053509FC320DF54DC89B6BBBE9FB88710F14491EFA8597290DB75AC048BA6

Function 004118C0 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 430COMMON

Download Yara Rule

APIs

Part of subcall function 006C9493: __EH_prolog.LIBCMT ref: 006C9498
Part of subcall function 006C9493: BeginPaint.USER32(?,?,?,?,004113B9), ref: 006C94C1

Part of subcall function 006C9044: GetClipBox.GDI32(?,?), ref: 006C904B

IsRectEmpty.USER32(?), ref: 00411907
GetClientRect.USER32(?,?), ref: 0041191F
InflateRect.USER32(?,?,?), ref: 004119DD
IntersectRect.USER32(?,?,?), ref: 00411A47
CreateRectRgn.GDI32(?,?,?,?), ref: 00411A61
FillRgn.GDI32(?,?,?), ref: 00411C20
GetCurrentObject.GDI32(?,00000006), ref: 00411C9F

Part of subcall function 006C8BEB: GetStockObject.GDI32(?), ref: 006C8BF4
Part of subcall function 006C8BEB: SelectObject.GDI32(?,00000000), ref: 006C8C0E
Part of subcall function 006C8BEB: SelectObject.GDI32(?,00000000), ref: 006C8C19

OffsetRect.USER32(?,00000001,00000001), ref: 00411D7D
OffsetRect.USER32(?,00000002,00000002), ref: 00411E11
OffsetRect.USER32(?,00000001,00000001), ref: 00411DC4

Part of subcall function 006C8DBB: SetTextColor.GDI32(?,?), ref: 006C8DD5
Part of subcall function 006C8DBB: SetTextColor.GDI32(?,?), ref: 006C8DE3

Strings

|eu, xrefs: 00411C3B
Tyn, xrefs: 00411A71, 00411BD7, 00411E94, 00411B8D, 00411A75

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Object$Offset$ColorSelectText$BeginClientClipCreateCurrentEmptyFillH_prologInflateIntersectPaintStock
String ID: Tyn$|eu
API String ID: 4264835570-176633075
Opcode ID: 45beca86ddc085770a13ba3ee9d85b7bdb5895e056aadb299dc60310c60f3a22
Instruction ID: c18bd87c82d77fb56877c910b67dfe38ecd0171455bc7525eb3d3487d1d3daca
Opcode Fuzzy Hash: 45beca86ddc085770a13ba3ee9d85b7bdb5895e056aadb299dc60310c60f3a22
Instruction Fuzzy Hash: 970248715087809FC324DF65C884BABB7E9EF98300F404D1EF19687290EB74E989CB66

Function 004408E0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 331threadCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00440A4B
CreateSemaphoreA.KERNEL32(00000000,00000014,00000014,00000000), ref: 00440A60
RtlInitializeCriticalSection.NTDLL(?), ref: 00440A8B
CreateThread.KERNEL32(00000000,00000000,00440CC0,?,00000004,?), ref: 00440AC0
RtlEnterCriticalSection.NTDLL(00767898), ref: 00440AD2
RtlLeaveCriticalSection.NTDLL(00767898), ref: 00440C85
ResumeThread.KERNEL32(?), ref: 00440C93
ReleaseSemaphore.KERNEL32(?,00000014,00000000), ref: 00440CA5

Strings

data, xrefs: 00440985
WAVE, xrefs: 00440921, 00440938
RIFF, xrefs: 004408F4, 00440908
fmt , xrefs: 00440964

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateCriticalSection$SemaphoreThread$EnterEventInitializeLeaveReleaseResume
String ID: RIFF$WAVE$data$fmt
API String ID: 1802393137-4212202414
Opcode ID: 1de16911c4931bc9a074002cba451c572edd6502eb53224af9cfa995e2bdf20c
Instruction ID: 4f2d3c38de89b0f769e552779914f08134354c76302bb1a7fcf032647e500f74
Opcode Fuzzy Hash: 1de16911c4931bc9a074002cba451c572edd6502eb53224af9cfa995e2bdf20c
Instruction Fuzzy Hash: E0B1F2B1A043019BE714DF24DC85B2B73E6FB88748F14462EFA4697381E678ED11CB99

Function 00414060 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 130stringprocessCOMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,?), ref: 004140F8
lstrcat.KERNEL32(?,\shell\open\command), ref: 00414137
lstrlen.KERNEL32(?), ref: 0041418C
lstrcat.KERNEL32(00000000,006F9D30), ref: 004141D5
lstrcat.KERNEL32(00000000,?), ref: 004141DD
WinExec.KERNEL32(?,?), ref: 004141E5

Part of subcall function 006C283C: InterlockedDecrement.KERNEL32(-000000F4), ref: 006C2850

Strings

open, xrefs: 004140F1
|eu, xrefs: 0041407B
.htm, xrefs: 00414110
"%1", xrefs: 0041415B
mailto:, xrefs: 004140C6
\shell\open\command, xrefs: 00414131

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: lstrcat$DecrementExecExecuteInterlockedShelllstrlen
String ID: "%1"$.htm$\shell\open\command$mailto:$open$|eu
API String ID: 51986957-4265919381
Opcode ID: 255755ba57f1a1fc1321b75305ada0a702d07b53651bb4ffe4eeb5f6ab4d10af
Instruction ID: 8379f070ec6d122dc2f96ea7f51ba910bf0af988d133ea7e857c85aeae98b36e
Opcode Fuzzy Hash: 255755ba57f1a1fc1321b75305ada0a702d07b53651bb4ffe4eeb5f6ab4d10af
Instruction Fuzzy Hash: 5841E432244302ABC324DB65DC85FABB3E5EFD4750F104A1DF95593280EB34AD85CB66

Function 0042ADE0 Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 405COMMON

Download Yara Rule

APIs

InflateRect.USER32(?,?,?), ref: 0042AE86

Part of subcall function 0042ABB0: SetRect.USER32(?,00000000,00000032,00000032,?), ref: 0042AC99
Part of subcall function 0042ABB0: OffsetRect.USER32(?,?,?), ref: 0042ACA6
Part of subcall function 0042ABB0: IntersectRect.USER32(?,?,?), ref: 0042ACC2
Part of subcall function 0042ABB0: IsRectEmpty.USER32(?), ref: 0042ACCD

InflateRect.USER32(?,?,?), ref: 0042AEF9
CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 0042B0FD
GetClipRgn.GDI32(?,00000000), ref: 0042B10C
CreatePolygonRgn.GDI32 ref: 0042B18A
SelectClipRgn.GDI32(?,?), ref: 0042B26D
CreatePolygonRgn.GDI32(?,00000005,00000002), ref: 0042B290
SelectClipRgn.GDI32(?,?), ref: 0042B311
DeleteObject.GDI32(?), ref: 0042B327

Strings

Tyn, xrefs: 0042B19A, 0042B27E, 0042B2A0, 0042B1A0, 0042B2A6
gfff, xrefs: 0042AFED

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClipCreate$InflatePolygonSelect$DeleteEmptyIntersectObjectOffset
String ID: Tyn$gfff
API String ID: 1105800552-3067879463
Opcode ID: 130f0a4bc840a50d28004b183b0e185b08f0b61d8a6f0656306055e7158a220b
Instruction ID: 88171282bfead136ff005dd59e2a34a6490613dcca3a44938039eb203e6e2ad3
Opcode Fuzzy Hash: 130f0a4bc840a50d28004b183b0e185b08f0b61d8a6f0656306055e7158a220b
Instruction Fuzzy Hash: 92F118B06083419FD324CF19D980B6BBBE6FBC8704F508A1EF99987391DB74A905CB52

Function 0042B7A0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 366COMMON

Download Yara Rule

APIs

SelectObject.GDI32(00000000,?), ref: 0042B856
SelectObject.GDI32(?,00000000), ref: 0042B879
SelectObject.GDI32(00000000,?), ref: 0042B8A5
DeleteDC.GDI32(00000000), ref: 0042B8B2
SelectObject.GDI32(?,?), ref: 0042B8BA
DeleteDC.GDI32(?), ref: 0042B8C1
DeleteObject.GDI32(?), ref: 0042B8C7

Strings

, xrefs: 0042B9C3
(, xrefs: 0042BB5F
(, xrefs: 0042B9AC

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$Delete
String ID: $($(
API String ID: 4028988585-3669016180
Opcode ID: 70bb4fd2ad03cb6c3dbfda33d8becf3fc04bef3a6c97dc354c6d51935c7cf04e
Instruction ID: a4847acdf7cc59ae3bd087b3721148f3cb14a0a6c66778fa1b243f1f733c6ff0
Opcode Fuzzy Hash: 70bb4fd2ad03cb6c3dbfda33d8becf3fc04bef3a6c97dc354c6d51935c7cf04e
Instruction Fuzzy Hash: 18D148B1A043019FC710CF25D884A6BBBE9EFD8310F54492EF99697360D775E844CBA6

Function 0041CC30 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 310libraryregistryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?), ref: 0041CD14
LoadLibraryA.KERNEL32(?,?,00000000,?,?,?,006F61D0), ref: 0041CD51
GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 0041CD87
FreeLibrary.KERNEL32(00000000), ref: 0041CD92
FreeLibrary.KERNEL32(00000000), ref: 0041CDA0
LoadTypeLib.OLEAUT32(00000000,00000000), ref: 0041CEAD
RegisterTypeLib.OLEAUT32(00000000,00000000), ref: 0041CEE2
UnRegisterTypeLib.OLEAUT32(?,00000000,00000000,00000000,00000001), ref: 0041CFC3

Strings

DllRegisterServer, xrefs: 0041CD79
DllUnregisterServer, xrefs: 0041CD80, 0041CD85
|eu, xrefs: 0041CDEE

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$LoadType$FreeRegister$AddressProc
String ID: DllRegisterServer$DllUnregisterServer$|eu
API String ID: 3854050662-370403494
Opcode ID: 2822a11cf40371c7dbeadb767378ebfa79263b5616b088c737d922adc762d254
Instruction ID: 3ce5fc89bff06892a902760331c29b1aed5fd1b1d6c18fdfec107e69000fa390
Opcode Fuzzy Hash: 2822a11cf40371c7dbeadb767378ebfa79263b5616b088c737d922adc762d254
Instruction Fuzzy Hash: 51B1B171940209ABDB10DBA4CC85FFE77A9EF44314F10852EFC15A7281DB34AE46CBA4

Function 0042BBE0 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 305windowCOMMON

Download Yara Rule

APIs

SetStretchBltMode.GDI32(?,00000000), ref: 0042BBF4
GetObjectA.GDI32(?,00000018,?), ref: 0042BCD2
StretchBlt.GDI32(?,000000FF,?,?,?,?,00000000,00000000,?,?,00660046), ref: 0042BD9F
StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,008800C6), ref: 0042BDD9
StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 0042BE13
SelectObject.GDI32(00000000,?), ref: 0042BE98
StretchBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?), ref: 0042BEDB
SelectObject.GDI32(00000000,?), ref: 0042BEE7
DeleteDC.GDI32(00000000), ref: 0042BEEE
DrawIconEx.USER32(?,?,?,?,?,?,00000000,00000000,00000003), ref: 0042BF2D

Strings

<yn, xrefs: 0042BCF8, 0042BE5D, 0042BD06

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Stretch$Object$Select$DeleteDrawIconMode
String ID: <yn
API String ID: 2323559851-2261207814
Opcode ID: 80b4e3347e3a361fea6c6b508980f36e47a55223780598ee090fe2f2c4bdd07b
Instruction ID: 674b449658915cab4e5c103f693e29c74d20fdf415a40be29fe88fd9238b77b4
Opcode Fuzzy Hash: 80b4e3347e3a361fea6c6b508980f36e47a55223780598ee090fe2f2c4bdd07b
Instruction Fuzzy Hash: 27B11671204705AFD360DB64DC85F7BB7EAEB88710F108A1DF6A587290DB34EC058BA6

Function 00411F30 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMON

Download Yara Rule

APIs

Part of subcall function 0042B7A0: SelectObject.GDI32(00000000,?), ref: 0042B856
Part of subcall function 0042B7A0: SelectObject.GDI32(?,00000000), ref: 0042B879
Part of subcall function 0042B7A0: SelectObject.GDI32(00000000,?), ref: 0042B8A5
Part of subcall function 0042B7A0: DeleteDC.GDI32(00000000), ref: 0042B8B2
Part of subcall function 0042B7A0: SelectObject.GDI32(?,?), ref: 0042B8BA
Part of subcall function 0042B7A0: DeleteDC.GDI32(?), ref: 0042B8C1

__ftol.LIBCMT ref: 00412055
__ftol.LIBCMT ref: 00412062
CreateRectRgn.GDI32(00000000,?,00000000,?), ref: 004120D4
CombineRgn.GDI32(?,?,Tyn,00000004), ref: 004120FA
SetRect.USER32(?,00000000,?,?,?), ref: 00412146
IntersectRect.USER32(?,?,?), ref: 0041215E
IsRectEmpty.USER32(?), ref: 00412189
CreateRectRgn.GDI32(00000000,?,?,00000000), ref: 0041222E
CombineRgn.GDI32(?,?,Tyn,00000004), ref: 00412254

Strings

Tyn, xrefs: 00412245, 004120EB, 004120F7, 00412251

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ObjectSelect$CombineCreateDelete__ftol$EmptyIntersect
String ID: Tyn
API String ID: 1957208593-3221475742
Opcode ID: 2bded7f8ebdb874a39cd2698b8d2258a126ebfbf6a34782104519c2555635da2
Instruction ID: bdac07daa2890bf0cd07a38087cd196e376e2056d4705b368c5bf40b8bc5eebc
Opcode Fuzzy Hash: 2bded7f8ebdb874a39cd2698b8d2258a126ebfbf6a34782104519c2555635da2
Instruction Fuzzy Hash: CAA16B716083429FC724CF69C984A9BBBE5FBC8740F504A2DF595C7290EB74E848CB96

Function 00435020 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

CopyRect.USER32(?,00000000), ref: 00435097
IsRectEmpty.USER32(?), ref: 004350A2
GetClientRect.USER32(00000000,?), ref: 004350E1
DPtoLP.GDI32(?,?,00000002), ref: 004350F3
LPtoDP.GDI32(?,?,00000002), ref: 00435130
CreateRectRgnIndirect.GDI32(?), ref: 00435148
OffsetRect.USER32(?,?,?), ref: 0043516D
LPtoDP.GDI32(?,?,00000002), ref: 0043517F

Part of subcall function 006C9640: __EH_prolog.LIBCMT ref: 006C9645
Part of subcall function 006C9640: CreatePen.GDI32(?,?,?), ref: 006C9668

Part of subcall function 006C8C27: SelectObject.GDI32(?,00000000), ref: 006C8C49
Part of subcall function 006C8C27: SelectObject.GDI32(?,?), ref: 006C8C5F

Part of subcall function 006C8BEB: GetStockObject.GDI32(?), ref: 006C8BF4
Part of subcall function 006C8BEB: SelectObject.GDI32(?,00000000), ref: 006C8C0E
Part of subcall function 006C8BEB: SelectObject.GDI32(?,00000000), ref: 006C8C19

Part of subcall function 006C8D5F: SetROP2.GDI32(?,?), ref: 006C8D78
Part of subcall function 006C8D5F: SetROP2.GDI32(?,?), ref: 006C8D86

Rectangle.GDI32(?,?,?,?,?), ref: 004351F3

Part of subcall function 006C9054: SelectClipRgn.GDI32(?,00000000), ref: 006C9076
Part of subcall function 006C9054: SelectClipRgn.GDI32(?,?), ref: 006C908C

Part of subcall function 006C962A: DeleteObject.GDI32(00000000), ref: 006C9639

Part of subcall function 006C939D: __EH_prolog.LIBCMT ref: 006C93A2

Strings

Tyn, xrefs: 00435158, 00435228, 00435160

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ObjectSelect$Rect$ClipCreateH_prolog$ClientCopyDeleteEmptyIndirectOffsetRectangleStock
String ID: Tyn
API String ID: 2567930114-3221475742
Opcode ID: ca55a67ce2cc5be1e41b85a575bee6ba99d4606ee0bddf5b267e64038492ba7e
Instruction ID: 70aef4e11f7cc0a10131c1fd0977971d34f5fe6d9b98c6896349c91227956a9f
Opcode Fuzzy Hash: ca55a67ce2cc5be1e41b85a575bee6ba99d4606ee0bddf5b267e64038492ba7e
Instruction Fuzzy Hash: EE614AB1508740AFC314DF65C885E6BBBEAEFC8714F008A1DF59683291DB74E909CB66

Function 006C3682 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 172COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C3687
GetSystemMetrics.USER32(0000002A), ref: 006C3738
GlobalFix.KERNEL32(?), ref: 006C37C2
CreateDialogIndirectParamA.USER32(?,?,?,006C34CA,00000000), ref: 006C37F4

Strings

|eu, xrefs: 006C3707
Helv, xrefs: 006C376C
MS Sans Serif, xrefs: 006C3759
MS Shell Dlg, xrefs: 006C3746

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDialogGlobalH_prologIndirectMetricsParamSystem
String ID: Helv$MS Sans Serif$MS Shell Dlg$|eu
API String ID: 2252606490-3786784628
Opcode ID: 13e3842e622f567842ba44bb5d0d090db28e6dc7c9a86f37902152da323f6d25
Instruction ID: e657530ded712f800a2669d44f6b714a3c91127c33204b70fc923e2e1841b292
Opcode Fuzzy Hash: 13e3842e622f567842ba44bb5d0d090db28e6dc7c9a86f37902152da323f6d25
Instruction Fuzzy Hash: 4F613AB1A0121ADFCF15AFA4D895EFDBBB2EF14305F10802EF505A7291DB748A41CB65

Function 004170F0 Relevance: 16.7, APIs: 11, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetCurrentObject.GDI32(?,00000001), ref: 00417129
GetCurrentObject.GDI32(?,00000002), ref: 00417173
GetCurrentObject.GDI32(?,00000006), ref: 004171BD
GetTextColor.GDI32(?), ref: 004171FC
GetBkMode.GDI32(?), ref: 00417226
GetBkColor.GDI32(?), ref: 00417245
GetBkMode.GDI32(?), ref: 00417268
GetBkColor.GDI32(?), ref: 00417287
GetROP2.GDI32(?), ref: 004172AF
GetStretchBltMode.GDI32(?), ref: 004172D0
GetPolyFillMode.GDI32(?), ref: 004172FC

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Mode$ColorCurrentObject$FillPolyStretchText
String ID:
API String ID: 544274770-0
Opcode ID: edf9e96a215e003f422d8f836735b72b66a6ab63b93b0b3fd2058a0e72934e9a
Instruction ID: 6bbe20a064d07003484ae0d0753ef79f9d3e1d1063374b0c5ca77f05b00293a7
Opcode Fuzzy Hash: edf9e96a215e003f422d8f836735b72b66a6ab63b93b0b3fd2058a0e72934e9a
Instruction Fuzzy Hash: 12511D71214A019BC764DB64CC88FEBB3B6EF84701F144A1DE66B87290DF34B885CB54

Function 00429060 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 368windowCOMMON

Download Yara Rule

APIs

CreatePopupMenu.USER32 ref: 004291DE
AppendMenuA.USER32(?,?,00000000,?), ref: 00429341
AppendMenuA.USER32(?,00000000,00000000,?), ref: 00429379
ModifyMenuA.USER32(?,00000000,00000000,00000000,00000000), ref: 00429397
AppendMenuA.USER32(?,?,00000000,?), ref: 004293F5
ModifyMenuA.USER32(?,?,?,?,?), ref: 0042941A
AppendMenuA.USER32(?,?,?,?), ref: 00429462
ModifyMenuA.USER32(?,?,?,?,?), ref: 00429487

Strings

|eu, xrefs: 00429117

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Append$Modify$CreatePopup
String ID: |eu
API String ID: 3846898120-2588889719
Opcode ID: 3225f3507d499e7ff256c80e9dd4a03648cd2a78c990fbf11d4e658f81874e17
Instruction ID: 12bbb6a0622e60fe4e530fb7d3bb748d82826c928684a4e1d2219985027bc44c
Opcode Fuzzy Hash: 3225f3507d499e7ff256c80e9dd4a03648cd2a78c990fbf11d4e658f81874e17
Instruction Fuzzy Hash: 6FD1BC71A083618BD314DF19D884A2BBBE8FF89714F44492DF98593391D778EC05CBAA

Function 0040D2C0 Relevance: 15.3, APIs: 10, Instructions: 324COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0040D2EB
VariantInit.OLEAUT32(00000000), ref: 0040D31A
VariantCopyInd.OLEAUT32(00000000), ref: 0040D322
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 0040D3C5

Part of subcall function 00424C00: RtlAllocateHeap.NTDLL(008A0000,00000000,?), ref: 00424C11

VariantCopyInd.OLEAUT32(?), ref: 0040D5A5
VariantChangeType.OLEAUT32(00000000,?,00000000,?), ref: 0040D5C0

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Variant$CopyInit$AllocateArrayChangeElementHeapSafeType
String ID:
API String ID: 2026756349-0
Opcode ID: 62d33333e957882a5c015b4846da1f4cd48db263e104a68a038f10de86cd9cc9
Instruction ID: 9edf6db56c99f905e0db9f056a7347d7f61b4089d251ab59810ede6f53802b0f
Opcode Fuzzy Hash: 62d33333e957882a5c015b4846da1f4cd48db263e104a68a038f10de86cd9cc9
Instruction Fuzzy Hash: BBD15975908341DFC314DF99D880A6ABBE5FF88314F10892EF89997390D738E949CB96

Function 0040DB20 Relevance: 15.3, APIs: 10, Instructions: 301COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0040DB72
VariantClear.OLEAUT32 ref: 0040DBF5
SafeArrayPutElement.OLEAUT32 ref: 0040DC6F
VariantClear.OLEAUT32(?), ref: 0040DC7E
VariantCopyInd.OLEAUT32 ref: 0040DD01
VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 0040DE55
VariantClear.OLEAUT32 ref: 0040DE60

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Variant$Clear$ArrayChangeCopyElementInitSafeType
String ID:
API String ID: 2581279852-0
Opcode ID: 9439911d67e28e3c03e12e01735586101d5574dd340dad89e45b32f65dad981f
Instruction ID: 3ef5ca4dce57f79dea9eebe5c4e211749325cda0436eaa5d3ad778ca2421d5dc
Opcode Fuzzy Hash: 9439911d67e28e3c03e12e01735586101d5574dd340dad89e45b32f65dad981f
Instruction Fuzzy Hash: 73B1D4359047028BC714DF59D88466BB7E4EF94304F14493FE889AB3A0E778E94ECB5A

Function 00428650 Relevance: 15.3, APIs: 10, Instructions: 288COMMON

Download Yara Rule

APIs

CreateSolidBrush.GDI32(00FFFFFF), ref: 004287AF
GetWindowRect.USER32(?), ref: 004287D9
GetStockObject.GDI32(00000005), ref: 00428807
LoadCursorA.USER32(00000000,00007F00), ref: 00428815
GetWindowRect.USER32(?,?), ref: 00428883
GetWindowRect.USER32(?,?), ref: 00428894
GetWindowRect.USER32(?,?), ref: 004288A9
GetSystemMetrics.USER32(00000001), ref: 004288BF
GetWindowRect.USER32(?,?), ref: 0042894A
OffsetRect.USER32(?,00000000,00000001), ref: 00428964

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$BrushCreateCursorLoadMetricsObjectOffsetSolidStockSystem
String ID:
API String ID: 3805611468-0
Opcode ID: 42be0f13103be3c2135957df0dea85264af95a8d2e5d22ff0ff1b0b98c278606
Instruction ID: b7f54774da3564fea536f1ef458210216ff13713dacd883a8e1aba564bdbfae9
Opcode Fuzzy Hash: 42be0f13103be3c2135957df0dea85264af95a8d2e5d22ff0ff1b0b98c278606
Instruction Fuzzy Hash: FFA19CB0704701AFD754EF64C885F7FB7E6EB84704F50492DF29A9B280DB78A8058B5A

Function 0041C490 Relevance: 15.3, APIs: 10, Instructions: 281libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?), ref: 0041C4F7
LoadLibraryA.KERNEL32(?,?,?), ref: 0041C5E7
LoadLibraryA.KERNEL32(?,?), ref: 0041C62D
LoadLibraryA.KERNEL32(?,?,?,00000001), ref: 0041C675
LoadLibraryA.KERNEL32(00000001), ref: 0041C68B
GetProcAddress.KERNEL32(00000000,?), ref: 0041C69D
FreeLibrary.KERNEL32(00000000), ref: 0041C730

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$Load$AddressProc$Free
String ID:
API String ID: 3120990465-0
Opcode ID: 916735937200c22a6b393742d750f1367d81c87aa07ec3d8f18ab9c9ce469ead
Instruction ID: dfcaf8cd375027a9ff23fe367727a2f5a9bcc5b1ab2a3241b414ff7e66b6c2c2
Opcode Fuzzy Hash: 916735937200c22a6b393742d750f1367d81c87aa07ec3d8f18ab9c9ce469ead
Instruction Fuzzy Hash: 3FA1D1B5A40702ABC710EF64C8D1FABB3A9FF94314F04462EF85587341DB38A945CB99

Function 00426F00 Relevance: 15.2, APIs: 10, Instructions: 179COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00426F1D
GetWindowRect.USER32(?,?), ref: 00426F2C
IntersectRect.USER32(?,?,?), ref: 00426F85
EqualRect.USER32(?,?), ref: 00426FB5
GetWindowRect.USER32(?,?), ref: 00426FD3
OffsetRect.USER32(?,?,?), ref: 0042704A
OffsetRect.USER32(?,?,00000000), ref: 00427064
OffsetRect.USER32(?,?,00000000), ref: 0042707C
OffsetRect.USER32(?,00000000,?), ref: 00427096
OffsetRect.USER32(?,00000000,?), ref: 004270AE

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$Window$EqualIntersect
String ID:
API String ID: 2638238157-0
Opcode ID: da3b8755b6b6649ac02500e01e1d13a120db085091660b66f38b46d6d12e3148
Instruction ID: b39042caef2496bb0b16b88c706f3dd1eae8988012330548aeb81c8d62c32076
Opcode Fuzzy Hash: da3b8755b6b6649ac02500e01e1d13a120db085091660b66f38b46d6d12e3148
Instruction Fuzzy Hash: BE5109716083129FC708CF28D98096BBBE9EBC8744F404A2EF985D3354DA74ED49CB62

Function 004166D0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 316windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0041670F
CreateRectRgn.GDI32(00000000,00000000,00000001,?), ref: 00416830
SetRect.USER32(?,00000000,00000000,00000001,?), ref: 00416859

Part of subcall function 00411F30: __ftol.LIBCMT ref: 00412055
Part of subcall function 00411F30: __ftol.LIBCMT ref: 00412062

FillRgn.GDI32(?,?,?), ref: 004168D6
PatBlt.GDI32(?,00000000,00000000,00000001,?,00F00021), ref: 00416949

Part of subcall function 004101C0: GetSysColor.USER32(0000000F), ref: 004101CD

Part of subcall function 006C9690: __EH_prolog.LIBCMT ref: 006C9695
Part of subcall function 006C9690: CreateSolidBrush.GDI32(?), ref: 006C96B2

GetObjectA.GDI32(?,00000018,?), ref: 004169C5

Strings

Tyn, xrefs: 00416840, 00416844
<yn, xrefs: 004167AF, 004167B9

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Create__ftol$BrushClientColorFillH_prologObjectSolid
String ID: <yn$Tyn
API String ID: 522557250-3901928856
Opcode ID: 7bde987aa19c33f2ffc223461f4294fddc1864f52d9f783449fee08b38a5a1f6
Instruction ID: c73accc2478324ed6ae12c13a0aa137d2a0c0f89caa96065130e024b8a41da9d
Opcode Fuzzy Hash: 7bde987aa19c33f2ffc223461f4294fddc1864f52d9f783449fee08b38a5a1f6
Instruction Fuzzy Hash: B4C189712083419FD360DB64C885FABB7E9EF94744F00891DF18AD3291EB74E889CB66

Function 006B668A Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000001), ref: 006B66F7
GetStdHandle.KERNEL32(000000F4,006E9788,00000000,?,00000000,00000001), ref: 006B67CD
WriteFile.KERNEL32(00000000), ref: 006B67D4

Strings

<program name unknown>, xrefs: 006B6707
Microsoft Visual C++ Runtime Library, xrefs: 006B67A3
Runtime Error!Program: , xrefs: 006B675D
..., xrefs: 006B6749
p|u, xrefs: 006B6698

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $p|u
API String ID: 3784150691-645870229
Opcode ID: 6eb29d07eab9863ae947c2116c29cbc2fd7401ca17b1532ec88b233afb93651f
Instruction ID: bb9b269cb1d314364469de7e552b742fe0c9ecfbe517f25b0f969627fe9ce92e
Opcode Fuzzy Hash: 6eb29d07eab9863ae947c2116c29cbc2fd7401ca17b1532ec88b233afb93651f
Instruction Fuzzy Hash: D031D2B2A412186FDF24EB70DC45FEA337EEF45304F1004AAF544E6150EAB4AAC4CB25

Function 006BDD6F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,006B67AE,?,Microsoft Visual C++ Runtime Library,00012010,?,006E9788,?,006E97D8,?,?,?,Runtime Error!Program: ), ref: 006BDD81
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 006BDD99
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 006BDDAA
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 006BDDB7

Strings

GetLastActivePopup, xrefs: 006BDDAC
MessageBoxA, xrefs: 006BDD93
user32.dll, xrefs: 006BDD7C
GetActiveWindow, xrefs: 006BDDA4

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: 5276683572275e0b9ae9d62e63f5d36c258cc1e2cb8d291547cfeedd00a101f4
Instruction ID: 5744f8b04dafd4ed1dd1f21515da34bae60544f115ec5ff3ba65193316951e12
Opcode Fuzzy Hash: 5276683572275e0b9ae9d62e63f5d36c258cc1e2cb8d291547cfeedd00a101f4
Instruction Fuzzy Hash: CF0175B16413025FCB11DFB99C829E73BEA9F5C790300443EB548D6171EA7488819F60

Function 004226F0 Relevance: 13.9, APIs: 9, Instructions: 387windowCOMMON

Download Yara Rule

APIs

IsChild.USER32(?,?), ref: 00422728
GetParent.USER32(?), ref: 004227B9
IsWindow.USER32(?), ref: 004228EB
IsWindowVisible.USER32(?), ref: 004228FD

Part of subcall function 006C6CEC: IsWindowEnabled.USER32(?), ref: 006C6CF6

GetParent.USER32(?), ref: 0042294E
IsChild.USER32(?,?), ref: 0042296E
GetParent.USER32(?), ref: 00422B17
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00422B34
IsWindow.USER32(?), ref: 00422B8F

Part of subcall function 00418D90: IsChild.USER32(?,?), ref: 00418E0D
Part of subcall function 00418D90: GetParent.USER32(?), ref: 00418E27

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ParentWindow$Child$EnabledMessageSendVisible
String ID:
API String ID: 2452671399-0
Opcode ID: 193ab48897e8473068de41cfb0f44b06ecfcdf05a5ccc54ea46b290311abff85
Instruction ID: fca4ea9984d248cbddcfe6182c9a7f639d80e0c7b0d92ff4bdd90947f30d8ea8
Opcode Fuzzy Hash: 193ab48897e8473068de41cfb0f44b06ecfcdf05a5ccc54ea46b290311abff85
Instruction Fuzzy Hash: CCE1DE71604361AFC720DF24D980B6BB7E5BF84704F840A2EF98697391DB78E845CB96

Function 006BE5AF Relevance: 13.7, APIs: 9, Instructions: 221COMMON

Download Yara Rule

APIs

CompareStringW.KERNEL32(00000000,00000000,006E99FC,00000001,006E99FC,00000001,00000000,008711CC,006BD44E,0000000C,?,0040CA9D,?,0000000B,0000000B), ref: 006BE5ED
CompareStringA.KERNEL32(00000000,00000000,006E99F8,00000001,006E99F8,00000001,?,006BD78A), ref: 006BE60A
CompareStringA.KERNEL32(?,?,00000000,006BD78A,?,0000000B,00000000,008711CC,006BD44E,0000000C,?,0040CA9D,?,0000000B,0000000B), ref: 006BE668
GetCPInfo.KERNEL32(0000000B,00000000,00000000,008711CC,006BD44E,0000000C,?,0040CA9D,?,0000000B,0000000B,?,006BD78A), ref: 006BE6B9
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,0000000B,00000000,00000000,?,006BD78A), ref: 006BE738
MultiByteToWideChar.KERNEL32(?,00000001,00000000,0000000B,?,?,?,006BD78A), ref: 006BE799
MultiByteToWideChar.KERNEL32(00000000,00000009,?,00000000,00000000,00000000,?,006BD78A), ref: 006BE7AC
MultiByteToWideChar.KERNEL32(?,00000001,?,00000000,?,00000000,?,006BD78A), ref: 006BE7F8
CompareStringW.KERNEL32(?,?,00000000,00000000,?,00000000,?,00000000,?,006BD78A), ref: 006BE810

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharCompareMultiStringWide$Info
String ID:
API String ID: 1651298574-0
Opcode ID: 41c5d3f792e4b0e79312b41997cf79397748f8d20c715536d8bc7603db2c250c
Instruction ID: 38c4dc17dcdebcf82cdbed173899e8f97b612b49f39b6f2fe80c70d088a78f6c
Opcode Fuzzy Hash: 41c5d3f792e4b0e79312b41997cf79397748f8d20c715536d8bc7603db2c250c
Instruction Fuzzy Hash: CF71AFB2900259AFCF219F94DC429EE7FBBEF19350F14412AF950A2260D7378C91DBA1

Function 0043E930 Relevance: 13.7, APIs: 9, Instructions: 185windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0043E95E
FillRect.USER32(?,?,00000000), ref: 0043E9BE
FillRect.USER32(?,?,00000000), ref: 0043EA2E

Part of subcall function 006C9690: __EH_prolog.LIBCMT ref: 006C9695
Part of subcall function 006C9690: CreateSolidBrush.GDI32(?), ref: 006C96B2

FillRect.USER32(?,?,00000000), ref: 0043EAA5
SelectObject.GDI32(00000000,?), ref: 0043EAE3
SetStretchBltMode.GDI32(?,00000000), ref: 0043EB15
StretchBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0043EB48
SelectObject.GDI32(00000000,?), ref: 0043EB7F
DeleteDC.GDI32(00000000), ref: 0043EB8C

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Fill$ObjectSelectStretch$BrushClientCreateDeleteH_prologModeSolid
String ID:
API String ID: 3514727852-0
Opcode ID: 50beb364039e33806c895a4f043504cfd0f856ab4422911838c1c7d9e7ad6bf9
Instruction ID: 6e7b92894bb992a3143c5352061575bdc680d934ebcd47bd361b9f6476952192
Opcode Fuzzy Hash: 50beb364039e33806c895a4f043504cfd0f856ab4422911838c1c7d9e7ad6bf9
Instruction Fuzzy Hash: 866108752057019FD764DF62C994F6BB7E9EF88710F009A1EF99A83280DB34E905CB25

Function 006B9BB4 Relevance: 13.7, APIs: 9, Instructions: 177COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,006E99FC,00000001,00000000,00000000,00000100,00000001,?), ref: 006B9BF6
LCMapStringA.KERNEL32(00000000,00000100,006E99F8,00000001,00000000,00000000), ref: 006B9C12
LCMapStringA.KERNEL32(?,?,?,?,00000001,?,00000100,00000001,?), ref: 006B9C5B
MultiByteToWideChar.KERNEL32(?,00000002,?,?,00000000,00000000,00000100,00000001,?), ref: 006B9C93
MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,?,00000000), ref: 006B9CEB
LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000), ref: 006B9D01
LCMapStringW.KERNEL32(?,?,00000001,00000000,00000001,?), ref: 006B9D34
LCMapStringW.KERNEL32(?,?,?,?,?,00000000), ref: 006B9D9C

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID:
API String ID: 352835431-0
Opcode ID: 09c9f8e2158c0455c9a7c5a5b551873c094eaa653a5b73030dc269c3826f7d8c
Instruction ID: 369f23b26220357881fd014e51518e3f03d473d2dcb74835b15de8642234e48d
Opcode Fuzzy Hash: 09c9f8e2158c0455c9a7c5a5b551873c094eaa653a5b73030dc269c3826f7d8c
Instruction Fuzzy Hash: 4F517FB1900609AFCF228F96CC45AEE7FBAFF49754F20411AFA15A5260D7358D90DF60

Function 00426CB0 Relevance: 13.6, APIs: 9, Instructions: 118COMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 00426CB6
ClientToScreen.USER32(?,?), ref: 00426CF3
OffsetRect.USER32(?,?,?), ref: 00426D1C
GetParent.USER32(?), ref: 00426D22

Part of subcall function 006C9199: ScreenToClient.USER32(?,?), ref: 006C91AD
Part of subcall function 006C9199: ScreenToClient.USER32(?,?), ref: 006C91B6

GetClientRect.USER32(?,?), ref: 00426D45
OffsetRect.USER32(?,?,00000000), ref: 00426D63
OffsetRect.USER32(?,?,00000000), ref: 00426D7B
OffsetRect.USER32(?,00000000,?), ref: 00426D99
OffsetRect.USER32(?,00000000,?), ref: 00426DB9

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$Client$Screen$CaptureParent
String ID:
API String ID: 838496554-0
Opcode ID: 7e237175aa1b84d894f12105ac41cc3767fb902bb7c3f5b35d458ea3e4d262cc
Instruction ID: 7283ba092b7fb653c172872ecd8c9689e486430dff6f5b13b1707300a78edd3f
Opcode Fuzzy Hash: 7e237175aa1b84d894f12105ac41cc3767fb902bb7c3f5b35d458ea3e4d262cc
Instruction Fuzzy Hash: A7410B75604305AFD708DF68D984D7BB3E9EBC8700F00891EF585C3250DB74ED488A66

Function 006C3966 Relevance: 13.6, APIs: 9, Instructions: 113COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C396B
FindResourceA.KERNEL32(?,00000000,00000005), ref: 006C39A3
LoadResource.KERNEL32(?,00000000,?,?,?,00000000), ref: 006C39AB

Part of subcall function 006C47A6: UnhookWindowsHookEx.USER32(?), ref: 006C47CB

LockResource.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 006C39B8
IsWindowEnabled.USER32(?), ref: 006C39EB
EnableWindow.USER32(?,00000000), ref: 006C39F9
EnableWindow.USER32(?,00000001), ref: 006C3A87
GetActiveWindow.USER32 ref: 006C3A92
SetActiveWindow.USER32(?,?,?,00000000,?,?,?,00000000), ref: 006C3AA0

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Resource$ActiveEnable$EnabledFindH_prologHookLoadLockUnhookWindows
String ID:
API String ID: 401145483-0
Opcode ID: 8644c3fd05b13932f89cd1605ed5800cef39f4d752c959a3c8d273ba021ea065
Instruction ID: 2e85a79f8f1aa52f0dbf3bc642e3a02d15a31c8707716eb9a9ea4793df49744f
Opcode Fuzzy Hash: 8644c3fd05b13932f89cd1605ed5800cef39f4d752c959a3c8d273ba021ea065
Instruction Fuzzy Hash: 74416D709006259FCB21AFA4C949FBEBBB7EF44711F10411EF542A23A1CB755E41CBA5

Function 004244E0 Relevance: 13.6, APIs: 9, Instructions: 85windowCOMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,?,00000001,?,?,?,?), ref: 004244FA
GetTopWindow.USER32(?), ref: 00424500
IsWindowVisible.USER32(00000000), ref: 00424511
GetWindowLongA.USER32(00000000,000000EC), ref: 00424522
GetClientRect.USER32(00000000,?), ref: 00424575
IntersectRect.USER32(?,?,?), ref: 0042458A
IsRectEmpty.USER32(?), ref: 00424595
InvalidateRect.USER32(00000000,00000000,00000000,?,?,?,?), ref: 004245A6
GetWindow.USER32(00000000,00000002), ref: 004245AB

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$Invalidate$ClientEmptyIntersectLongVisible
String ID:
API String ID: 938479747-0
Opcode ID: ff5a3766cfe8c45c66eaba74b0ff52a8abd6799060929a7c8d15aadbc97a5706
Instruction ID: ca6cedb9f14fac304af602b52b41062a243e8ce5601fa3b63253aaac2dd6163d
Opcode Fuzzy Hash: ff5a3766cfe8c45c66eaba74b0ff52a8abd6799060929a7c8d15aadbc97a5706
Instruction Fuzzy Hash: 8921A271601312AFC310DF65E885E6BB7EDFF88314B04491EF54193240DB34DE898BA5

Function 00425D60 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 181windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C9493: __EH_prolog.LIBCMT ref: 006C9498
Part of subcall function 006C9493: BeginPaint.USER32(?,?,?,?,004113B9), ref: 006C94C1

Part of subcall function 006C9044: GetClipBox.GDI32(?,?), ref: 006C904B

IsRectEmpty.USER32(?), ref: 00425DAD
GetSysColor.USER32(0000000F), ref: 00425DBE

Part of subcall function 006C9690: __EH_prolog.LIBCMT ref: 006C9695
Part of subcall function 006C9690: CreateSolidBrush.GDI32(?), ref: 006C96B2

Part of subcall function 006C8C27: SelectObject.GDI32(?,00000000), ref: 006C8C49
Part of subcall function 006C8C27: SelectObject.GDI32(?,?), ref: 006C8C5F

PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00425E08
GetClientRect.USER32(?,?), ref: 00425E21
LoadBitmapA.USER32(?,?), ref: 00425E58
GetObjectA.GDI32(?,00000018,?), ref: 00425EA7

Strings

<yn, xrefs: 00425F91, 00425E75

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$H_prologRectSelect$BeginBitmapBrushClientClipColorCreateEmptyLoadPaintSolid
String ID: <yn
API String ID: 4061870766-2261207814
Opcode ID: d254c8cf5d90e9458a1a6d710540753827e215235a9b4f90eda21da75da01706
Instruction ID: d9797907412cbcdaafff123d7366bd7f094f07ddfa87cacf617bf624db16cd85
Opcode Fuzzy Hash: d254c8cf5d90e9458a1a6d710540753827e215235a9b4f90eda21da75da01706
Instruction Fuzzy Hash: 53616B722093819FD364DF64C849FABBBE9FBD5710F058A1DF59983280DB749908CB62

Function 004162C0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON

Download Yara Rule

APIs

Part of subcall function 006C9493: __EH_prolog.LIBCMT ref: 006C9498
Part of subcall function 006C9493: BeginPaint.USER32(?,?,?,?,004113B9), ref: 006C94C1

Part of subcall function 006C9044: GetClipBox.GDI32(?,?), ref: 006C904B

GetClientRect.USER32(?,?), ref: 0041630E
IntersectRect.USER32(?,?,?), ref: 00416326
IsRectEmpty.USER32(?), ref: 00416356
GetObjectA.GDI32(?,00000018,?), ref: 0041638D
IntersectRect.USER32(?,?,?), ref: 00416408
IsRectEmpty.USER32(?), ref: 00416413
DPtoLP.GDI32(?,?,00000002), ref: 004164D6
IsWindow.USER32(?), ref: 00416538

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$EmptyIntersect$BeginClientClipH_prologObjectPaintWindow
String ID:
API String ID: 611846025-0
Opcode ID: fa709ddca52e8bda617dbc8c505ac9e47c75b2115c9bb32e49bce42669a83574
Instruction ID: c91e131412130e5b61473641d916da17f57f4d3cb223ca6ce5d2cacd0eb287d1
Opcode Fuzzy Hash: fa709ddca52e8bda617dbc8c505ac9e47c75b2115c9bb32e49bce42669a83574
Instruction Fuzzy Hash: FF81FAB15087459FC324DF64C884EABB7E9FB88704F018A1EF59A83250DB34E949CB56

Function 00413F40 Relevance: 12.1, APIs: 8, Instructions: 55COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00413F5C
PtInRect.USER32(?,?,?), ref: 00413F71
ReleaseCapture.USER32 ref: 00413F81
InvalidateRect.USER32(?,00000000,00000000), ref: 00413F8F
GetCapture.USER32 ref: 00413F9F
SetCapture.USER32(?), ref: 00413FAA
InvalidateRect.USER32(?,00000000,00000000), ref: 00413FCB
SetCapture.USER32(?), ref: 00413FD5

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CaptureRect$Invalidate$ClientRelease
String ID:
API String ID: 3559558096-0
Opcode ID: b7c601d95e12de6eb2f443c37f3d4a8d4cf3344675167c6f665ec5f2c6088a1e
Instruction ID: 4636af604aa710753f91957f3a845a931565e42aaee751f8b3ffe665dae3ec92
Opcode Fuzzy Hash: b7c601d95e12de6eb2f443c37f3d4a8d4cf3344675167c6f665ec5f2c6088a1e
Instruction Fuzzy Hash: 4A112576900610AFD760AF649C89F9B77E9EF48306F008A1EF582D7250DB34E9858BA5

Function 0040E4F0 Relevance: 10.8, APIs: 7, Instructions: 319COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0040E54A
VariantCopyInd.OLEAUT32(?,?), ref: 0040E55B
VariantClear.OLEAUT32(?), ref: 0040E8FB

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Variant$ClearCopyInit
String ID:
API String ID: 1785138364-0
Opcode ID: e06bf3b858d8a2f1aa92ec83dd2dd82798fc5d80af3204ac56284409c0376828
Instruction ID: 6fe29491de103ed9366b84a41ab8cb57e7deb443c425071d0dcb575c04290e7d
Opcode Fuzzy Hash: e06bf3b858d8a2f1aa92ec83dd2dd82798fc5d80af3204ac56284409c0376828
Instruction Fuzzy Hash: 5EC1B075A083118FD320DF5AD58066BB7E4EB85700F148D3EE981A7390E63ADC52DB97

Function 00418780 Relevance: 10.8, APIs: 7, Instructions: 268windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 004187BD
GetParent.USER32(?), ref: 004187CF
SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 004187F7
GetWindowRect.USER32(?,?), ref: 00418881
InvalidateRect.USER32(?,?,00000001,?), ref: 004188A4
GetWindowRect.USER32(?,?), ref: 00418A6C
InvalidateRect.USER32(?,?,00000001,?), ref: 00418A8D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$Invalidate$MessageParentSend
String ID:
API String ID: 236041146-0
Opcode ID: ecc89a64369b7dacb1e7cf434a659801595cf398ee13453bd0233dee8f7022b7
Instruction ID: 0a3e18fc9ce9d573d86f0b6435e66d0c3194704d7beda7d1ed95a2841620c102
Opcode Fuzzy Hash: ecc89a64369b7dacb1e7cf434a659801595cf398ee13453bd0233dee8f7022b7
Instruction Fuzzy Hash: BD91E5716003055BD724EF25C841FAB73E9EF84358F08062EF9459B392DB38ED858B9A

Function 0042ABB0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

SetRect.USER32(?,00000000,00000032,00000032,?), ref: 0042AC99
OffsetRect.USER32(?,?,?), ref: 0042ACA6
IntersectRect.USER32(?,?,?), ref: 0042ACC2
IsRectEmpty.USER32(?), ref: 0042ACCD
OffsetRect.USER32(?,?,?), ref: 0042AD0A

Strings

2, xrefs: 0042AC56

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$EmptyIntersect
String ID: 2
API String ID: 765610062-450215437
Opcode ID: 9d4fb676532a65185e96fbd5e87b61d0d6e8ed624afeeb820f7b29b1dbc9e7f9
Instruction ID: 59e22c5f118c93de69d816325fd3c115591769145c6e70e1e6fafca06cc32c67
Opcode Fuzzy Hash: 9d4fb676532a65185e96fbd5e87b61d0d6e8ed624afeeb820f7b29b1dbc9e7f9
Instruction Fuzzy Hash: 646104756083419FD718CF29D884A6BBBE6FBC8354F548A2EF98987320D734E905CB52

Function 004160C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159windowCOMMON

Download Yara Rule

APIs

IsRectEmpty.USER32(?), ref: 004160E2
CreateRectRgn.GDI32 ref: 00416164
GetClientRect.USER32(?,?), ref: 0041618D
FillRgn.GDI32(?,?,?), ref: 00416206
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0041627C

Strings

Tyn, xrefs: 00416178, 0041617C

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClientCreateEmptyFill
String ID: Tyn
API String ID: 97219908-3221475742
Opcode ID: 996167a3c53db3f35584ee664f288dbcb6c10d11ad9a981408182dcaf2acb605
Instruction ID: 468b42ef2090842dfb971a5fea0e2a5581c888d2605fd6d7d0e7c092fcc10b7f
Opcode Fuzzy Hash: 996167a3c53db3f35584ee664f288dbcb6c10d11ad9a981408182dcaf2acb605
Instruction Fuzzy Hash: 6B516AB1604342AFD714DF65C985EABB7E9FF88304F00891DB59583281DB78E849CBA6

Function 006CB0B9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000019F,00000000,00000000), ref: 006CB0DD
GetParent.USER32(?), ref: 006CB0E4

Part of subcall function 006C6B2E: GetWindowLongA.USER32(?,000000F0), ref: 006C6B3A

SendMessageA.USER32(?,00000187,00000000,00000000), ref: 006CB137
SendMessageA.USER32(0000AC84,00000111,?,?), ref: 006CB188
SendMessageA.USER32(?,00000185,00000000,00000000), ref: 006CB213

Strings

, xrefs: 006CB0BA

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$LongParentWindow
String ID:
API String ID: 779260966-3916222277
Opcode ID: 9c20e0c926efc49f38b6f28e520a88a232fee051ada3155e42472e6c12f0eb37
Instruction ID: 9d4931f01420f6dec0a8d781a2c7e9d19fcd17e33bc18e3c3f525f673ca82720
Opcode Fuzzy Hash: 9c20e0c926efc49f38b6f28e520a88a232fee051ada3155e42472e6c12f0eb37
Instruction Fuzzy Hash: E53103B02003586FCA647AB58C92F7F76DFEF85788F15492DF582C2681DF25DD028265

Function 006C649A Relevance: 10.6, APIs: 7, Instructions: 122windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 006C64CE
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 006C64F7
UpdateWindow.USER32(?), ref: 006C6513
SendMessageA.USER32(?,00000121,00000000,?), ref: 006C6539
SendMessageA.USER32(?,0000036A,00000000,00000001), ref: 006C6558
UpdateWindow.USER32(?), ref: 006C659B
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 006C65CE

Part of subcall function 006C6B2E: GetWindowLongA.USER32(?,000000F0), ref: 006C6B3A

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$Window$PeekSendUpdate$LongParent
String ID:
API String ID: 2853195852-0
Opcode ID: 757c98919fd9694ca63445b3b95aa10d7923b26697ce77820f01ad2f413fd147
Instruction ID: fd2c31b83a1335d11a9b3872c888f82712099b71be34664288778e7d583ebb57
Opcode Fuzzy Hash: 757c98919fd9694ca63445b3b95aa10d7923b26697ce77820f01ad2f413fd147
Instruction Fuzzy Hash: 64417F706047419BDB20EF26D848F7BBBEAFBC0B40F604A1EF48286255DB71C945CB5A

Function 004270F0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 006C2C18: lstrlen.KERNEL32(00766E28,0041C85C,00766E28,0041C935,006F9EA0,?,?,?,?,?,?,?,00000000,006D00A8,000000FF), ref: 006C2C29

wsprintfA.USER32 ref: 0042717D
wsprintfA.USER32 ref: 00427199

Strings

- , xrefs: 004271C4
|eu, xrefs: 004271DC
- [, xrefs: 00427118
%d / %d], xrefs: 00427177
?? / %d], xrefs: 00427193

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf$lstrlen
String ID: - $ - [$%d / %d]$?? / %d]$|eu
API String ID: 217384638-2133537544
Opcode ID: 24aaa2566559f56f23d5dfe5804b222b90431d92c0b59d6b17a591fc4a325798
Instruction ID: ad97bc9804e4883e64ce78a29c388519e91dd3a2bafad8c7088a8a42e87497d5
Opcode Fuzzy Hash: 24aaa2566559f56f23d5dfe5804b222b90431d92c0b59d6b17a591fc4a325798
Instruction Fuzzy Hash: 48315C74208301AFD354DB24D991FBBB7E6EF84710F408A1DF89A87391DB75A844CB56

Function 006CAE0A Relevance: 10.6, APIs: 7, Instructions: 94windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006CC64F: __EH_prolog.LIBCMT ref: 006CC654

Part of subcall function 006C6B2E: GetWindowLongA.USER32(?,000000F0), ref: 006C6B3A

SendMessageA.USER32(?,000001A1,00000000,00000000), ref: 006CAE53
SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 006CAE62
SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 006CAE7B
SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 006CAEA3
SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 006CAEB2
SendMessageA.USER32(?,00000198,?,?), ref: 006CAEC8
PtInRect.USER32(?,000000FF,?), ref: 006CAED4

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$H_prologLongRectWindow
String ID:
API String ID: 2846605207-0
Opcode ID: cb2d045ee7054d710d4918da2307ecbad074e59392c0f3279bfe5a9a026a1567
Instruction ID: edd75e727203c39985813ce05662e09b8a3cc4934d1dc9d7b9461dbc163f6b9f
Opcode Fuzzy Hash: cb2d045ee7054d710d4918da2307ecbad074e59392c0f3279bfe5a9a026a1567
Instruction Fuzzy Hash: F3313A70A0020DFFDB11DF94CC81EAEB7FAEF44358B10806AF511A72A1D770AE529B50

Function 006C07CF Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C07D4
GetParent.USER32(?), ref: 006C0811
SendMessageA.USER32(?,00000464,00000104,00000000), ref: 006C0839
GetParent.USER32(?), ref: 006C0862
SendMessageA.USER32(?,00000465,00000104,00000000), ref: 006C087F

Strings

|eu, xrefs: 006C07FD

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageParentSend$H_prolog
String ID: |eu
API String ID: 1056721960-2588889719
Opcode ID: 64b8436464545b565cc9bf86ab817617229522db47031d042c68b0a0b65aec28
Instruction ID: 0ae4b2bb415a1d2e3119cde41bbad50b4b363e3710a74f68f6240f665e440770
Opcode Fuzzy Hash: 64b8436464545b565cc9bf86ab817617229522db47031d042c68b0a0b65aec28
Instruction Fuzzy Hash: 03312071901216EBDF44EBA4CCA5FBEB77AFF40314F10452DE821A72D1DB349A05CA58

Function 006C06F4 Relevance: 10.6, APIs: 7, Instructions: 80windowstringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,?,?,0000000C,?,?,00428AD9,?,-00000001,00000000,?,?,?,006FEB98), ref: 006C06FE
GetFocus.USER32 ref: 006C0719

Part of subcall function 006C47A6: UnhookWindowsHookEx.USER32(?), ref: 006C47CB

IsWindowEnabled.USER32(?), ref: 006C0742
EnableWindow.USER32(?,00000000), ref: 006C0754
EnableWindow.USER32(?,00000001), ref: 006C079D
IsWindow.USER32(?), ref: 006C07A3
SetFocus.USER32(?), ref: 006C07B1

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnableFocus$EnabledHookUnhookWindowslstrlen
String ID:
API String ID: 1607871872-0
Opcode ID: c1d68e85ddbacfa1d349992a132c97c0e42654940db62f75540e029c025765d5
Instruction ID: c71cf812f332a56aa24403091f56edb2f50819f6b1b6e0fd9e5a6ea50be3c9c3
Opcode Fuzzy Hash: c1d68e85ddbacfa1d349992a132c97c0e42654940db62f75540e029c025765d5
Instruction Fuzzy Hash: 79217C71610701ABEB24AB71EC4AFBB7BEAEF40710F00442EF59286252DF75E841CB65

Function 006CD400 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 006CD42E
RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 006CD451
RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 006CD470
RegCloseKey.ADVAPI32(?,?,00000000), ref: 006CD480
RegCloseKey.ADVAPI32(?,?,00000000), ref: 006CD48A

Strings

software, xrefs: 006CD418

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreate$Open
String ID: software
API String ID: 1740278721-2010147023
Opcode ID: 1542bcfcbd1d0f995d426c5a8fee5cffaada6524e4f9db9d9b0a60c6a39efd4b
Instruction ID: 0ec38f4a6eab3061cb7986bb4b2e9eafbce26942ac9b65bc7e7ffd33c8662f8c
Opcode Fuzzy Hash: 1542bcfcbd1d0f995d426c5a8fee5cffaada6524e4f9db9d9b0a60c6a39efd4b
Instruction Fuzzy Hash: 0C11E672D01158FBCB21DB9ACC84DEFFFBDEF85704F1140AAA604A2121D6706E00DBA0

Function 006A9FD6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

GetMonitorInfoA.USER32(00000002,00000000), ref: 006A9FED
SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 006AA014
GetSystemMetrics.USER32(00000000), ref: 006AA02C
GetSystemMetrics.USER32(00000001), ref: 006AA033
lstrcpy.KERNEL32(-00000028,DISPLAY), ref: 006AA057

Strings

DISPLAY, xrefs: 006AA051

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: System$InfoMetrics$MonitorParameterslstrcpy
String ID: DISPLAY
API String ID: 1771318095-865373369
Opcode ID: 24a41ecaf15bc6561d9e5e0a37031be053b4d272a510aecfda907f6ef9e4c31d
Instruction ID: 9bb8562d4a0bc00e61adcbbc4963e528594534615a74be0608eed5f2f1da19a5
Opcode Fuzzy Hash: 24a41ecaf15bc6561d9e5e0a37031be053b4d272a510aecfda907f6ef9e4c31d
Instruction Fuzzy Hash: 6511A7715012249FCF11AFA4DC8499BBFA9EF06758B114057FC059B241D7B1DD80CFA1

Function 006C8839 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 006C8855
GetStockObject.GDI32(0000000D), ref: 006C885D
GetObjectA.GDI32(00000000,0000003C,?), ref: 006C886A
73A0A570.USER32(00000000,?,00000000), ref: 006C8879
MulDiv.KERNEL32(?,00000048,00000000), ref: 006C889C

Strings

System, xrefs: 006C884E, 006C88BD

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Stock$A570
String ID: System
API String ID: 3471348636-3470857405
Opcode ID: e631895852268762ebf1ca4a7a2f1b4a3b9a9189cea3cefd937016e3873ef966
Instruction ID: 6539225abad7a563ce8c3ef78cd85eee7fbb40e583efea60a14d9a13c5a17b16
Opcode Fuzzy Hash: e631895852268762ebf1ca4a7a2f1b4a3b9a9189cea3cefd937016e3873ef966
Instruction Fuzzy Hash: 2C112471A02214AFEB105B91DC45FBE7BA9EB15741F404029F605E71C0DB709D4187A0

Function 0040D7D0 Relevance: 9.3, APIs: 6, Instructions: 265memoryCOMMON

Download Yara Rule

APIs

SafeArrayCreate.OLEAUT32 ref: 0040D8DC
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 0040D901
SafeArrayDestroy.OLEAUT32(00000000), ref: 0040D90C
VariantCopyInd.OLEAUT32(?,?), ref: 0040D965
SysAllocString.OLEAUT32(00000000), ref: 0040DAC8
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 0040DB01

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ArraySafe$Data$AccessAllocCopyCreateDestroyStringUnaccessVariant
String ID:
API String ID: 3584657539-0
Opcode ID: bbe0202348eaa109f3138594137bafe657f9d8598b023bfd04faffb945da7171
Instruction ID: b6f59d7f939e9893052b0a51cd240e267014c4b31044d9c369ae80afcbceeaa0
Opcode Fuzzy Hash: bbe0202348eaa109f3138594137bafe657f9d8598b023bfd04faffb945da7171
Instruction Fuzzy Hash: 9591BF72B082018BE314EF99C89072BB3A2EBC8310F55853FE951A7390D67DDC49CB5A

Function 00422C20 Relevance: 9.2, APIs: 6, Instructions: 176windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00422C71
IsWindow.USER32(?), ref: 00422C86
IsChild.USER32(?,?), ref: 00422C97
SetFocus.USER32(?), ref: 00422CA8
IsWindow.USER32(?), ref: 00422DA0
IsWindowVisible.USER32(?), ref: 00422DAE

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ChildFocusVisible
String ID:
API String ID: 372613587-0
Opcode ID: 4525d9d8d73818d24d149548fef72331245be24eb3c7d9c71e15056ae35278a1
Instruction ID: 22b4b4b1b7326a891af913ba472d487c5b7c337bb409b801a32c147182056102
Opcode Fuzzy Hash: 4525d9d8d73818d24d149548fef72331245be24eb3c7d9c71e15056ae35278a1
Instruction Fuzzy Hash: 0751AA71600305AFC720EF25D980A6BB3E9BF84358F45492EF98597342DB78EC058BA6

Function 006BD5BE Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,006E99FC,00000001,?,00000100,00000001,?), ref: 006BD5FD
GetStringTypeA.KERNEL32(00000000,00000001,006E99F8,00000001,?), ref: 006BD617
GetStringTypeA.KERNEL32(?,?,?,?,?,00000100,00000001,?), ref: 006BD64B
MultiByteToWideChar.KERNEL32(00000001,00000002,?,?,00000000,00000000,00000100,00000001,?), ref: 006BD683
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,?,?), ref: 006BD6D9
GetStringTypeW.KERNEL32(?,?,00000000,?,?,?), ref: 006BD6EB

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID:
API String ID: 3852931651-0
Opcode ID: d8296bd5ea5dc3052b4b565f3fa6c705a87c9c9bc35d279893550ece8c79f9c1
Instruction ID: c739a0668b0aa7fa833b61d833927d331847f89e2ebb450dab04e8e0c16fe125
Opcode Fuzzy Hash: d8296bd5ea5dc3052b4b565f3fa6c705a87c9c9bc35d279893550ece8c79f9c1
Instruction Fuzzy Hash: 5241BFB2901609AFCF218F99DC85DEE7FBAFB08354F10452AF919D6250E7358D90CBA0

Function 006CC3C2 Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(0077C48C,0077C47C,00000000,?,0077C48C,?,006CC62A,0077C47C,00000000,?,00000100,006CC041,006CB93B,006C819B,00000100,006C8134), ref: 006CC3CD
RtlEnterCriticalSection.NTDLL(0077C4A8), ref: 006CC41C
RtlLeaveCriticalSection.NTDLL(0077C4A8), ref: 006CC42F
LocalAlloc.KERNEL32(00000000,00000004,?,006CC62A,0077C47C,00000000,?,00000100,006CC041,006CB93B,006C819B,00000100,006C8134,?,?,00000100), ref: 006CC445
LocalReAlloc.KERNEL32(?,00000004,00000002,?,006CC62A,0077C47C,00000000,?,00000100,006CC041,006CB93B,006C819B,00000100,006C8134,?,?), ref: 006CC457
TlsSetValue.KERNEL32(0077C48C,00000000,00000100,?,?), ref: 006CC493

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocCriticalLocalSectionValue$EnterLeave
String ID:
API String ID: 4117633390-0
Opcode ID: 790ff61bb6c9f12e75481349253691480554e1d30efadf00475f429e11773e94
Instruction ID: 35ebf017f600ff5128aced0834ac06a73321d930c6121b6e1bbbbeee9746dc8f
Opcode Fuzzy Hash: 790ff61bb6c9f12e75481349253691480554e1d30efadf00475f429e11773e94
Instruction Fuzzy Hash: 0D316B71500609EFD728DF19D899FBAB7EAEB45360F00C51DE45AC7650EB70E905CB60

Function 006CA5B2 Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 006CA5E5
GetLastActivePopup.USER32(?), ref: 006CA5F4
IsWindowEnabled.USER32(?), ref: 006CA609
EnableWindow.USER32(?,00000000), ref: 006CA61C
GetWindowLongA.USER32(?,000000F0), ref: 006CA62E
GetParent.USER32(?), ref: 006CA63C

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
String ID:
API String ID: 670545878-0
Opcode ID: 8c353d2ce9d879e5b1186a4ee0a82e3fab0cd95f89fbfe7fe4e04f26e9c6f149
Instruction ID: 3436a0a235e4583f49d63acd0a83869d83a45cec8197c715881002781743da27
Opcode Fuzzy Hash: 8c353d2ce9d879e5b1186a4ee0a82e3fab0cd95f89fbfe7fe4e04f26e9c6f149
Instruction Fuzzy Hash: 9811A332A0222A5787216AEA5D58FBBB39EEF55F59F59421DEC00D3304DF24DC018AA6

Function 00413A10 Relevance: 9.1, APIs: 6, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000002,?), ref: 00413A2B
SendMessageA.USER32(?,00001101,00000000,00000000), ref: 00413A3D
SendMessageA.USER32(?,0000110A,00000002,?), ref: 00413A4B
SendMessageA.USER32(?,0000110A,00000001,?), ref: 00413A5D
SendMessageA.USER32(?,00001101,00000000,00000000), ref: 00413A6F
SendMessageA.USER32(?,0000110A,00000001,?), ref: 00413A7D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 952a19ca2dbbceb1fc0340483fc57381eeac877a40b4d6ea18e59100581060b5
Instruction ID: e8cd876adfaca4c4edc014d4650adfdb0ee4d07ebf49480a490d84e0524f3006
Opcode Fuzzy Hash: 952a19ca2dbbceb1fc0340483fc57381eeac877a40b4d6ea18e59100581060b5
Instruction Fuzzy Hash: 5E0117B27403057AF534DA659CC1FE7A2AD9F98B92F01451AB741DB1C0C5E5EC424670

Function 006C9F7B Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 006C9F7E

Part of subcall function 006C9E20: GetWindowLongA.USER32(00000000,000000F0), ref: 006C9E31

GetParent.USER32(00000000), ref: 006C9FA5

Part of subcall function 006C9E20: GetClassNameA.USER32(00000000,?,0000000A), ref: 006C9E4C
Part of subcall function 006C9E20: lstrcmpiA.KERNEL32(?,combobox), ref: 006C9E5B

GetWindowLongA.USER32(?,000000F0), ref: 006C9FC0
GetParent.USER32(?), ref: 006C9FCE
GetDesktopWindow.USER32 ref: 006C9FD2
SendMessageA.USER32(00000000,0000014F,00000000,00000000), ref: 006C9FE6

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$LongParent$ClassDesktopFocusMessageNameSendlstrcmpi
String ID:
API String ID: 2818563221-0
Opcode ID: cf437ef4f16b392486efbc7729d3d9bec1ece8644990638d731976dbee94a752
Instruction ID: 326df5744bf194335a7ab270c09f34cc3d0e35cfc2625de5696e93160b0a8661
Opcode Fuzzy Hash: cf437ef4f16b392486efbc7729d3d9bec1ece8644990638d731976dbee94a752
Instruction Fuzzy Hash: 18F0D13260162127DB2226245C4CFFFA65FDF81B50F14012DF920E33C19B24CC0184B8

Function 00414230 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 169windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C9493: __EH_prolog.LIBCMT ref: 006C9498
Part of subcall function 006C9493: BeginPaint.USER32(?,?,?,?,004113B9), ref: 006C94C1

Part of subcall function 006C9044: GetClipBox.GDI32(?,?), ref: 006C904B

IsRectEmpty.USER32(?), ref: 00414276
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 004142FD
GetCurrentObject.GDI32(?,00000006), ref: 0041438A
GetClientRect.USER32(?,?), ref: 004143FC

Part of subcall function 006C9505: __EH_prolog.LIBCMT ref: 006C950A
Part of subcall function 006C9505: EndPaint.USER32(?,?,?,?,00411433), ref: 006C9527

Strings

|eu, xrefs: 0041430D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologPaintRect$BeginClientClipCurrentEmptyObject
String ID: |eu
API String ID: 3717962522-2588889719
Opcode ID: dc3a22c616ffea3a128ebe0303b02b17d467ca74e8a43408ea46bf481c69a3c6
Instruction ID: 2d652c1e05bf96db5987ffceb03d78ae7049bfb843aa328ee3ac944159548e82
Opcode Fuzzy Hash: dc3a22c616ffea3a128ebe0303b02b17d467ca74e8a43408ea46bf481c69a3c6
Instruction Fuzzy Hash: CB615A711083819FD364DB64C885FABB7E9EFD9314F00491DF59A83291DB38E949CB62

Function 00410550 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 144windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C6CEC: IsWindowEnabled.USER32(?), ref: 006C6CF6

IsWindowVisible.USER32(?), ref: 0041058A

Part of subcall function 006C4C56: GetWindowTextLengthA.USER32(?), ref: 006C4C63
Part of subcall function 006C4C56: GetWindowTextA.USER32(?,00000000,00000000), ref: 006C4C7B

Part of subcall function 006C0F9E: SendMessageA.USER32(?,00000466,00000000,00000000), ref: 006C0FAA

wsprintfA.USER32 ref: 00410624
SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 00410650
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0041065F

Strings

|eu, xrefs: 004105A8

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend$Text$EnabledLengthVisiblewsprintf
String ID: |eu
API String ID: 1914814478-2588889719
Opcode ID: 64520f245df3df39204898a6a39140c685e72fddc200b5eb3b84e1364aad7555
Instruction ID: b8a39cb98077c8ce13652abf825735632ca16f38f034d3d05019bd10b1035816
Opcode Fuzzy Hash: 64520f245df3df39204898a6a39140c685e72fddc200b5eb3b84e1364aad7555
Instruction Fuzzy Hash: A15155756047019FD324DF14C991BABB7F6FBC8700F10891EE59687780DB78A841CB96

Function 00421510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIcon.SHELL32(00000001), ref: 00421589
DestroyCursor.USER32(?), ref: 00421596
Shell_NotifyIcon.SHELL32 ref: 004215C9

Strings

d, xrefs: 00421539
X, xrefs: 00421527

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: IconNotifyShell_$CursorDestroy
String ID: X$d
API String ID: 3039372612-651813629
Opcode ID: 84a0cba6f2919c95802da70879fad86db620a47383aea55eaee7c901941ae1d4
Instruction ID: 7366b8e5a29b5724f3a61490bce12fb6eed054ef6f1b607c9bdf5b079e93e001
Opcode Fuzzy Hash: 84a0cba6f2919c95802da70879fad86db620a47383aea55eaee7c901941ae1d4
Instruction Fuzzy Hash: FC213875608700AFE310DF15E804B9BBBE5FFD4744F00891EF9C992250DBB599588B92

Function 006B407B Relevance: 7.8, APIs: 5, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdb8df1b34589490919d9a07fb6fcc392bd7ebe55063a418becfeac6ea54f050
Instruction ID: 624ac37245e2d06b105321242d9bc023729497667dae4b1ab81fb94054f8d525
Opcode Fuzzy Hash: cdb8df1b34589490919d9a07fb6fcc392bd7ebe55063a418becfeac6ea54f050
Instruction Fuzzy Hash: 9E9106F2D01118ABCF21AB699C419EE7BBAEF54760F240115F814B6293EF318DC0CBA4

Function 00429810 Relevance: 7.8, APIs: 5, Instructions: 265windowCOMMON

Download Yara Rule

APIs

GetObjectA.GDI32(?,00000018,?), ref: 0042984D
MulDiv.KERNEL32(?,?,00000064), ref: 00429882
MulDiv.KERNEL32(?,?,00000064), ref: 004298AD
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 00429A5B
GlobalFree.KERNEL32(00000000), ref: 00429B23

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FreeGlobalObjectStretch
String ID:
API String ID: 3670910119-0
Opcode ID: a4dfbec74bb9910c719670c33424f35d46bf8e34542127feb94094787d189135
Instruction ID: 9131e5db8081aee6eef8f3b673df1e480472913b152df65c7152aa18512b7ad8
Opcode Fuzzy Hash: a4dfbec74bb9910c719670c33424f35d46bf8e34542127feb94094787d189135
Instruction Fuzzy Hash: 3A91AB71608344AFC320EF65D885F6BB7E9EB95B04F444A1EF69583281DB78EC04CB66

Function 00435B70 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

CopyRect.USER32(?,00000000), ref: 00435BF9
GetClientRect.USER32(00000000,?), ref: 00435C32
DPtoLP.GDI32 ref: 00435C88
GetClientRect.USER32(00000000,?), ref: 00435D5C
DPtoLP.GDI32 ref: 00435DB2

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Client$Copy
String ID:
API String ID: 472922470-0
Opcode ID: ae0228988b173aa8114d01179c942600503038e5a1142a5ff1a85d24a9c0cc3d
Instruction ID: f8bf37a0791ff84c5a15afc587b69f1f73e6eaef5657893effd2ee161a4be5c6
Opcode Fuzzy Hash: ae0228988b173aa8114d01179c942600503038e5a1142a5ff1a85d24a9c0cc3d
Instruction Fuzzy Hash: A48191712087419FC314EF69C495B6FB3E5FBC8708F10691EF19A87281DB78A905CB66

Function 004240A0 Relevance: 7.7, APIs: 5, Instructions: 196windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0042417C
SendMessageA.USER32(?,00008003,00000000,00000000), ref: 00424193
GetWindowRect.USER32(?,00000000), ref: 004241E5
GetClientRect.USER32(?,00000000), ref: 0042423D
GetWindowRect.USER32(?,00000000), ref: 00424261

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow$ClientMessageSend
String ID:
API String ID: 1071774122-0
Opcode ID: f435826add4b06006c8115517dfdb8d5547b63bd05ce650d345ad0986a360b34
Instruction ID: b67debc2da94a03d726fec42d57f3170c847f5f3052977ac3b839bdfa7f05d21
Opcode Fuzzy Hash: f435826add4b06006c8115517dfdb8d5547b63bd05ce650d345ad0986a360b34
Instruction Fuzzy Hash: 3561CF716043119FC720DF65D884A6BBBE9EFD8744F400A2EF98597380DA34ED45CBAA

Function 0040E100 Relevance: 7.7, APIs: 5, Instructions: 158comregistryCOMMON

Download Yara Rule

APIs

LoadTypeLib.OLEAUT32(00000000), ref: 0040E15F

Part of subcall function 00426420: lstrlen.KERNEL32(?,00000000,0040EA1A,?,?), ref: 0042642E

GetUserDefaultLCID.KERNEL32(00000000,?,?,00000001), ref: 0040E19B
LHashValOfNameSys.OLEAUT32(00000001,00000000), ref: 0040E1A4
RegisterTypeLib.OLEAUT32(?,00000000), ref: 0040E209
OleRun.OLE32(00000000), ref: 0040E290

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Type$DefaultHashLoadNameRegisterUserlstrlen
String ID:
API String ID: 2906146520-0
Opcode ID: 4a77e39d93bb1264acd72557479388b5497d2ad5538fb8af73b4fa9e31c254e7
Instruction ID: 16e961c3ad4dd64720a35d928ba49a092286f8fc560f7124bc69ee592d342992
Opcode Fuzzy Hash: 4a77e39d93bb1264acd72557479388b5497d2ad5538fb8af73b4fa9e31c254e7
Instruction Fuzzy Hash: D8517A71204342AFD700DF56DC44F6BB7ECAF84708F04482EF94497290E779E9598B66

Function 00422210 Relevance: 7.6, APIs: 5, Instructions: 104windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 004222E0
WinHelpA.USER32(?,00000000,00000002,00000000), ref: 004222FB
GetMenu.USER32(?), ref: 0042230B
SetMenu.USER32(?,00000000), ref: 00422318
DestroyMenu.USER32(00000000), ref: 00422323

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$DestroyHelpWindow
String ID:
API String ID: 427501538-0
Opcode ID: 5a1207a1e0a5fd61aeaec3ba36a0d7c057c6b9e334846fde52e620e3167a1d00
Instruction ID: 800d69ce26884106fe745e979f9dd278b9159cd4d1300c31aba0ea9352644faa
Opcode Fuzzy Hash: 5a1207a1e0a5fd61aeaec3ba36a0d7c057c6b9e334846fde52e620e3167a1d00
Instruction Fuzzy Hash: 5031F071A00225BBC314EFA2D945E6BB7ACFF45348F45461EF805A3240DB7ABC408BB9

Function 0042E260 Relevance: 7.6, APIs: 5, Instructions: 103synchronizationCOMMON

Download Yara Rule

APIs

midiStreamStop.WINMM(?,00000000,?,?,0042DD2B,00000000,006DB588,?,?,00000000,006D0CE1,000000FF,00419934), ref: 0042E295
midiOutReset.WINMM(?,?,0042DD2B,00000000,006DB588,?,?,00000000,006D0CE1,000000FF,00419934), ref: 0042E2B3
WaitForSingleObject.KERNEL32(?,000007D0,?,0042DD2B,00000000,006DB588,?,?,00000000,006D0CE1,000000FF,00419934), ref: 0042E2D6
midiStreamClose.WINMM(?,?,0042DD2B,00000000,006DB588,?,?,00000000,006D0CE1,000000FF,00419934), ref: 0042E313
midiStreamClose.WINMM(?,?,0042DD2B,00000000,006DB588,?,?,00000000,006D0CE1,000000FF,00419934), ref: 0042E347

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: midi$Stream$Close$ObjectResetSingleStopWait
String ID:
API String ID: 3142198506-0
Opcode ID: 34062fd35f4772f63b37e6eb2eb4a2f66abc104037275531c45be25a7634ec7d
Instruction ID: 5444af799f926d1ce09aa2ad17340e0c2d75a82866c676bc5c56246b83fa5d30
Opcode Fuzzy Hash: 34062fd35f4772f63b37e6eb2eb4a2f66abc104037275531c45be25a7634ec7d
Instruction Fuzzy Hash: F0312F72700761CBCB30DFA6A48455BB7EABB943057544A2FE687C7640CB78EC458B98

Function 006BAADC Relevance: 7.6, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00002020,00758320), ref: 006BAAFD
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,00000001,006BAFA8,?,00000010,?,00000009,00000009,?,006B2DC1,00000010), ref: 006BAB21
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,00000001,006BAFA8,?,00000010,?,00000009,00000009,?,006B2DC1,00000010), ref: 006BAB3B
VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000001,006BAFA8,?,00000010,?,00000009,00000009,?,006B2DC1,00000010,?,00000001), ref: 006BABFC
HeapFree.KERNEL32(00000000,00000000,?,00000001,006BAFA8,?,00000010,?,00000009,00000009,?,006B2DC1,00000010,?,00000001), ref: 006BAC13

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Virtual$AllocFreeHeap$Allocate
String ID:
API String ID: 3000792370-0
Opcode ID: 8ab5061b3ebb668bcdb6b93bd8e82353865957f696edddc46d549aeb51552674
Instruction ID: 0be15c8d02ec7ded032d0e55c3a46b3417bf8efd8d59c1fcfbf69016189a2be1
Opcode Fuzzy Hash: 8ab5061b3ebb668bcdb6b93bd8e82353865957f696edddc46d549aeb51552674
Instruction Fuzzy Hash: DF313AB16407059FD3708F28EC41BE5B7E2E744B55F10813AF566A7390EBB59884C74A

Function 0041E420 Relevance: 7.6, APIs: 5, Instructions: 92windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0041E490
GetMenu.USER32(?), ref: 0041E49F
DestroyAcceleratorTable.USER32(?), ref: 0041E4EC
SetMenu.USER32(?,00000000), ref: 0041E501
DestroyMenu.USER32(?,?,?,0041A8E4,?), ref: 0041E511

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Destroy$AcceleratorTableWindow
String ID:
API String ID: 1240299919-0
Opcode ID: 4bbf5e60bc6156c363eeb47a44bc4bffb0ebfdf097c98a37681e2e89ebe60d6d
Instruction ID: 40ba4a44540405dd9bfa484e654438cf709f03389031f5d7d126741e31fefddd
Opcode Fuzzy Hash: 4bbf5e60bc6156c363eeb47a44bc4bffb0ebfdf097c98a37681e2e89ebe60d6d
Instruction Fuzzy Hash: 3A31D571A002016FC720EF65DC44D6B77A9EF85358F06452EFD0597252EB38EC09C7A4

Function 00423F30 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

IsChild.USER32(?,?), ref: 00423F4C

Part of subcall function 00418D90: IsChild.USER32(?,?), ref: 00418E0D
Part of subcall function 00418D90: GetParent.USER32(?), ref: 00418E27

GetCursorPos.USER32(?), ref: 00423F64
GetClientRect.USER32(?,?), ref: 00423F73
PtInRect.USER32(?,?,?), ref: 00423F94
SetCursor.USER32(?,?,00000000,?,?,?,?,00423BC0), ref: 00424012

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChildCursorRect$ClientParent
String ID:
API String ID: 1110532797-0
Opcode ID: ed5641c9d7e0e5f80e8a136a1aab6a4b71ca8c20546eeec7efbc06993a1542a1
Instruction ID: f8b276a213eb1ff44cb63354f5f7d3c433a4a4c7cb44f60c309b6bd0b3126710
Opcode Fuzzy Hash: ed5641c9d7e0e5f80e8a136a1aab6a4b71ca8c20546eeec7efbc06993a1542a1
Instruction Fuzzy Hash: C821C331B002116BD730EE25EC49F9F73F9EF84715F05091EF945A3280EA38ED8586A9

Function 004108E0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 006C93DF: __EH_prolog.LIBCMT ref: 006C93E4

GetClientRect.USER32 ref: 00410922
GetWindowRect.USER32(?,?), ref: 00410931

Part of subcall function 006C9199: ScreenToClient.USER32(?,?), ref: 006C91AD
Part of subcall function 006C9199: ScreenToClient.USER32(?,?), ref: 006C91B6

OffsetRect.USER32(?,?,?), ref: 0041095C

Part of subcall function 006C90D6: ExcludeClipRect.GDI32(?,?,?,?,?,75A8A5C0,?,?,0041096C,?), ref: 006C90FB
Part of subcall function 006C90D6: ExcludeClipRect.GDI32(?,?,?,?,?,75A8A5C0,?,?,0041096C,?), ref: 006C9110

OffsetRect.USER32(?,?,?), ref: 0041097F
FillRect.USER32(?,?,?), ref: 0041099A

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Client$ClipExcludeOffsetScreen$FillH_prologWindow
String ID:
API String ID: 1774338468-0
Opcode ID: 3f00df7ad9daffcb06e76da5a687d2d7b36115f97473fbf9fdafac245f52699f
Instruction ID: fd76e1ec693d5b3b112ccfb5dffa36118ec1aa7a24d7378ed626b0dbc3af7b9f
Opcode Fuzzy Hash: 3f00df7ad9daffcb06e76da5a687d2d7b36115f97473fbf9fdafac245f52699f
Instruction Fuzzy Hash: 62316DB2208302AFD714DF64C855FABB7E9EB88710F008A1DF49687290DB74E945CB62

Function 00413990 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C0ECD: SendMessageA.USER32(?,0000110C,00000000,00000040), ref: 006C0EEE

SendMessageA.USER32(?,0000110A,00000004,?), ref: 004139B5
SendMessageA.USER32(?,0000110A,00000004,00000000), ref: 004139D5
SendMessageA.USER32(?,00001101,00000000,00000000), ref: 004139E7
SendMessageA.USER32(?,0000110A,00000004,00000000), ref: 004139F5
SendMessageA.USER32(?,00001101,00000000,00000000), ref: 00413A07

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 322463e39b3d8a6a701cb5c4f81685abe39b4551efae60748cc6ef5e3e5eff30
Instruction ID: c4dcd2162ef68a00589ac7681f67be4f36f57bead9a05996fb622788ee0b2916
Opcode Fuzzy Hash: 322463e39b3d8a6a701cb5c4f81685abe39b4551efae60748cc6ef5e3e5eff30
Instruction Fuzzy Hash: 8E01ACB17407057AF634AA668CC1FA7929D9F94B56F00051EF741D71C0CAE5EC414674

Function 006C4E2B Relevance: 7.6, APIs: 5, Instructions: 52stringregistryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C4E30
GetClassInfoA.USER32(?,?,?), ref: 006C4E4B
RegisterClassA.USER32(?), ref: 006C4E56
lstrcat.KERNEL32(00000034,?), ref: 006C4E8D
lstrcat.KERNEL32(00000034,?), ref: 006C4E9B

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Classlstrcat$H_prologInfoRegister
String ID:
API String ID: 106226465-0
Opcode ID: 8eca0d39d018913ba03d6df9e568e62e4cf99da6ea6e35de806ead7ad610b668
Instruction ID: bca960cfd84015aba269f569bd47265929b05a01422ce2d4ffb39cd7f5c5f264
Opcode Fuzzy Hash: 8eca0d39d018913ba03d6df9e568e62e4cf99da6ea6e35de806ead7ad610b668
Instruction Fuzzy Hash: 4311E136A00208BFCB10EFA49841FEE7FBAEF59710F01455EF546A7252CB759A018BA1

Function 006B6418 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000035,0000001D,006B3782,006B7A52,006BE5A6,0000001D,?,00000000), ref: 006B641A
TlsGetValue.KERNEL32(?,00000000), ref: 006B6428
SetLastError.KERNEL32(00000000,?,00000000), ref: 006B6474

Part of subcall function 006B3B76: RtlAllocateHeap.NTDLL(00000008,006B643D,00000000), ref: 006B3C6C

TlsSetValue.KERNEL32(00000000,?,00000000), ref: 006B644C
GetCurrentThreadId.KERNEL32 ref: 006B645D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastValue$AllocateCurrentHeapThread
String ID:
API String ID: 2047054392-0
Opcode ID: 61bbe2f262814a3b3429f29eb6a8779a1e5bdfb221b264e01445077dae94075a
Instruction ID: 0a1c47694e1c50ea8fba0d743729dbdc1a4d913fb93e9746e8b32e1b2875abfc
Opcode Fuzzy Hash: 61bbe2f262814a3b3429f29eb6a8779a1e5bdfb221b264e01445077dae94075a
Instruction Fuzzy Hash: 24F0F671A02B216BC3252B78FC096E93BE6EB017B2711C15EF441D62A0CF788D818764

Function 00427DE0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 244windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00426EC0: InvalidateRect.USER32(?,00000000,00000000), ref: 00426EEA

Part of subcall function 006C4C56: GetWindowTextLengthA.USER32(?), ref: 006C4C63
Part of subcall function 006C4C56: GetWindowTextA.USER32(?,00000000,00000000), ref: 006C4C7B

SendMessageA.USER32(?,000000B0,?,?), ref: 00428062
SendMessageA.USER32(?,000000B1,?,?), ref: 0042809E
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004280AB

Strings

|eu, xrefs: 00427E08

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$TextWindow$InvalidateLengthRect
String ID: |eu
API String ID: 2881497910-2588889719
Opcode ID: 1296b9117e0a31df1e7aa2359e0229f1cfc114e650e3357e0349d5d212a5be49
Instruction ID: 584484bde61c2bdc542586516a16b678d6584a14c59f838aebdca52ef3e15e02
Opcode Fuzzy Hash: 1296b9117e0a31df1e7aa2359e0229f1cfc114e650e3357e0349d5d212a5be49
Instruction Fuzzy Hash: A68106F1608302ABD614DB64EC8197F73E9EB84340F904E2EF55587291EA38DD49C76B

Function 00413CD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00413D0B
SendMessageA.USER32(?,00000187,00000000,00000000), ref: 00413D3D

Part of subcall function 006CAA41: SendMessageA.USER32(?,0000018A,?,00000000), ref: 006CAA59
Part of subcall function 006CAA41: SendMessageA.USER32(?,00000189,?,00000000), ref: 006CAA72

Part of subcall function 006C2C18: lstrlen.KERNEL32(00766E28,0041C85C,00766E28,0041C935,006F9EA0,?,?,?,?,?,?,?,00000000,006D00A8,000000FF), ref: 006C2C29

SendMessageA.USER32(?,00000188,00000000,00000000), ref: 00413D9A

Strings

|eu, xrefs: 00413D1F

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$lstrlen
String ID: |eu
API String ID: 1172434978-2588889719
Opcode ID: 38dfe7463a271bed6a16e79578533d8e3fbbd42285f0fde77b675ca491c72d5e
Instruction ID: d8fdf1ffc2b14cf568a1d4a87b9ec37fab230e5fbd7df3840fb09aca4b14a948
Opcode Fuzzy Hash: 38dfe7463a271bed6a16e79578533d8e3fbbd42285f0fde77b675ca491c72d5e
Instruction Fuzzy Hash: CA317C74244741AFD260DF258881E6BB7F9EBC5750F004A2EF55587280DB34D945CB66

Function 004218D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86windowCOMMON

Download Yara Rule

APIs

DestroyAcceleratorTable.USER32(?), ref: 004218E2
DestroyCursor.USER32(00000000), ref: 00421966
PostQuitMessage.USER32(00000000), ref: 0042199E

Strings

(nv, xrefs: 00421985

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Destroy$AcceleratorCursorMessagePostQuitTable
String ID: (nv
API String ID: 40448814-2332515434
Opcode ID: de1aa1683a66e0df82c148198ca9d91ed0f081d8cba87fa6b5e59672501db06a
Instruction ID: 7d70a652dfbeeb8394cc81c6beeb71cfa8689af70d42fb03075fcc8655bd33d9
Opcode Fuzzy Hash: de1aa1683a66e0df82c148198ca9d91ed0f081d8cba87fa6b5e59672501db06a
Instruction Fuzzy Hash: 4721E5B17002115BD7209F56EC85FAB77A9EF91704F44053FF902DB292EA38EC84C6A9

Function 00414F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(006CF968,00000142,00000000,FFFF0000), ref: 00414FD2
SendMessageA.USER32(006CF968,0000014D,000000FF,00414EF5), ref: 00414FF0
SendMessageA.USER32(006CF968,0000014E,00000000,00000000), ref: 00415003

Strings

|eu, xrefs: 00414F56

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: |eu
API String ID: 3850602802-2588889719
Opcode ID: 3e535cbd74f9ccbcdecc4a54b1c2f2782cc72698e3db3a97961bba749debd359
Instruction ID: 0ed45b61e7d7d7857b046af3dfb125156eeaefd5537ec78d0221aa89d72b1ac6
Opcode Fuzzy Hash: 3e535cbd74f9ccbcdecc4a54b1c2f2782cc72698e3db3a97961bba749debd359
Instruction Fuzzy Hash: 30214F75204701ABC624DB28CC45FABB7EAEBC8720F104B1EF16A933D0DB78A845C755

Function 004110A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,000000B0,?,?), ref: 004110F6

Part of subcall function 006C6BC4: SetWindowTextA.USER32(?,?), ref: 006C6BD2

SendMessageA.USER32(?,000000B1,?,?), ref: 00411113
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00411120

Strings

|eu, xrefs: 004110B8

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$TextWindow
String ID: |eu
API String ID: 1596935084-2588889719
Opcode ID: 4cbd5484d48f9a74f44f5c01fb818794431cf6c6287e44ae63119394ca17c0b3
Instruction ID: 29bee1dfa429b503c26cddcabfb1c3296d58f7a5f0dca82cc534b1f56624ceee
Opcode Fuzzy Hash: 4cbd5484d48f9a74f44f5c01fb818794431cf6c6287e44ae63119394ca17c0b3
Instruction Fuzzy Hash: 202137B1608345AFD320DF29C880A6BB7F9FB89764F404A1EF69993290C774A8458B56

Function 006C0DB6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53stringwindowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C0DBB
SendMessageA.USER32(?,0000110C,00000000,?), ref: 006C0E07
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 006C0E10

Strings

|eu, xrefs: 006C0DD2

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologMessageSendlstrlen
String ID: |eu
API String ID: 3754839358-2588889719
Opcode ID: 7433103f8c932181188bfd2930c04d0ef358806f7da84679220db981ad3307a5
Instruction ID: 7bd2701c962225140a881e2eb3bed7859cf597a899ada63954dbccd92c6d75f0
Opcode Fuzzy Hash: 7433103f8c932181188bfd2930c04d0ef358806f7da84679220db981ad3307a5
Instruction Fuzzy Hash: 93116D72D00119ABCB40DF94D891FEDBBB5FF58320F10812EF815AB291DB709A44CB94

Function 006C9E20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(00000000,000000F0), ref: 006C9E31
GetClassNameA.USER32(00000000,?,0000000A), ref: 006C9E4C
lstrcmpiA.KERNEL32(?,combobox), ref: 006C9E5B

Strings

combobox, xrefs: 006C9E55

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassLongNameWindowlstrcmpi
String ID: combobox
API String ID: 2054663530-2240613097
Opcode ID: e73d65478b76a525374a6acb6f6448d760ee0603cadac77b6974ad3a0ddfa0e4
Instruction ID: dcbadc9a5b9a7d138818cb68a1b5308596046a831106f773efd49c9d476f4549
Opcode Fuzzy Hash: e73d65478b76a525374a6acb6f6448d760ee0603cadac77b6974ad3a0ddfa0e4
Instruction Fuzzy Hash: 59E0653195410DBFCF109F64DC4AFA9376AFB15345F108621B422D61E0DA30E659CB50

Function 0042EBC0 Relevance: 6.2, APIs: 4, Instructions: 246COMMON

Download Yara Rule

APIs

midiStreamOpen.WINMM(?,?,00000001,0042F200,?,00030000,?,?,?,00000000), ref: 0042EBEB
midiStreamProperty.WINMM ref: 0042ECD2
midiOutPrepareHeader.WINMM(?,?,00000040,00000001,?,?,?,?,00000000), ref: 0042EE20

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: midi$Stream$HeaderOpenPrepareProperty
String ID:
API String ID: 2061886437-0
Opcode ID: 4d2fb40ae710af21f7159b056d71ce9c4e2f78f1c24789023eaba9a85ef31d32
Instruction ID: ac53b90abceb82a1a7e12580ca55eeeec6d13907350c4a19451ed1ceb876171b
Opcode Fuzzy Hash: 4d2fb40ae710af21f7159b056d71ce9c4e2f78f1c24789023eaba9a85ef31d32
Instruction Fuzzy Hash: FEA158717006168FD724DF69E890BAAB7F6FB84304F90492EE686C7650EB35F919CB40

Function 0042CCE0 Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0042CCF2
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0042CD4A
__ftol.LIBCMT ref: 0042CE35
__ftol.LIBCMT ref: 0042CE42

Part of subcall function 006C8C27: SelectObject.GDI32(?,00000000), ref: 006C8C49
Part of subcall function 006C8C27: SelectObject.GDI32(?,?), ref: 006C8C5F

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ObjectSelect__ftol$ClientRect
String ID:
API String ID: 2514210182-0
Opcode ID: dcbbc9033c6a9d84ba860abbc1130153d650a7f962c958c9509f447d329b9e79
Instruction ID: 5c5c8a4eb1c1da96f746de4c2c26cd94ebc167a465f82555c8f84e3a8f4ba803
Opcode Fuzzy Hash: dcbbc9033c6a9d84ba860abbc1130153d650a7f962c958c9509f447d329b9e79
Instruction Fuzzy Hash: 7351AAB17083029FC714DF28D88096FBBE5FBC8340F558A2EF88993251DA34DC458B96

Function 0041A9E0 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0041AA54
GetParent.USER32(?), ref: 0041AAA4
IsWindow.USER32(?), ref: 0041AAC4
SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 0041AB3F

Part of subcall function 006C6CC5: ShowWindow.USER32(?,?,004111FE,?), ref: 006C6CD3

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ParentShow
String ID:
API String ID: 2052805569-0
Opcode ID: 3f59e508a47feddc72d0a2bc87c10fb347f9e61d57ef6ad092ef4a356211058f
Instruction ID: e0c240750d8b6d9773bccc53f161192147943e843895d71a58ef03d0725d5fa7
Opcode Fuzzy Hash: 3f59e508a47feddc72d0a2bc87c10fb347f9e61d57ef6ad092ef4a356211058f
Instruction Fuzzy Hash: D141BF716053015BD320DE60DC81BEBB3E5AB44754F04452EFE059B382DB78FC9587AA

Function 0042AA70 Relevance: 6.1, APIs: 4, Instructions: 100COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 0042AADF

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteObject
String ID:
API String ID: 1531683806-0
Opcode ID: d7919aad9911be19212e2d8d2d38dd2b3bd8467349a3ff7c79bc7ad3e28fbf3a
Instruction ID: 6fa4439b0945677ae6e097259fcc40d95e293c17c03d8bb18bfa883e08913d14
Opcode Fuzzy Hash: d7919aad9911be19212e2d8d2d38dd2b3bd8467349a3ff7c79bc7ad3e28fbf3a
Instruction Fuzzy Hash: 2A3159762047419FC310DF69DD85F6BB7E9FB88720F044A1EF5A983281DB38A805CA62

Function 004165C0 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON

Download Yara Rule

APIs

GetMessagePos.USER32 ref: 00416658
ScreenToClient.USER32(?,?), ref: 0041667A
ChildWindowFromPointEx.USER32(?,?,?,00000005), ref: 00416690
GetFocus.USER32 ref: 0041669B

Part of subcall function 006C6D2E: SetFocus.USER32(?,00410669), ref: 006C6D38

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Focus$ChildClientFromMessagePointScreenWindow
String ID:
API String ID: 3117237277-0
Opcode ID: 9d4e75a49919bd5964987139d0f5e74bae6bc67b5eea94ff567c944bbabae83a
Instruction ID: e3730086bea4dca1d295cd0fe628b7876934ef8be1b208d027e2fb200ca7d95f
Opcode Fuzzy Hash: 9d4e75a49919bd5964987139d0f5e74bae6bc67b5eea94ff567c944bbabae83a
Instruction Fuzzy Hash: 1321A531700201AFD724DB24DC45FAB73AAAF80304F05852EF94597385DF38E956C799

Function 00429710 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

GlobalFix.KERNEL32(?), ref: 00429750
GlobalSize.KERNEL32 ref: 00429773
GlobalSize.KERNEL32(?), ref: 004297A3
GlobalUnWire.KERNEL32(?), ref: 004297B3

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Size$Wire
String ID:
API String ID: 2995285337-0
Opcode ID: b0b8135b361166ade9db680fafc1b63e8b54e4904d1bdb4d3c4a7e11efe19e70
Instruction ID: 88eccb62b7b3c05723cb1d7b49cb01efc06265847eb41223a372908fcf08b1ff
Opcode Fuzzy Hash: b0b8135b361166ade9db680fafc1b63e8b54e4904d1bdb4d3c4a7e11efe19e70
Instruction Fuzzy Hash: E6218676E00254ABC710DF99D841B9EFBB9FF48720F00426AE819F3781DB7599408BA5

Function 00416ED0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

StartPage.GDI32(?), ref: 00416F15
EndPage.GDI32(?), ref: 00416F3B

Part of subcall function 00424D90: wsprintfA.USER32 ref: 00424D9F

Part of subcall function 006C6BC4: SetWindowTextA.USER32(?,?), ref: 006C6BD2

UpdateWindow.USER32(?), ref: 00416F8A
EndPage.GDI32(?), ref: 00416FA2

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Page$Window$StartTextUpdatewsprintf
String ID:
API String ID: 104827578-0
Opcode ID: 0b32186862855bdb2517ae573c26b5b76e9db443095ffe192a9981f8a6afc33e
Instruction ID: a5b1fbd3b8042b898615183fffb1c51db213c6f913077c1dab605f0fb442b046
Opcode Fuzzy Hash: 0b32186862855bdb2517ae573c26b5b76e9db443095ffe192a9981f8a6afc33e
Instruction Fuzzy Hash: 9A211071602B009BC325DB79DC88BDBB7E9EFD4705F10881EF49EC6250EA34A4868B59

Function 00411280 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 004112AC
GetParent.USER32(?), ref: 004112C1
SetParent.USER32(?,?), ref: 004112DF
GetWindowRect.USER32(?,?), ref: 004112F4

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Parent$RectWindow
String ID:
API String ID: 2276825053-0
Opcode ID: d701947e899f1b81c5a630e57072d3634ffcdec8d17b6fe3928adcb07a212ba8
Instruction ID: 506a7cf6a7a855c550838fc3e2652a35b400c3f8266fc9d7725e5f314839b809
Opcode Fuzzy Hash: d701947e899f1b81c5a630e57072d3634ffcdec8d17b6fe3928adcb07a212ba8
Instruction Fuzzy Hash: 0B117FB26003065FD724DFA5C885EBBB7AEEB84340F04491EB95683351DA78EC4587B8

Function 00418F50 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 00418F5D

Part of subcall function 00418D90: IsChild.USER32(?,?), ref: 00418E0D
Part of subcall function 00418D90: GetParent.USER32(?), ref: 00418E27

SendMessageA.USER32(00000000,000000F0,00000000,00000000), ref: 00418FB6
SendMessageA.USER32(00000000,000000F1,00000000,00000000), ref: 00418FC6
GetWindow.USER32(00000000,00000002), ref: 00418FCB

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendWindow$ChildParent
String ID:
API String ID: 1043810220-0
Opcode ID: ecfce58e09bb730b66d30838318f3e6c47a6a652b205e71d8d3261621dff67c2
Instruction ID: 9e3dea74737bca2d42e81e771574a58635a629dbd9ab4ce5e3896b398d7134cf
Opcode Fuzzy Hash: ecfce58e09bb730b66d30838318f3e6c47a6a652b205e71d8d3261621dff67c2
Instruction Fuzzy Hash: FC019E3178171237E63152299C46FAB768E5B51B60F15022AF700AB2D0DF68EC8281AC

Function 0043DB00 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0043DB1B
SendMessageA.USER32(?,000083EB,?,00000000), ref: 0043DB45
SendMessageA.USER32(?,000083EC,?,00000000), ref: 0043DB59
SendMessageA.USER32(?,000083E9,?,00000000), ref: 0043DB7C

Part of subcall function 006C6C1A: GetDlgCtrlID.USER32(?), ref: 006C6C24

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CtrlParent
String ID:
API String ID: 1383977212-0
Opcode ID: 9bae004cf078a449faf71d7d916e926b3f0c7829ac84d39128b4bea6d54335d3
Instruction ID: 349fdb8e865d13ce0e26d61267878a43b0989442f77fdc4889651a80a6cf5616
Opcode Fuzzy Hash: 9bae004cf078a449faf71d7d916e926b3f0c7829ac84d39128b4bea6d54335d3
Instruction Fuzzy Hash: 28018FB22006052BD250AAA98CD1F3FB3AEEF88B05F00850EF14187281CE79EC4247AC

Function 006BA63A Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(00000000,00000050,?,00000000), ref: 006BA662
RtlAllocateHeap.NTDLL(00000008,000041C4), ref: 006BA696
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00000000,006BA402,?,?,?,006B2D63,?,?,00000001), ref: 006BA6B0
HeapFree.KERNEL32(00000000,?,?,00000000,006BA402,?,?,?,006B2D63,?,?,00000001), ref: 006BA6C7

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$Allocate$AllocFreeVirtual
String ID:
API String ID: 94566200-0
Opcode ID: b1bf284fb33ffec197b627b55a599c08c1b1916ced792539bd7d648627232fbd
Instruction ID: 02a03c262504c8a80b3a36f4d5b60361b83f0224f45ed39347dad17565a57030
Opcode Fuzzy Hash: b1bf284fb33ffec197b627b55a599c08c1b1916ced792539bd7d648627232fbd
Instruction Fuzzy Hash: 8E1160B1381201DFD7608F69EC49D617BB2FB943207208619F162C21B0E7759C65CF44

Function 006C596B Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 006C5979
SendMessageA.USER32(00000000,?,?,?), ref: 006C59AF
GetTopWindow.USER32(00000000), ref: 006C59BC
GetWindow.USER32(00000000,00000002), ref: 006C59DA

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend
String ID:
API String ID: 1496643700-0
Opcode ID: 839c1578217d3cedede590a6af16ccc6c74d53b1baf557ca3fbf17fad8fcccb7
Instruction ID: e75c465a33951bba64572c245aaf36bcf671cb127c9adaf6317d027a4843e14f
Opcode Fuzzy Hash: 839c1578217d3cedede590a6af16ccc6c74d53b1baf557ca3fbf17fad8fcccb7
Instruction Fuzzy Hash: 32012932001959FBCF126F919C09FEE3B6BEF45360F044059FA0155121DB36D9A1EBA5

Function 006CA7DE Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 006CA80A
RegCloseKey.ADVAPI32(00000000,?,?), ref: 006CA813
wsprintfA.USER32 ref: 006CA82F
WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 006CA848

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClosePrivateProfileStringValueWritewsprintf
String ID:
API String ID: 1902064621-0
Opcode ID: f2373e604cb29b973cd0e2cbcb3e932129fba749a8331acd175ba28cd9ea3809
Instruction ID: 79416ed49c430ed25e121cf338ae1cf48058851cfccc6311b931b80084533cf4
Opcode Fuzzy Hash: f2373e604cb29b973cd0e2cbcb3e932129fba749a8331acd175ba28cd9ea3809
Instruction Fuzzy Hash: 33016272401619BBCB115FA4DC09FFA37AEEF44714F044429BB15A6191EB70D921CB94

Function 006C9259 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

GetWindowExtEx.GDI32(?,004331AA,00000000,?,?,00000000,004331AA,?,?,00000000,?,000000FF,00434FA9,?,00000000,?), ref: 006C926A
GetViewportExtEx.GDI32(?,?,?,?,00000000,004331AA,?,?,00000000,?,000000FF,00434FA9,?,00000000,?,?), ref: 006C9277
MulDiv.KERNEL32(004331AA,00000000,00000000), ref: 006C929C
MulDiv.KERNEL32(0C244C8D,00000000,00000000), ref: 006C92B7

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ViewportWindow
String ID:
API String ID: 1589084482-0
Opcode ID: 58e613e40bfdab243dc4d888d006f10709251d7c4c65e7ee3d7dee0860714078
Instruction ID: 0e2aa8acc9dd8eede4fe5b76301973b7a9761f88a84afc95ac228cf96ba2bacb
Opcode Fuzzy Hash: 58e613e40bfdab243dc4d888d006f10709251d7c4c65e7ee3d7dee0860714078
Instruction Fuzzy Hash: F7F0FBB2800109AFEB116F90DC058BEBBBEEF80210B11442AF95592172EB716D919B54

Function 006C92C2 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

GetWindowExtEx.GDI32(00417933,00000000,00000000,?,00000000,004331B8,?,?,?,00000000,?,000000FF,00434FA9,?,00000000,?), ref: 006C92D3
GetViewportExtEx.GDI32(00417933,?,?,00000000,004331B8,?,?,?,00000000,?,000000FF,00434FA9,?,00000000,?,?), ref: 006C92E0
MulDiv.KERNEL32(?,00000000,00000000), ref: 006C9305
MulDiv.KERNEL32(?,00000000,00000000), ref: 006C9320

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ViewportWindow
String ID:
API String ID: 1589084482-0
Opcode ID: ad8112af34250b617dbd68e6548c1769f3e5b96530f308d748df395e4060ca2d
Instruction ID: ab5352b372d5403d1264d04a8b7faf27011de3c6d74cdbb4a19dae7a52d249ed
Opcode Fuzzy Hash: ad8112af34250b617dbd68e6548c1769f3e5b96530f308d748df395e4060ca2d
Instruction Fuzzy Hash: 95F0FBB2800109AFEB116F90DC058BEBBBEEF80210B11442AF95592172EB716D919B54

Function 006CD2D7 Relevance: 6.0, APIs: 4, Instructions: 36COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.NTDLL(0077C618), ref: 006CD312
RtlInitializeCriticalSection.NTDLL(00000000), ref: 006CD324
RtlLeaveCriticalSection.NTDLL(0077C618), ref: 006CD32D
RtlEnterCriticalSection.NTDLL(00000000), ref: 006CD33F

Part of subcall function 006CD244: GetVersion.KERNEL32(?,006CD2E7,?,006CC670,00000010,?,00000100,?,?,?,006CC057,006CC0BA,006CB93B,006C819B,00000100,006C8134), ref: 006CD257

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$Enter$InitializeLeaveVersion
String ID:
API String ID: 1193629340-0
Opcode ID: bbb11087c5d99882d75f88c024ddb12e3c02da573723337b5c1168972e09c8d5
Instruction ID: 9928da668467367393eb6ca6ccfdd063f2c04867d444d2d9bfed1aa428cd39fa
Opcode Fuzzy Hash: bbb11087c5d99882d75f88c024ddb12e3c02da573723337b5c1168972e09c8d5
Instruction Fuzzy Hash: 9DF03C3140120ADFC711AF65ECC4EA2B36EFB99356B00543EE64982011DB39B5A5CBA9

Function 00413FF0 Relevance: 6.0, APIs: 4, Instructions: 35registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,00000000,00000000), ref: 0041400A
RegQueryValueA.ADVAPI32 ref: 0041402E
lstrcpy.KERNEL32(?,00000000), ref: 00414041
RegCloseKey.ADVAPI32(?), ref: 0041404C

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpenQueryValuelstrcpy
String ID:
API String ID: 534897748-0
Opcode ID: d101c2c219d7dfe13c2437bce3d636ed394eed026455c54bf47ac1ecd5d7a1be
Instruction ID: 78a3c82c7ac1c687832a1f15157f1fb8f32f094a4638c126a043b188de89ee23
Opcode Fuzzy Hash: d101c2c219d7dfe13c2437bce3d636ed394eed026455c54bf47ac1ecd5d7a1be
Instruction Fuzzy Hash: B4F04F75505301BFD324CF51DC88EABBBA9EFC4750F00C91EBA8882290DA70DC44CBA2

Function 0041DAD0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 291COMMON

Download Yara Rule

Strings

<, xrefs: 0041DE5A

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 21a4d607c3c6e76076bec31e30b3841fe697b75a19de2028c00fefa24af25428
Instruction ID: 3c78106de3fd776edc8eaf455dc45c5c4531ee2fdc9a50749319b2f2b8493635
Opcode Fuzzy Hash: 21a4d607c3c6e76076bec31e30b3841fe697b75a19de2028c00fefa24af25428
Instruction Fuzzy Hash: D2B185B19087418BC724CF24C880AABB7E5BFD5711F148A2EF59AD7380DB74D949CB86

Function 006B1552 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 006B15E2

Strings

pow, xrefs: 006B15BA, 006B15D7

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 0de00744150a50031ebdc6bcd73a58a7aa2071632f3d73f4a042256ae9cf57aa
Instruction ID: 6f6b3176a0da7985076810c735f2d71fac4ef92ee75e0d8b1a6235a9fe1fc9dd
Opcode Fuzzy Hash: 0de00744150a50031ebdc6bcd73a58a7aa2071632f3d73f4a042256ae9cf57aa
Instruction Fuzzy Hash: AD5180E1A0C201A6CB157728C8603FA2BD79FC2750F788D59E4D24A3A8EB348DD5D756

Function 0042C000 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

<yn, xrefs: 0042C128, 0042C18E, 0042C132

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: <yn
API String ID: 0-2261207814
Opcode ID: aef8ef16737a3e0c6a62c55c9bffa5598f1272b7263d1cddbb1c2bee185d6738
Instruction ID: 5fbc161e19fe192bc83c4158857306aac4f7a506b6b720c27da99a2026ebbe00
Opcode Fuzzy Hash: aef8ef16737a3e0c6a62c55c9bffa5598f1272b7263d1cddbb1c2bee185d6738
Instruction Fuzzy Hash: E6515CB25083519FC310EF69D885A6FFBE9FB89714F404A2EF19583281DB79D808CB52

Function 00419820 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

RtlDeleteCriticalSection.NTDLL(00767898), ref: 0041985A

Part of subcall function 006C491A: __EH_prolog.LIBCMT ref: 006C491F

Strings

!, xrefs: 00419848
#, xrefs: 00419AD3

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalDeleteH_prologSection
String ID: !$#
API String ID: 3454226681-2504090897
Opcode ID: 710ea329d4357ab54437877be89f366962203f8246f705a624ed0b31c229be68
Instruction ID: f6b9339c74770664c25d909067a3a7398d376210432cebb956a7332a51b4e2c3
Opcode Fuzzy Hash: 710ea329d4357ab54437877be89f366962203f8246f705a624ed0b31c229be68
Instruction Fuzzy Hash: 929160700087818AD311EF78C0957DABFD5AFA9348F54085EE8DA07392DBB5624DCBA6

Function 00420B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138memoryCOMMON

Download Yara Rule

APIs

GlobalUnWire.KERNEL32(00000000), ref: 00420C44
GlobalReAlloc.KERNEL32(00000000,00000000,00000002), ref: 00420C4E

Part of subcall function 006CB7F2: __EH_prolog.LIBCMT ref: 006CB7F7

Part of subcall function 006C283C: InterlockedDecrement.KERNEL32(-000000F4), ref: 006C2850

Strings

|eu, xrefs: 00420B5E, 00420BA3

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocDecrementH_prologInterlockedWire
String ID: |eu
API String ID: 2572417634-2588889719
Opcode ID: 6469a19584b170090014a6673f676086bb283f18743c9ee0a2a923b9ab7b8f08
Instruction ID: 1e983c3c7a6ce5fa9f5774d80a3370e66c0ad80b6af597e9b8e4d27c46298394
Opcode Fuzzy Hash: 6469a19584b170090014a6673f676086bb283f18743c9ee0a2a923b9ab7b8f08
Instruction Fuzzy Hash: DB517A34D02298EEDB10EFA4C955BEDBBB0EF15304F5441AEE80967381DB781B49CB66

Function 00413820 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108windowCOMMON

Download Yara Rule

APIs

Part of subcall function 006C0DB6: __EH_prolog.LIBCMT ref: 006C0DBB
Part of subcall function 006C0DB6: SendMessageA.USER32(?,0000110C,00000000,?), ref: 006C0E07
Part of subcall function 006C0DB6: lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 006C0E10

SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 0041390C
SendMessageA.USER32(?,0000110A,00000003,?), ref: 00413878

Part of subcall function 006C283C: InterlockedDecrement.KERNEL32(-000000F4), ref: 006C2850

Part of subcall function 006C2AD1: __EH_prolog.LIBCMT ref: 006C2AD6

Part of subcall function 006C2A6B: __EH_prolog.LIBCMT ref: 006C2A70

Part of subcall function 006C2975: InterlockedIncrement.KERNEL32(-000000F4), ref: 006C29B8

Strings

|eu, xrefs: 00413838

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologMessageSend$Interlocked$DecrementIncrementlstrlen
String ID: |eu
API String ID: 1725347760-2588889719
Opcode ID: ba2b1bf6cbede05035bb479790aeaa39eec6a7048dc0c56a2c0bf10209a51fae
Instruction ID: 017f8e29bc80319334d62709d306567fb2d78c6e2125d59b0cc93ba88cc19f8e
Opcode Fuzzy Hash: ba2b1bf6cbede05035bb479790aeaa39eec6a7048dc0c56a2c0bf10209a51fae
Instruction Fuzzy Hash: 79419071409381AFD345DBA8C851FABFBE9FF99710F00490DF99543281DBB8A908C766

Function 006C0592 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C0597
lstrcpyn.KERNEL32(?,00000104,00000104,00000100), ref: 006C0684

Strings

|eu, xrefs: 006C05B0

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologlstrcpyn
String ID: |eu
API String ID: 588646068-2588889719
Opcode ID: 448b107b417c75c92b4327be796f18702486a0643320c534352a754b8a8d8659
Instruction ID: 496a06aff90e098836d3347af8f4b70e6cda466333a78bca0a883d3442344998
Opcode Fuzzy Hash: 448b107b417c75c92b4327be796f18702486a0643320c534352a754b8a8d8659
Instruction Fuzzy Hash: 053157B0600705DFE761DF29C881BABBBE2FB45304F00482EE59A87352C774A954CFA4

Function 00410C10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(006CF5A8,000000B1,00000000,000000FF), ref: 00410C9D
SendMessageA.USER32(006CF5A8,000000B7,00000000,00000000), ref: 00410CAC

Strings

|eu, xrefs: 00410C26

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: |eu
API String ID: 3850602802-2588889719
Opcode ID: 50ff6830b41ddaeca92f73030a5f82279eced0e5873821b4113922a98cc1c5ae
Instruction ID: 48ad7dd0c79b4992f6c7c3292a2b672702655c8a18a9f1af9181d345046b4aa9
Opcode Fuzzy Hash: 50ff6830b41ddaeca92f73030a5f82279eced0e5873821b4113922a98cc1c5ae
Instruction Fuzzy Hash: 03115475204701ABD624DB19CC51F6BB7E5EB84720F104B0DF569933D0DBB8A445CB65

Function 00415440 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32 ref: 004154C4
SendMessageA.USER32(006CF988,00000186,00000000,00000000), ref: 004154D7

Strings

|eu, xrefs: 00415456

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: |eu
API String ID: 3850602802-2588889719
Opcode ID: 7714f2ec495eb0bc2f6d30ebeb2907482594f7d47ace704725409e1abb157814
Instruction ID: 0a1e807d9ae54029a8bada1db96fcc3dfcd257133a10ede48c9e106eb0ab4780
Opcode Fuzzy Hash: 7714f2ec495eb0bc2f6d30ebeb2907482594f7d47ace704725409e1abb157814
Instruction Fuzzy Hash: E7114C75104B00ABC224DB28DD51BABB7A9ABC8730F104B0EF56A933D0CB78A845C765

Function 006BD397 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000800,?,006BD36F,?,00000000,00000000,?,00000800,00000000,006BD2EF,?,00000000), ref: 006BD3C1
GetLastError.KERNEL32(?,?,006BBA3B,?,00000000,?,006BB46B,00000000,00000000,00000000), ref: 006BD3CE

Strings

Vv, xrefs: 006BD3DD

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: Vv
API String ID: 2976181284-3647087049
Opcode ID: f168d0714ecd6d573d03c22054c071c094c1b413346d7199dc3cbea0cc024854
Instruction ID: 92fe781eb77ec4b747893faf2b7695e2116d7ca0c334308a18f9efb1ee54e097
Opcode Fuzzy Hash: f168d0714ecd6d573d03c22054c071c094c1b413346d7199dc3cbea0cc024854
Instruction Fuzzy Hash: 03F0F9B521562197CA105B38AC489D937969B86331F21031AF561CB2E2EF30DCD28762

Function 006C9DA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C9DAD
SendMessageA.USER32(?,00000010,00000000,00000000), ref: 006C9E19

Strings

|eu, xrefs: 006C9DD1

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologMessageSend
String ID: |eu
API String ID: 2337391251-2588889719
Opcode ID: d23bbe81806237824c2de4bc0e26be7d12dbe2a9026bba62c512bf01041dc994
Instruction ID: 2ef5fb6c844f6d25c98641e0680d6e4a1361f3b7cc520f6ca1c234a2477e8983
Opcode Fuzzy Hash: d23bbe81806237824c2de4bc0e26be7d12dbe2a9026bba62c512bf01041dc994
Instruction Fuzzy Hash: 8001D470901215AFDB50DF94C806FEE7BA1EF04B10F20450DF544AB292D7B0AA41C794

Function 006C2AD1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 006C2AD6
lstrlen.KERNEL32(?,00000000,?,?,004138C1,?,?,006F61D0,00000000,?,00000000), ref: 006C2AFD

Strings

|eu, xrefs: 006C2ADD

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologlstrlen
String ID: |eu
API String ID: 2133942097-2588889719
Opcode ID: 7005900999939d0a01d2958666807d79d666ecc0b840541177ca1622eb7b7bd2
Instruction ID: 8125045075144ffb8ebcd2603ff56edaf49aca586db43968ed6f86caa94bbf3b
Opcode Fuzzy Hash: 7005900999939d0a01d2958666807d79d666ecc0b840541177ca1622eb7b7bd2
Instruction Fuzzy Hash: D20108B192025AEBCB05DF94C865FFE7776FB08304F10441DF816A6291D7B4AA14CB64

Function 006B2F5B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

RtlLeaveCriticalSection.NTDLL(?), ref: 006B2F83

Part of subcall function 006B8D15: RtlLeaveCriticalSection.NTDLL ref: 006B8D22

Strings

pxu, xrefs: 006B2F68
x, xrefs: 006B2F5F

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalLeaveSection
String ID: pxu$x
API String ID: 3988221542-3867001908
Opcode ID: 5e558a6959c197483ee8c7d60a698a909156f907187c593a80671c8d4a568352
Instruction ID: fb2aa8feda783d9b7220ddf68f81c48f4e0c6ae8e859c60be3509797b022f48c
Opcode Fuzzy Hash: 5e558a6959c197483ee8c7d60a698a909156f907187c593a80671c8d4a568352
Instruction Fuzzy Hash: B1D023F150410207CF1C6E74AC4D4DD337ED5903033240D2AF801C3289CC24D9C0C114

Function 006B2F09 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.NTDLL(?), ref: 006B2F31

Part of subcall function 006B8CB4: RtlInitializeCriticalSection.NTDLL(00000000), ref: 006B8CF1
Part of subcall function 006B8CB4: RtlEnterCriticalSection.NTDLL(00000001), ref: 006B8D0C

Strings

pxu, xrefs: 006B2F16
x, xrefs: 006B2F0D

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$Enter$Initialize
String ID: pxu$x
API String ID: 1229453151-3867001908
Opcode ID: a13974ecf71edd80f54e925ab8df3f87f5a2ac05c3037aeb3c8e26e889dfcd48
Instruction ID: 2ca552cb4af668c876acb957b0ad16aefaf46b12d946f62e8a9f298ae7a2c6c7
Opcode Fuzzy Hash: a13974ecf71edd80f54e925ab8df3f87f5a2ac05c3037aeb3c8e26e889dfcd48
Instruction Fuzzy Hash: ECD022F2A0920207CF2C2F75AE8D5DE26AEE2803033180C2AFC42C2381CD24D9C4C628

Function 00425400 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00425491
wsprintfA.USER32 ref: 004254AB
wsprintfA.USER32 ref: 004254C6

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID:
API String ID: 2111968516-0
Opcode ID: 13fc9772876f717bf23625147dc95c9db895a80a6d716d96a98683934a2333dc
Instruction ID: 1b0797b7152e73dada3652302cc3a9769d253ab7c472efbd7bfcd344e80801d9
Opcode Fuzzy Hash: 13fc9772876f717bf23625147dc95c9db895a80a6d716d96a98683934a2333dc
Instruction Fuzzy Hash: A131E1B19043045BC704EF64E845A6BB7EAEFC5754F400E1DF94693282EB78DE08CAB6

Function 006CE25E Relevance: 5.1, APIs: 4, Instructions: 61stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,?,?,?,0040E24C,?,?), ref: 006CE274
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001,?,?,0040E24C,?,?), ref: 006CE29B
lstrlen.KERNEL32(?,?,?,?,0040E24C,?,?), ref: 006CE2B6
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001,?,?,0040E24C,?,?), ref: 006CE2DD

Memory Dump Source

Source File: 00000000.00000002.3348108208.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.3348026027.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.00000000006F6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000741000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000074E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000075A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000766000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.000000000077A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000780000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3348108208.0000000000782000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3349977065.000000000078B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3350063832.000000000078C000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWidelstrlen
String ID:
API String ID: 3109718747-0
Opcode ID: 1a2db093e44dbbc64672af9d1bbe53f04e25223b7f51617ad24d7f3d30e877be
Instruction ID: f23ecb246a126511c42bd7469d2113c773afe477737a7bddf25124b331707239
Opcode Fuzzy Hash: 1a2db093e44dbbc64672af9d1bbe53f04e25223b7f51617ad24d7f3d30e877be
Instruction Fuzzy Hash: CF110833845206B7DB211B61DC49FAB3FBEEF423B2F210125F91596190DB359A5197A0

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.FileRepMalware.6250.26408.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\TCaptcha[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\c_login_2[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\theme_0[1].css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\007[1].json

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\go_right_ie[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\logo[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\c_login_2[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\icon_3_tiny[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\load[1].gif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\error_icon_ie[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\go_left_ie[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\icon_24_c_3[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\onekey_tips[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\xlogin[1].htm

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.6250.26408.exe

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre